Summary

During OSCAP Scan Result (ID OSCAP-Test-Default) processing which started 2012-07-18 22:12 and ended 2012-07-18 22:12, 19 rule results were recorded.

Result ID: OSCAP-Test-Default

Start time: 2012-07-18 22:12

End time: 2012-07-18 22:12

Profile: Default

Target: hpl

Rule Results Summary

pass 12
fixed 0
fail 5
error 2
not selected 0
not checked 0
not applicable 0
informational 0
unknown 0
total 19

Target Information

Target

  • hpl

Addresses

  • 127.0.0.1
  • 192.168.1.3
  • 192.168.100.1
  • ::1
  • fe80::f27b:cbff:fe0f:5a3b
  • fe80::5c11:25ff:fe30:4cf1

Benchmark Execution Information

Score

system score max bar
urn:xccdf:scoring:default 2.61 100.00
urn:xccdf:scoring:flat 12.00 19.00

Results

Title Result more
file /etc/ssh/sshd_config may not have a line that matches ^IgnoreRhosts.*no pass
file /etc/ssh/sshd_config may not have a line that matches ^RhostsRSAAuthentication.*yes pass
file /etc/ssh/sshd_config may not have a line that matches ^HostbasedAuthentication.*yes pass
file /etc/ssh/sshd_config may not have a line that matches ^PermitEmptyPasswords.*yes pass
file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*no pass
file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1 pass
file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no pass
file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes pass
file /etc/ssh/sshd_config may not have a line that matches ^StrictMode.*no pass
file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin no fail
file /etc/ssh/sshd_config must have a line that matches ^PasswordAuthentication no pass
file /etc/ssh/sshd_config must have a line that matches ^ChallengeResponseAuthentication no fail
file /etc/ssh/sshd_config must have a line that matches ^AllowGroup fail
file /etc/hosts.allow must have a line that matches ^sshd: error
file /etc/hosts.deny must have a line that matches ^sshd: ALL error
file /etc/ssh/sshd_config must have a line that matches ^ListenAddress fail
file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress.*0.0.0.0 pass
file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress[ ]*::$ pass
file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no fail

Result for file /etc/ssh/sshd_config may not have a line that matches ^IgnoreRhosts.*no

Result: pass

Rule ID: rule-sshd-def-rhosts

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^IgnoreRhosts.*no

Result for file /etc/ssh/sshd_config may not have a line that matches ^RhostsRSAAuthentication.*yes

Result: pass

Rule ID: rule-sshd-def-rrsa

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^RhostsRSAAuthentication.*yes

Result for file /etc/ssh/sshd_config may not have a line that matches ^HostbasedAuthentication.*yes

Result: pass

Rule ID: rule-sshd-def-hostbased

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^HostbasedAuthentication.*yes

Result for file /etc/ssh/sshd_config may not have a line that matches ^PermitEmptyPasswords.*yes

Result: pass

Rule ID: rule-sshd-def-empty

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^PermitEmptyPasswords.*yes

Result for file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*no

Result: pass

Rule ID: rule-sshd-def-pam

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*no

Result for file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1

Result: pass

Rule ID: rule-sshd-def-protocol

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1

Result for file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no

Result: pass

Rule ID: rule-sshd-def-useprivsep

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no

Result for file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes

Result: pass

Rule ID: rule-sshd-def-nox11fwd

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes

Result for file /etc/ssh/sshd_config may not have a line that matches ^StrictMode.*no

Result: pass

Rule ID: rule-sshd-def-strictmode

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^StrictMode.*no

Result for file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin no

Result: fail

Rule ID: rule-sshd-norootlogin

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin no

file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin no

pathcontent
/etc/ssh/sshd_configPasswordAuthentication no
/etc/ssh/sshd_configUsePAM yes
/etc/ssh/sshd_configPrintMotd no
/etc/ssh/sshd_configPrintLastLog no
/etc/ssh/sshd_configSubsystem sftp /usr/lib64/misc/sftp-server

Result for file /etc/ssh/sshd_config must have a line that matches ^PasswordAuthentication no

Result: pass

Rule ID: rule-sshd-nopasswordauth

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config must have a line that matches ^PasswordAuthentication no

Result for file /etc/ssh/sshd_config must have a line that matches ^ChallengeResponseAuthentication no

Result: fail

Rule ID: rule-sshd-nochallengeresponse

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config must have a line that matches ^ChallengeResponseAuthentication no

file /etc/ssh/sshd_config must have a line that matches ^ChallengeResponseAuthentication no

pathcontent
/etc/ssh/sshd_configPasswordAuthentication no
/etc/ssh/sshd_configUsePAM yes
/etc/ssh/sshd_configPrintMotd no
/etc/ssh/sshd_configPrintLastLog no
/etc/ssh/sshd_configSubsystem sftp /usr/lib64/misc/sftp-server

Result for file /etc/ssh/sshd_config must have a line that matches ^AllowGroup

Result: fail

Rule ID: rule-sshd-allowgroup

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config must have a line that matches ^AllowGroup

file /etc/ssh/sshd_config must have a line that matches ^AllowGroup

pathcontent
/etc/ssh/sshd_configPasswordAuthentication no
/etc/ssh/sshd_configUsePAM yes
/etc/ssh/sshd_configPrintMotd no
/etc/ssh/sshd_configPrintLastLog no
/etc/ssh/sshd_configSubsystem sftp /usr/lib64/misc/sftp-server

Result for file /etc/hosts.allow must have a line that matches ^sshd:

Result: error

Rule ID: rule-sshd-hostsallow

Time: 2012-07-18 22:12

file /etc/hosts.allow must have a line that matches ^sshd:

Result for file /etc/hosts.deny must have a line that matches ^sshd: ALL

Result: error

Rule ID: rule-sshd-hostsdeny

Time: 2012-07-18 22:12

file /etc/hosts.deny must have a line that matches ^sshd: ALL

Result for file /etc/ssh/sshd_config must have a line that matches ^ListenAddress

Result: fail

Rule ID: rule-sshd-listen

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config must have a line that matches ^ListenAddress

file /etc/ssh/sshd_config must have a line that matches ^ListenAddress

pathcontent
/etc/ssh/sshd_configPasswordAuthentication no
/etc/ssh/sshd_configUsePAM yes
/etc/ssh/sshd_configPrintMotd no
/etc/ssh/sshd_configPrintLastLog no
/etc/ssh/sshd_configSubsystem sftp /usr/lib64/misc/sftp-server

Result for file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress.*0.0.0.0

Result: pass

Rule ID: rule-sshd-listen4

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress.*0.0.0.0

Result for file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress[ ]*::$

Result: pass

Rule ID: rule-sshd-listen6

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress[ ]*::$

Result for file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no

Result: fail

Rule ID: rule-sshd-notcpfwd

Time: 2012-07-18 22:12

file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no

file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no

pathcontent
/etc/ssh/sshd_configPasswordAuthentication no
/etc/ssh/sshd_configUsePAM yes
/etc/ssh/sshd_configPrintMotd no
/etc/ssh/sshd_configPrintLastLog no
/etc/ssh/sshd_configSubsystem sftp /usr/lib64/misc/sftp-server