vim
5.9
2011-10-31T12:00:00-04:00
/home is a separate file system
/home is a separate file system
mount point /home is mounted with nosuid option
mount point /home is mounted with nosuid option
mount point /home is mounted with nodev option
mount point /home is mounted with nodev option
mount point /home is mounted with usrquota option
mount point /home is mounted with usrquota option
mount point /home is mounted with grpquota option
mount point /home is mounted with grpquota option
/tmp is a separate file system of type tmpfs
/tmp is a separate file system of type tmpfs
mount point /tmp is mounted with nosuid option
mount point /tmp is mounted with nosuid option
mount point /tmp is mounted with nodev option
mount point /tmp is mounted with nodev option
mount point /tmp is mounted with noexec option
mount point /tmp is mounted with noexec option
file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin.*no
file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin.*no
file /etc/ssh/sshd_config may not have a line that matches ^PubkeyAuthentication.*no
file /etc/ssh/sshd_config may not have a line that matches ^PubkeyAuthentication.*no
file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*yes
file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*yes
file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1.*
file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1.*
file /etc/ssh/sshd_config must have a line that matches ^Allow(Users|Groups).*
file /etc/ssh/sshd_config must have a line that matches ^Allow(Users|Groups).*
file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no
file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no
file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no
file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no
file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes
file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes
file /etc/ssh/sshd_config may not have a line that matches ^StrictModes.*no
file /etc/ssh/sshd_config may not have a line that matches ^StrictModes.*no
file /etc/cron.allow must have a line that matches [a-z0-9]*
file /etc/cron.allow must have a line that matches [a-z0-9]*
file /etc/at.allow must have a line that matches *
file /etc/at.allow must have a line that matches *
sysctl net.ipv4.ip_forward must be 0
sysctl net.ipv4.ip_forward must be 0
sysctl net.ipv4.conf.all.rp_filter must be 1
sysctl net.ipv4.conf.all.rp_filter must be 1
sysctl net.ipv4.conf.default.rp_filter must be 1
sysctl net.ipv4.conf.default.rp_filter must be 1
sysctl net.ipv4.conf.all.accept_source_route must be 0
sysctl net.ipv4.conf.all.accept_source_route must be 0
sysctl net.ipv4.conf.default.accept_source_route must be 0
sysctl net.ipv4.conf.default.accept_source_route must be 0
sysctl net.ipv4.conf.all.accept_redirects must be 0
sysctl net.ipv4.conf.all.accept_redirects must be 0
sysctl net.ipv4.conf.default.accept_redirects must be 0
sysctl net.ipv4.conf.default.accept_redirects must be 0
sysctl net.ipv4.icmp_echo_ignore_broadcasts must be 1
sysctl net.ipv4.icmp_echo_ignore_broadcasts must be 1
sysctl net.ipv4.icmp_ignore_bogus_error_responses must be 1
sysctl net.ipv4.icmp_ignore_bogus_error_responses must be 1
sysctl net.ipv4.conf.all.log_martians must be 1
sysctl net.ipv4.conf.all.log_martians must be 1
sysctl net.ipv4.conf.default.log_martians must be 1
sysctl net.ipv4.conf.default.log_martians must be 1
file /boot/grub/grub.conf must have a line that matches ^password
file /boot/grub/grub.conf must have a line that matches ^password
file /etc/securetty may not have a line that matches (vc|pty)
file /etc/securetty may not have a line that matches (vc|pty)
file /etc/pam.d/system-auth must have a line that matches password.*pam_cracklib.so.*minlen
file /etc/pam.d/system-auth must have a line that matches password.*pam_cracklib.so.*minlen
gentoo variable USE must contain pam
gentoo variable USE must contain pam
gentoo variable USE must contain tcpd
gentoo variable USE must contain tcpd
gentoo variable USE must contain ssl
gentoo variable USE must contain ssl
gentoo variable GCC_SPECS must be
gentoo variable GCC_SPECS must be
gentoo profile must contain hardened
gentoo profile must contain hardened
All world-writeable directories must have the sticky bit set
All world-writeable directories must have the sticky bit set
/home
/tmp
/etc/ssh/sshd_config
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/etc/cron.allow
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/etc/at.allow
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/ip_forward
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/conf/all/rp_filter
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/conf/default/rp_filter
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/conf/all/accept_source_route
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/conf/default/accept_source_route
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/conf/all/accept_redirects
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/conf/default/accept_redirects
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/conf/all/log_martians
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/proc/sys/net/ipv4/conf/default/log_martians
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/boot/grub/grub.conf
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/etc/securetty
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/etc/pam.d/system-auth
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
emerge-info-verbose
^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$
1
/
GENOVAL_SCRIPTOUTPUTDIR
nosuid
nodev
usrquota
grpquota
TMPFS_MAGIC
noexec
^PermitRootLogin.*no
^PubkeyAuthentication.*no
^UsePAM.*yes
^Protocol.*1.*
^Allow(Users|Groups).*
^UsePrivilegeSeparation.*no
^AllowTcpForwarding.*no
^X11Forwarding.*yes
^StrictModes.*no
[a-z0-9]*
*
0
1
^password
(vc|pty)
password.*pam_cracklib.so.*minlen
USE=["]?.*pam.*["]?$
USE=["]?.*tcpd.*["]?$
USE=["]?.*ssl.*["]?$
GCC_SPECS=["]?["]?$
^Portage.*\(.*hardened.*, gcc.*
1