Introduction

Test Result

Result ID Profile Start time End time Benchmark Benchmark version
xccdf_org.open-scap_testresult_xccdf_org.gentoo.dev.swift_profile_default xccdf_org.gentoo.dev.swift_profile_default 2013-12-11 22:02 2013-12-11 22:02 embedded 1

Target info

Targets

  • hpl

Addresses

  • 127.0.0.1
  • 192.168.1.3
  • 192.168.100.1
  • 0:0:0:0:0:0:0:1
  • fe80:0:0:0:f27b:cbff:fe0f:5a3b
  • 2001:db8:81:e2:0:26b5:365b:5072
  • fe80:0:0:0:b41a:26ff:fea4:7de0

Platforms

  • cpe:/o:gentoo:linux

Score

system score max % bar
urn:xccdf:scoring:default 88.89 100.00 88.89%
urn:xccdf:scoring:flat 16.00 19.00 84.21%

Results overview

Rule Results Summary

pass fixed fail error not selected not checked not applicable informational unknown total
16 0 3 0 0 0 0 0 0 19
Title Result
file /etc/ssh/sshd_config may not have a line that matches ^IgnoreRhosts.*no pass
file /etc/ssh/sshd_config may not have a line that matches ^RhostsRSAAuthentication.*yes pass
file /etc/ssh/sshd_config may not have a line that matches ^HostbasedAuthentication.*yes pass
file /etc/ssh/sshd_config may not have a line that matches ^PermitEmptyPasswords.*yes pass
file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*no pass
file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1 pass
file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no pass
file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes pass
file /etc/ssh/sshd_config may not have a line that matches ^StrictMode.*no pass
file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin no pass
file /etc/ssh/sshd_config must have a line that matches ^PasswordAuthentication no pass
file /etc/ssh/sshd_config must have a line that matches ^ChallengeResponseAuthentication no pass
file /etc/ssh/sshd_config must have a line that matches ^AllowGroup pass
file /etc/hosts.allow must have a line that matches ^sshd: fail
file /etc/hosts.deny must have a line that matches ^sshd: ALL fail
file /etc/ssh/sshd_config must have a line that matches ^ListenAddress fail
file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress.*0.0.0.0 pass
file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress[ ]*::$ pass
file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no pass

Results details

Result for file /etc/ssh/sshd_config may not have a line that matches ^IgnoreRhosts.*no

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-def-rhosts

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^IgnoreRhosts.*no

Result for file /etc/ssh/sshd_config may not have a line that matches ^RhostsRSAAuthentication.*yes

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-def-rrsa

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^RhostsRSAAuthentication.*yes

Result for file /etc/ssh/sshd_config may not have a line that matches ^HostbasedAuthentication.*yes

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-def-hostbased

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^HostbasedAuthentication.*yes

Result for file /etc/ssh/sshd_config may not have a line that matches ^PermitEmptyPasswords.*yes

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-def-empty

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^PermitEmptyPasswords.*yes

Result for file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*no

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-def-pam

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^UsePAM.*no

Result for file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-def-protocol

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^Protocol.*1

Result for file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-def-useprivsep

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^UsePrivilegeSeparation.*no

Result for file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-def-nox11fwd

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^X11Forwarding.*yes

Result for file /etc/ssh/sshd_config may not have a line that matches ^StrictMode.*no

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-def-strictmode

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^StrictMode.*no

Result for file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin no

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-norootlogin

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config must have a line that matches ^PermitRootLogin no

Result for file /etc/ssh/sshd_config must have a line that matches ^PasswordAuthentication no

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-nopasswordauth

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config must have a line that matches ^PasswordAuthentication no

Result for file /etc/ssh/sshd_config must have a line that matches ^ChallengeResponseAuthentication no

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-nochallengeresponse

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config must have a line that matches ^ChallengeResponseAuthentication no

Result for file /etc/ssh/sshd_config must have a line that matches ^AllowGroup

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-allowgroup

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config must have a line that matches ^AllowGroup

Result for file /etc/hosts.allow must have a line that matches ^sshd:

Result: fail

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-hostsallow

Time: 2013-12-11 22:02

file /etc/hosts.allow must have a line that matches ^sshd:

Result for file /etc/hosts.deny must have a line that matches ^sshd: ALL

Result: fail

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-hostsdeny

Time: 2013-12-11 22:02

file /etc/hosts.deny must have a line that matches ^sshd: ALL

Result for file /etc/ssh/sshd_config must have a line that matches ^ListenAddress

Result: fail

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-listen

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config must have a line that matches ^ListenAddress

Result for file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress.*0.0.0.0

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-listen4

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress.*0.0.0.0

Result for file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress[ ]*::$

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-listen6

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config may not have a line that matches ^ListenAddress[ ]*::$

Result for file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no

Result: pass

Rule ID: xccdf_org.gentoo.dev.swift_rule_sshd-notcpfwd

Time: 2013-12-11 22:02

file /etc/ssh/sshd_config must have a line that matches ^AllowTcpForwarding.*no