# (C) 2014 Tenable Network Security, Inc.
#
# This script is released under the Tenable Subscription License and
# may not be used from within scripts released under another license
# without authorization from Tenable Network Security, Inc.
#
# See the following licenses for details:
#
# http://static.tenable.com/prod_docs/Nessus_5_SLA_and_Subscription_Agreement.pdf
# http://static.tenable.com/prod_docs/Subscription_Agreement.pdf
#
# @PROFESSIONALFEED@
#
# $Revision: 1.3 $
# $Date: 2014/08/05 15:23:29 $
#
# Description	: This .audit file is written again the Center for Internet
#		  		  Security benchmark for Red Hat Enterprise Linux 5, version 2.1.0.
#				  For use testing CentOS5. The same benchmark is utilized.	
#		  https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf

<check_type:"Unix">
	
<if>
  <condition type:"AND">
    <custom_item>
      system      : "Linux"
      type        : FILE_CONTENT_CHECK
      description : "CentOS Linux 5 is installed"
      file        : "/etc/redhat-release"
      regex       : "^[\\s]*CentOS release 5"
      expect      : "^[\\s]*CentOS release 5"
    </custom_item>
  </condition>
  <then>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description: "1.1.1 Create Separate Partition for /tmp"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14161-4"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/tmp\\s"
 expect		: "^[\\s]*.*\\s+\/tmp\\s"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description: "1.1.2 Set nodev option for /tmp Partition"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14412-1,CCE|CCE-14161-4"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/tmp\\s"
 expect		: "^[\\s]*.*\\s+\/tmp\\s.*,nodev"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.3 Set nosuid option for /tmp Partition"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14940-1"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/tmp\\s"
 expect		: "^[\\s]*.*\\s+\/tmp\\s.*,nosuid"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.4 Set noexec option for /tmp Partition"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14412-1"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/tmp\\s"
 expect		: "^[\\s]*.*\\s+\/tmp\\s.*,noexec"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.5 Create Separate Partition for /var"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14777-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/var\\s"
 expect		: "^[\\s]*.*\\s+\/var\\s"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.6 Bind Mount the /var/tmp directory to /tmp"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14584-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*\/tmp\\s+\/var/tmp\\s+none\\s+.*"
 expect		: "^[\\s]*\/tmp\\s+\/var/tmp\\s+none\\s+bind\\s+0\\s+0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.7 Create Separate Partition for /var/log"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14011-1"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/var\/log\\s"
 expect		: "^[\\s]*.*\\s+\/var\/log\\s"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.8 Create Separate Partition for /var/log/audit"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14171-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/var\/log/audit\\s"
 expect		: "^[\\s]*.*\\s+\/var\/log/audit\\s"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description: "1.1.9 Create Separate Partition for /home"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14559-9"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/home\\s"
 expect		: "^[\\s]*.*\\s+\/home\\s"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description: "1.1.10 Add nodev Option to /home"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4249-9"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/home\\s"
 expect		: "^[\\s]*.*\\s+\/home\\s.*,nodev"
</custom_item>


<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.11 Add nodev Option to Removable Media Partitions"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-3522-0"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*[\\s]+\/m.*\/(floppy|cdrom|corder)[\\s]"
 expect		: "^[\\s]*.*[\\s]+\/m.*\/(floppy|cdrom|corder)[\\s].*,nodev"
 string_required: NO
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.12 Add noexec Option to Removable Media Partitions"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-4275-4"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*[\\s]+\/m.*\/(floppy|cdrom|corder)[\\s]"
 expect		: "^[\\s]*.*[\\s]+\/m.*\/(floppy|cdrom|corder)[\\s].*,noexec"
 string_required: NO
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.13 Add nosuid Option to Removable Media Partitions"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-4042-8"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*[\\s]+\/m.*\/(floppy|cdrom|corder)[\\s]"
 expect		: "^[\\s]*.*[\\s]+\/m.*\/(floppy|cdrom|corder)[\\s].*,nosuid"
 string_required: NO
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.14 Add nodev Option to /dev/shm Partition"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-15007-8"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/dev\/shm\\s"
 expect		: "^[\\s]*.*\\s+\/dev\/shm\\s.*,nodev"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.15 Add nosuid Option to /dev/shm Partition"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14306-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/dev\/shm\\s"
 expect		: "^[\\s]*.*\\s+\/dev\/shm\\s.*,nosuid"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.1.16 Add noexec Option to /dev/shm Partition"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14927-8"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/fstab"
 regex		: "^[\\s]*.*\\s+\/dev\/shm\\s"
 expect		: "^[\\s]*.*\\s+\/dev\/shm\\s.*,noexec"
</custom_item>

<item>
 name		: "find_world_writeable_directories"
 description	: "1.1.17 Set Sticky Bit on All World-Writable Directories"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3399-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.7 Use the Latest OS Release"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/redhat-release"
 regex		: "^[^#]*Red Hat Enterprise Linux Server"
 expect		: "5\.[4-9]"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.2.3 Verify that gpgcheck is Globally Activated"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14914-6"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/yum.conf"
 regex		: "^[\\s]*gpgcheck\\s*="
 expect		: "^[\\s]*gpgcheck\\s*=\\s*1\\s*$"
</custom_item>

#<custom_item>
# system	: "Linux"
# type		: CMD_EXEC
# description	: "1.2.7 Verify Package Integrity Using RPM"
# info		: "Configuration Level : Level-I"
# info		: "OS Default : N/A"
# info		: "Reboot Required : No"
# info		: "Scorable Item : No"
# reference	: "CCE|CCE-14931-0"
# see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
# cmd		: "/bin/rpm -qVa | /bin/awk '$2 != \"c\" { print $0 }'"
# expect	: ""
# dont_echo_cmd	: YES
# severity	: HIGH
#</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "1.5.1 Set User/Group Owner on /etc/grub.conf"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4144-2,CCE|CCE-4197-0"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/grub.conf"
 owner		: "root"
 group		: "root"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "1.5.2 Set Permissions on /etc/grub.conf"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "  CCE|CCE-3923-0"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/grub.conf"
 mask		: "177"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.5.3 Set Boot Loader Password"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3818-2"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/grub.conf"
 regex		: "^[\\s]*password --md5 .+"
 expect		: "password --md5 .+"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.5.4 Require Authentication for Single-User Mode"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4241-6"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/inittab"
 regex		: "^[\\s]*~:S:wait:/sbin/sulogin"
 expect		: "~:S:wait:/sbin/sulogin\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.5.5 Disable Interactive Boot"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4245-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysconfig/init"
 regex		: "^[\\s]*PROMPT\\s*="
 expect		: "^[\\s]*PROMPT\\s*=\\s*[nN][oO]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.6.1 Restrict Core Dumps '/etc/security/limits.conf - * hard core 0'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/security/limits.conf"
 regex		: "^\\*\\s+hard\\s+core"
 expect		: "^\\*\\s+hard\\s+core\\s+0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.6.1 Restrict Core Dumps '/etc/sysctl.conf - fs.suid_dumpable = 0'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*fs.suid_dumpable\\s*="
 expect		: "^[\\s]*fs.suid_dumpable\\s*=\\s*0"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.6.2 Configure ExecShield 'kernel.exec-shield = 1'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4168-1"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*kernel\.exec-shield\\s"
 expect		: "^[\\s]*kernel\.exec-shield\\s*=\\s*1\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.6.3 Enable Randomized Virtual Memory Region Placement 'kernel.randomize_va_space = 1'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4146-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*kernel\.randomize_va_space\\s*"
 expect		: "^[\\s]*kernel\.randomize_va_space\\s*=\\s*2\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.6.5 Disable Prelink 'PRELINKING=no'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysconfig/prelink"
 regex		: "^[\\s]*PRELINKING\\s*=\\s*"
 expect		: "^[\\s]*PRELINKING\\s*=\\s*no\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "1.7 Use the Latest OS Release"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/redhat-release"
 regex		: "^[^#]*Red Hat Enterprise Linux Server"
 expect		: "5\.[4-9]"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.1 Remove telnet-server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3390-2,CCE|CCE-4330-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "telnet-server-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.2 Remove telnet Clients"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3390-2,CCE|CCE-4330-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "telnet-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.3 Remove rsh-server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Not installed"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4308-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "rsh-server-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.4 Remove rsh"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Not installed"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4141-8,CCE|CCE-3974-3,CCE|CCE-3537-8"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "rsh-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.5 Remove NIS Client"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3705-1,CCE|CCE-4348-9"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "ypbind-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.6 Remove NIS Server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3705-1,CCE|CCE-4348-9"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "ypserv-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.7 Remove tftp"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4273-9,CCE|CCE-3916-4"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "tftp-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.8 Remove tftp-server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4273-9,CCE|CCE-3916-4"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "tftp-server-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.9 Remove talk"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Enabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "talk-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "2.1.10 Remove talk-server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Not installed"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "talk-server-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: XINETD_SVC
 description	: "2.1.12 Disable chargen-dgram"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "chargen-dgram"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: XINETD_SVC
 description	: "2.1.13 Disable chargen-stream"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "chargen-stream"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: XINETD_SVC
 description	: "2.1.14 Disable daytime-dgram"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "daytime-dgram"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: XINETD_SVC
 description	: "2.1.15 Disable daytime-stream"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "daytime-stream"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: XINETD_SVC
 description	: "2.1.16 Disable echo-dgram"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "echo-dgram"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: XINETD_SVC
 description	: "2.1.17 Disable echo-stream"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "echo-stream"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: XINETD_SVC
 description	: "2.1.18 Disable tcpmux-server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Disabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "tcpmux-server"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "3.2 Set Daemon umask"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysconfig/init"
 regex		: "^[\\s]*umask\\s+027\\s*"
 expect		: "^[\\s]*umask\\s+027\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CHKCONFIG
 description	: "3.1.1 Disable Avahi Server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "avahi-daemon"
 levels		: "0123456"
 status		: OFF
</custom_item>

<if>
 <condition type : "AND" >
  <custom_item>
   system	: "Linux"
   type		: PROCESS_CHECK
   description	: "avahi on"
   name		: "avahi-daemon"
   status	: ON
  </custom_item>
 </condition>
 <then>
  <custom_item>
   system	: "Linux"
   type		: CMD_EXEC
   description	: "3.1.3 Check Responses TTL Field 'check-response-ttl=yes'"
   info		: "Configuration Level : Level-I"
   info		: "OS Default : N/A"
   info		: "Reboot Required : No"
   info		: "Scorable Item : Yes"
   see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
   cmd		: "/bin/awk '/^[\\s]*\\[server\\]/,/check-response-ttl/' /etc/avahi/avahi-daemon.conf"
   expect	: "^[\\s]*check-response-ttl=yes\\s*$"
   severity	: HIGH
   dont_echo_cmd: YES
  </custom_item>

  <custom_item>
   system	: "Linux"
   type		: CMD_EXEC
   description	: "3.1.4 Prevent Other Programs from Using Avahi's Port 'disallow-other-stacks=yes'"
   info		: "Configuration Level : Level-I"
   info		: "OS Default : N/A"
   info		: "Reboot Required : No"
   info		: "Scorable Item : No"
   see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
   cmd		: "/bin/awk '/^[\\s]*\\[server\\]/,/disallow-other-stacks/' /etc/avahi/avahi-daemon.conf"
   expect	: "^[\\s]*disallow-other-stacks=yes\\s*$"
   severity	: HIGH
   dont_echo_cmd: YES
  </custom_item>
 </then>
</if>

<custom_item>
 system		: "Linux"
 type		: CHKCONFIG
 description	: "3.8 Disable NFS and RPC 'nfslock'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "nfslock"
 levels		: "0123456"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CHKCONFIG
 description	: "3.8 Disable NFS and RPC 'rpcgssd'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "rpcgssd"
 levels		: "0123456"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CHKCONFIG
 description	: "3.8 Disable NFS and RPC 'rpcidmapd'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "rpcidmapd"
 levels		: "0123456"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CHKCONFIG
 description	: "3.8 Disable NFS and RPC 'portmap'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "portmap"
 levels		: "0123456"
 status		: OFF
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "3.9 Remove DNS Server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "bind-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "3.10 Remove FTP Server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "vsftpd-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "3.12 Remove Dovecot (IMAP and POP3 services)"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "dovecot-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "3.13 Remove Samba"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Not installed"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "samba-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "3.14 Remove HTTP Proxy Server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "squid-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "3.15 Remove SNMP Server"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Not Installed"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "net-snmp-0.0.0-0"
 operator	: "lt"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "3.16 Configure Mail Transfer Agent for Local-Only Mode 'O DaemonPortOptions=Port=smtp, Addr=127.0.0.1, Name=MTA'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/mail/sendmail.cf"
 regex		: "^O[\\s]*DaemonPortOptions\\s*="
 expect		: "^O[\\s]*DaemonPortOptions\\s*=\\s*Port\\s*=\\s*smtp,\\s*Addr\\s*=\\s*127\.0\.0\.1,\\s*Name=MTA\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.1.1 Disable IP Forwarding 'net.ipv4.ip_forward = 0'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3561-8"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.ip_forward\\s*="
 expect		: "^[\\s]*net\.ipv4\.ip_forward\\s*=\\s*0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.1.2 Disable Send Packet Redirects 'net.ipv4.conf.all.send_redirects = 0'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4151-7,CCE|CCE-4155-8"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.conf\.all\.send_redirects\\s*="
 expect		: "^[\\s]*net\.ipv4\.conf\.all\.send_redirects\\s*=\\s*0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.1.2 Disable Send Packet Redirects 'net.ipv4.conf.send_redirects = 0'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4151-7,CCE|CCE-4155-8"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.conf\.default\.send_redirects\\s*="
 expect		: "^[\\s]*net\.ipv4\.conf\.default\.send_redirects\\s*=\\s*0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.2.1 Disable Source Routed Packet Acceptance 'net.ipv4.conf.all.accept_source_route = 0'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4236-6,CCE|CCE-4091-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.conf\.all\.accept_source_route\\s*="
 expect		: "^[\\s]*net\.ipv4\.conf\.all\.accept_source_route\\s*=\\s*0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.2.1 Disable Source Routed Packet Acceptance 'net.ipv4.conf.default.accept_source_route = 0'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4236-6,CCE|CCE-4091-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.conf\.default\.accept_source_route\\s*="
 expect		: "^[\\s]*net\.ipv4\.conf\.default\.accept_source_route\\s*=\\s*0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.2.2 Disable ICMP Redirect Acceptance 'net.ipv4.conf.all.accept_redirects = 0'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4217-6,CCE|CCE-4186-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.conf\.all\.accept_redirects\\s*="
 expect		: "^[\\s]*net\.ipv4\.conf\.all\.accept_redirects\\s*=\\s*0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.2.2 Disable ICMP Redirect Acceptance 'net.ipv4.conf.default.accept_redirects = 0'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4217-6,CCE|CCE-4186-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.conf\.default\.accept_redirects\\s*="
 expect		: "^[\\s]*net\.ipv4\.conf\.default\.accept_redirects\\s*=\\s*0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.2.4 Log Suspicious Packets 'net.ipv4.conf.all.log_martians = 1'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4320-8"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.conf\.all\.log_martians\\s*="
 expect		: "^[\\s]*net\.ipv4\.conf\.all\.log_martians\\s*=\\s*1\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.2.5 Enable Ignore Broadcast Requests 'net.ipv4.icmp_echo_ignore_broadcasts = 1'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3644-2"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.icmp_echo_ignore_broadcasts\\s*="
 expect		: "^[\\s]*net\.ipv4\.icmp_echo_ignore_broadcasts\\s*=\\s*1\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.2.6 Enable Bad Error Message Protection 'net.ipv4.icmp_ignore_bogus_error_responses = 1'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4133-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net\.ipv4\.icmp_ignore_bogus_error_responses\\s*="
 expect		: "^[\\s]*net\.ipv4\.icmp_ignore_bogus_error_responses\\s*=\\s*1\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.2.8 Enable TCP SYN Cookies 'net.ipv4.tcp_syncookies = 1'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4265-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/sysctl.conf"
 regex		: "^[\\s]*net.ipv4.tcp_syncookies\\s*="
 expect		: "^[\\s]*net.ipv4.tcp_syncookies\\s*=\\s*1\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CMD_EXEC
 description	: "4.3.1 Deactivate Wireless Interfaces"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-4276-2"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 info		: "NOTE : This query provides an informational output that requires manual verification."
 info		: "NOTE : Per CIS, any wireless interface found should be downed :"
 info		: " ifdown <interface>"
 info		: "and the config script removed:"
 info		: " rm /etc/sysconfig/network-scripts/ifcfg-<interface>"
 cmd		: "/sbin/iwconfig"
 expect		: ""
 dont_echo_cmd	: YES
 severity	: MEDIUM
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.4.2 Disable IPv6 'options ipv6 disable=1'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-3562-6"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/modprobe.conf"
 regex		: "^[\\s]*options\\s+ipv6\\s"
 expect		: "^[\\s]*options\\s+ipv6\\s+[\"]disable\\s*=\\s*1[\"]\\s*$"
</custom_item>

#<custom_item>
# system		: "Linux"
# type		: FILE_CONTENT_CHECK
# description	: "4.4.1.1 Disable IPv6 Router Advertisements 'net.ipv6.conf.default.accept_ra = 0'"
# info		: "Configuration Level : Level-I"
# info		: "OS Default : N/A"
# info		: "Reboot Required : No"
# info		: "Scorable Item : No"
# reference	: "CCE|CCE-4269-7"
# see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
# file		: "/etc/sysctl.conf"
# regex		: "^[\\s]*net\.ipv6\.conf\.default\.accept_ra\\s*="
# expect		: "^[\\s]*net\.ipv6\.conf\.default\.accept_ra\\s*=\\s*0\\s*$"
#</custom_item>

#<custom_item>
# system		: "Linux"
# type		: FILE_CONTENT_CHECK
# description	: "4.4.1.2 Disable IPv6 Redirect Acceptance 'net.ipv6.conf.default.accept_redirect = 0'"
# info		: "Configuration Level : Level-I"
# info		: "OS Default : N/A"
# info		: "Reboot Required : No"
# info		: "Scorable Item : No"
# reference	: "CCE|CCE-4313-3"
# see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
# file		: "/etc/sysctl.conf"
# regex		: "^[\\s]*net\.ipv6\.conf\.default\.accept_redirects\\s*="
# expect		: "^[\\s]*net\.ipv6\.conf\.default\.accept_redirects\\s*=\\s*0\\s*$"
#</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "4.5.1 Install TCP Wrappers"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Not installed"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "tcp_wrappers-0.0.0-0"
 operator	: "gt"
 required	: YES
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "4.5.3 Verify Permissions on /etc/hosts.allow"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Installed"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/hosts.allow"
 owner		: "root"
 group		: "root"
 mask		: "133"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "4.5.5 Verify Permissions on /etc/hosts.deny"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Installed"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/hosts.deny"
 owner		: "root"
 group		: "root"
 mask		: "133"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CHKCONFIG
 description	: "4.7 Enable IPtables"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4189-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "iptables"
 levels		: "2345"
 status		: ON
</custom_item>

#<custom_item>
# system		: "Linux"
# type		: CHKCONFIG
# description	: "4.8 Enable IP6tables"
# info		: "Configuration Level : Level-I"
# info		: "OS Default : N/A"
# info		: "Reboot Required : No"
# info		: "Scorable Item : No"
# reference	: "CCE|CCE-4167-3"
# see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
# service	: "ip6tables"
# levels		: "2345"
# status		: ON
#</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.6.1 Disable DCCP 'install dccp /bin/true'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-14268-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/modprobe.conf"
 regex		: "^[\\s]*install\\s+dccp\\s"
 expect		: "^[\\s]*install\\s+dccp\\s+/bin/true\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.6.2 Disable SCTP 'install sctp /bin/true'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-14132-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/modprobe.conf"
 regex		: "^[\\s]*install\\s+sctp\\s"
 expect		: "^[\\s]*install\\s+sctp\\s+/bin/true\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.6.3 Disable RDS 'install rds /bin/true'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-14027-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/modprobe.conf"
 regex		: "^[\\s]*install\\s+rds\\s"
 expect		: "^[\\s]*install\\s+rds\\s+/bin/true\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "4.6.4 Disable TIPC 'install tipc /bin/true'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : Yes"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-14911-2"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/modprobe.conf"
 regex		: "^[\\s]*install\\s+tipc\\s"
 expect		: "^[\\s]*install\\s+tipc\\s+/bin/true\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: RPM_CHECK
 description	: "5.2.1 Install the rsyslog package"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 rpm		: "rsyslog-0.0.0-0"
 operator	: "gt"
 required	: YES
</custom_item>

<custom_item>
 type		: CHKCONFIG
 description	: "5.2.2 Activate the rsyslog Service 'syslog'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "syslog"
 levels		: "123456"
 status		: OFF
</custom_item>

<custom_item>
 type		: CHKCONFIG
 description	: "5.2.2 Activate the rsyslog Service 'rsyslog'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "rsyslog"
 levels		: "2345"
 status		: ON
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "5.2.3 Configure /etc/rsyslog.conf 'auth,user /var/log/messages'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/rsyslog.conf"
 regex		: "^[\\s]*auth,user\.\\*\\s"
 expect		: "^[\\s]*auth,user\.\\*\\s+\\/var\\/log\\/messages\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "5.2.3 Configure /etc/rsyslog.conf 'kern /var/log/kern.log'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/rsyslog.conf"
 regex		: "^[\\s]*kern\.\\*\\s"
 expect		: "^[\\s]*kern\.\\*\\s+\\/var\\/log\\/kern\.log\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "5.2.3 Configure /etc/rsyslog.conf 'daemon /var/log/daemon.log'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/rsyslog.conf"
 regex		: "^[\\s]*daemon\.\\*\\s"
 expect		: "^[\\s]*daemon\.\\*\\s+\\/var\\/log\\/daemon\.log\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "5.2.3 Configure /etc/rsyslog.conf 'syslog /var/log/syslog'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/rsyslog.conf"
 regex		: "^[\\s]*syslog\.\\*\\s"
 expect		: "^[\\s]*syslog\.\\*\\s+\\/var\\/log\\/syslog\.log\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "5.2.3 Configure /etc/rsyslog.conf 'lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6 /var/log/unused.log'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/rsyslog.conf"
 regex		: "^[\\s]*lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6\.\\*\\s"
 expect		: "^[\\s]*lpr,news,uucp,local0,local1,local2,local3,local4,local5,local6\.\\*\\s+\\/var\\/log\\/unused\.log\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts '$ModLoad imtcp.so'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/rsyslog.conf"
 regex		: "^[\\s]*[\$]ModLoad\\s"
 expect		: "^[\\s]*[\$]ModLoad\\s+imtcp\.so\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts '$InputTCPServerRun 514'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/rsyslog.conf"
 regex		: "^[\\s]*[\$]InputTCPServerRun\\s"
 expect		: "^[\\s]*[\$]InputTCPServerRun\\s+514\\s*$"
</custom_item>

<custom_item>
 system         : "Linux"
 type           : FILE_CONTENT_CHECK
 description    : "5.4 Configure logrotate - '/var/log/messages'"
 info           : "Configuration Level : Level-I"
 info           : "OS Default : Yes"
 info           : "Reboot Required : No"
 info           : "Scorable Item : No"
 reference	: "CCE|CCE-4182-2"
 see_also       : "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file           : "/etc/logrotate.d/syslog"
 regex          : "[\\s]*/var/log/messages"
 expect         : "[\\s]*/var/log/messages\\s*"
</custom_item>
<custom_item>
 system         : "Linux"
 type           : FILE_CONTENT_CHECK
 description    : "5.4 Configure logrotate - '/var/log/secure'"
 info           : "Configuration Level : Level-I"
 info           : "OS Default : Yes"
 info           : "Reboot Required : No"
 info           : "Scorable Item : No"
 reference	: "CCE|CCE-4182-2"
 see_also       : "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file           : "/etc/logrotate.d/syslog"
 regex          : "[\\s]*/var/log/secure"
 expect         : "[\\s]*/var/log/secure\\s*"
</custom_item>
<custom_item>
 system         : "Linux"
 type           : FILE_CONTENT_CHECK
 description    : "5.4 Configure logrotate - '/var/log/maillog'"
 info           : "Configuration Level : Level-I"
 info           : "OS Default : Yes"
 info           : "Reboot Required : No"
 info           : "Scorable Item : No"
 reference	: "CCE|CCE-4182-2"
 see_also       : "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file           : "/etc/logrotate.d/syslog"
 regex          : "[\\s]*/var/log/maillog"
 expect         : "[\\s]*/var/log/maillog\\s*"
</custom_item>
<custom_item>
 system         : "Linux"
 type           : FILE_CONTENT_CHECK
 description    : "5.4 Configure logrotate - '/var/log/spooler'"
 info           : "Configuration Level : Level-I"
 info           : "OS Default : Yes"
 info           : "Reboot Required : No"
 info           : "Scorable Item : No"
 reference	: "CCE|CCE-4182-2"
 see_also       : "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file           : "/etc/logrotate.d/syslog"
 regex          : "[\\s]*/var/log/spooler"
 expect         : "[\\s]*/var/log/spooler\\s*"
</custom_item>
<custom_item>
 system         : "Linux"
 type           : FILE_CONTENT_CHECK
 description    : "5.4 Configure logrotate - '/var/log/boot.log'"
 info           : "Configuration Level : Level-I"
 info           : "OS Default : Yes"
 info           : "Reboot Required : No"
 info           : "Scorable Item : No"
 reference	: "CCE|CCE-4182-2"
 see_also       : "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file           : "/etc/logrotate.d/syslog"
 regex          : "[\\s]*/var/log/boot.log"
 expect         : "[\\s]*/var/log/boot.log\\s*"
</custom_item>
<custom_item>
 system         : "Linux"
 type           : FILE_CONTENT_CHECK
 description    : "5.4 Configure logrotate - '/var/log/cron'"
 info           : "Configuration Level : Level-I"
 info           : "OS Default : Yes"
 info           : "Reboot Required : No"
 info           : "Scorable Item : No"
 reference	: "CCE|CCE-4182-2"
 see_also       : "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file           : "/etc/logrotate.d/syslog"
 regex          : "[\\s]*/var/log/cron"
 expect         : "[\\s]*/var/log/cron\\s*"
</custom_item>

<custom_item>
 type		: CHKCONFIG
 description	: "6.1.2 Enable cron Daemon"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Enabled"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4324-0"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 service	: "crond"
 levels		: "2345"
 status		: ON
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "6.1.3 Set User/Group Owner and Permission on /etc/anacrontab"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/anacrontab"
 owner		: "root"
 group		: "root"
 mask		: "077"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "6.1.4 Set User/Group Owner and Permission on /etc/crontab"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3626-9,CCE|CCE-3851-3,CCE|CCE-4388-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/crontab"
 owner		: "root"
 group		: "root"
 mask		: "077"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4054-3,CCE|CCE-3983-4,CCE|CCE-4106-1"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/cron.hourly"
 owner		: "root"
 group		: "root"
 mask		: "077"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "6.1.6 Set User/Group Owner and Permission on /etc/cron.daily"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3481-9,CCE|CCE-4022-0,CCE|CCE-4450-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/cron.daily"
 owner		: "root"
 group		: "root"
 mask		: "077"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4331-5,CCE|CCE-3833-1,CCE|CCE-4203-6"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/cron.weekly"
 owner		: "root"
 group		: "root"
 mask		: "077"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4322-4,CCE|CCE-4441-2,CCE|CCE-4251-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/cron.monthly"
 owner		: "root"
 group		: "root"
 mask		: "077"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "6.1.9 Set User/Group Owner and Permission on /etc/cron.d"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4212-7,CCE|CCE-4380-2,CCE|CCE-4250-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/cron.d"
 owner		: "root"
 group		: "root"
 mask		: "077"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.1 Set SSH Protocol to 2"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4245-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*Protocol\\s"
 expect		: "^[\\s]*Protocol\\s+2\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.2 Set LogLevel to INFO"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*LogLevel\\s"
 expect		: "^[\\s]*LogLevel\\s+[iI][nN][fF][oO]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description	: "6.2.3 Set Permissions on /etc/ssh/sshd_config"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3958-6,CCE|CCE-3495-9"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 owner		: "root"
 group		: "root"
 mask		: "133"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.4 Disable SSH X11 Forwarding"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*X11Forwarding\\s"
 expect		: "^[\\s]*X11Forwarding\\s+[nN][oO]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.5 Set SSH MaxAuthTries to 3 or Less"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*MaxAuthTries\\s"
 expect		: "^[\\s]*MaxAuthTries\\s+[1-3]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.6 Set SSH IgnoreRhosts to Yes"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4250-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*IgnoreRhosts\\s"
 expect		: "^[\\s]*IgnoreRhosts\\s+[yY][eE][sS]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.7 Set SSH HostbasedAuthentication to No"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4251-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*HostbasedAuthentication\\s"
 expect		: "^[\\s]*HostbasedAuthentication\\s+[nN][oO]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.8 Disable SSH Root Login"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4252-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*PermitRootLogin\\s"
 expect		: "^[\\s]*PermitRootLogin\\s+[nN][oO]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.9 Set SSH PermitEmptyPasswords to No"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4256-4"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*PermitEmptyPasswords\\s"
 expect		: "^[\\s]*PermitEmptyPasswords\\s+[nN][oO]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.10 Do Not Allow Users to Set Environment Options 'PermitUserEnvironment no'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4265-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*PermitUserEnvironment\\s"
 expect		: "^[\\s]*PermitUserEnvironment\\s+[nN][oO]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.11 Use Only Approved Ciphers in Counter Mode 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4269-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*Ciphers\\s"
 expect		: "^[\\s]*Ciphers\\s+[aA][eE][sS]128-[cC][tT][rR],[aA][eE][sS]192-[cC][tT][rR],[aA][eE][sS]256-[cC][tT][rR]\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.12 Set Idle Timeout Interval for User Login 'ClientAliveInterval <= 1800'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-4247-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*ClientAliveInterval\\s"
 expect		: "^[\\s]*ClientAliveInterval\\s+([1-9]|[1-9][0-9]|[1-8][0-9][0-9]|1800)\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.12 Set Idle Timeout Interval for User Login 'ClientAliveCountMax'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-4247-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*ClientAliveCountMax\\s"
 expect		: "^[\\s]*ClientAliveCountMax\\s+0\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.2.15 Enable SSH UsePrivilegeSeparation 'UsePrivilegeSeparation yes'"
 info		: "Configuration Level : Level-I"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/ssh/sshd_config"
 regex		: "^[\\s]*UsePrivilegeSeparation\\s"
 expect		: "^[\\s]*UsePrivilegeSeparation\\s+yes"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.3.1 Set Password Creation Requirement Parameters Using pam_cracklib 'password required'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/pam.d/system-auth"
 regex		: "^[\\s]*password\\s+required\\s+pam_cracklib\.so\\s"
 expect		: "^[\\s]*password\\s+required\\s+pam_cracklib\.so\\s+try_first_pass\\s+retry=3\\s+minlen=8\\s+dcredit=-1\\s+ucredit=-1\\s+ocredit=-1\\s+lcredit=-1\\s*$"
</custom_item>


<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.3.2 Set Lockout for Failed Password Attempts 'auth required pam_tally2.so deny=3 onerr=fail'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/pam.d/system-auth"
 regex		: "^[\\s]*auth\\s+required\\s+pam_tally2.so\\s"
 expect		: "^[\\s]*auth\\s+required\\s+pam_tally2.so\\s+deny=3\\s+onerr=fail\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CMD_EXEC
 description	: "6.3.4 Upgrade Password Hashing Algorithm to SHA-512"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 cmd		: "/usr/sbin/authconfig --test | /bin/grep hashing"
 expect		: "[sS][hH][aA]512"
 dont_echo_cmd	: YES
 severity	: HIGH
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.3.5 Limit Password Reuse 'password sufficient pam_unix.o <existing options> remember=24'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/pam.d/system-auth"
 regex		: "^[\\s]*password\\s+sufficient\\s+pam_unix.so\\s"
 expect		: "^[\\s]*password\\s+sufficient\\s+pam_unix.so\\s+.*\\s+remember=24\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "6.5 Restrict Access to the su Command '/etc/pam.d/su - auth required pam_wheel.so use_uid'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/pam.d/su"
 regex		: "^[\\s]*auth\\s+required\\s+pam_wheel.so\\s"
 expect		: "^[\\s]*auth\\s+required\\s+pam_wheel.so\\s+use_uid\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CMD_EXEC
 description	: "6.5 Restrict Access to the su Command '/etc/group - wheel:x:10:root, <user list>'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 cmd		: "/bin/grep ^wheel: /etc/group"
 expect		: "^wheel:x:10:root(,|$)"
 dont_echo_cmd	: YES
 severity	: HIGH
</custom_item>

<custom_item>
 system		: "Linux"
 type		: GRAMMAR_CHECK
 description: "7.2 Disable System Accounts"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4060-0"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/passwd"
 regex		: "^[A-Za-z0-9_-]+:x:([1-9]:|[0-9][0-9]:|[0-4][0-9]{2}:)[0-9]+:[-A-Za-z0-9_ \/-]*:[-A-Za-z0-9_\/-]+:/sbin/nologin"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: GRAMMAR_CHECK
 description: "9.2.17 Check That Reserved UIDs Are Assigned to System Accounts"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/passwd"
 regex		: "^[A-Za-z0-9_-]+:x:([0-9]{4,}|[5-9][0-9]{2}):[0-9]+:[-A-Za-z0-9_ \/-]*:[-A-Za-z0-9_\/]+:.*"
 regex		: "^root:x:0:0:root:/root:/bin/bash"
</custom_item>

<item>
 name		: "min_password_age"
 description	: "7.1.2 Set Password Change Minimum Number of Days '1+'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 value		: "1..MAX"
</item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "7.1.3 Set Password Expiring Warning Days 'PASS_WARN_AGE >= 14'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/login.defs"
 regex		: "^[\\s]*PASS_WARN_AGE\\s+"
 expect		: "^[\\s]*PASS_WARN_AGE\\s+([1-9]|1[0-4]?)\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CMD_EXEC
 description	: "7.3 Set Default Group for root Account"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4060-0"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 cmd		: "/usr/bin/id -g root"
 expect		: "^0$"
 dont_echo_cmd	: YES
 severity	: HIGH
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "7.4 Set Default umask for Users '/etc/bashrc - umask 077'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4060-0"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/bashrc"
 regex		: "^[\\s]*[uU][mM][aA][sS][kK]\\s"
 expect		: "^[\\s]*[uU][mM][aA][sS][kK]\\s+=\\s+077\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK
 description	: "7.4 Set Default umask for Users '/etc/profile - umask 077'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4060-0"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/profile"
 regex		: "^[\\s]*[uU][mM][aA][sS][kK]\\s"
 expect		: "^[\\s]*[uU][mM][aA][sS][kK]\\s+077\\s*$"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: CMD_EXEC
 description	: "7.5 Lock Inactive User Accounts 'INACTIVE=120'"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : No"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4060-0"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 cmd		: "/usr/sbin/useradd -D | /bin/grep INACTIVE"
 expect		: "^INACTIVE=120$"
 dont_echo_cmd	: YES
 severity	: HIGH
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "9.1.2 Verify Permissions on /etc/passwd"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3566-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/passwd"
 mask		: "133"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "9.1.6 Verify User/Group Ownership on /etc/passwd"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3958-6,CCE|CCE-3495-9"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/passwd"
 owner		: "root"
 group		: "root"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "9.1.3 Verify Permissions on /etc/shadow"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4130-1"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/shadow"
 mask		: "377"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "9.1.7 Verify User/Group Ownership on /etc/shadow"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3918-0,CCE|CCE-3988-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/shadow"
 owner		: "root"
 group		: "root"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "9.1.4 Verify Permissions on /etc/gshadow"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3932-1"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/gshadow"
 mask		: "377"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "9.1.8 Verify User/Group Ownership on /etc/gshadow"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4210-1,CCE|CCE-4064-2"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/gshadow"
 owner		: "root"
 group		: "root"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "9.1.5 Verify Permissions on /etc/group"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3967-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/group"
 mask		: "133"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description: "9.1.9 Verify User/Group Ownership on /etc/group"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3276-3,CCE|CCE-3883-6"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/group"
 owner		: "root"
 group		: "root"
</custom_item>

<item>
 name		: "find_world_writeable_files"
 description	: "9.1.10 Find World Writable ob体育s"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : No"
 reference	: "CCE|CCE-3795-2,CCE|CCE-14794-2"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<item>
 name		: "find_orphan_files"
 description: "9.1.11 Find Un-owned ob体育s and Directories"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4223-4"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<item>
 name		: "find_orphan_files"
 description: "9.1.12 Find Un-grouped ob体育s and Directories"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-3573-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<custom_item>
 system		: "Linux"
 type		: CMD_EXEC
 description	: "9.2.1 Ensure Password Fields are Not Empty"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4238-2"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 cmd		: "/bin/cat /etc/shadow | /bin/awk -F : '($2 == \"\") { print $1 \" does not have a password.\"}'"
 expect		: ""
 dont_echo_cmd	: YES
 severity	: HIGH
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK_NOT
 description	: "9.2.2 Verify No Legacy '+' Entries Exist in /etc/passwd ob体育"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4114-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/passwd"
 regex		: "^[\\s]*\\+:"
 expect		: "^[\\s]*\\+:"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK_NOT
 description	: "9.2.3 Verify No Legacy '+' Entries Exist in /etc/shadow ob体育"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14071-5"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/shadow"
 regex		: "^[\\s]*\\+:"
 expect		: "^[\\s]*\\+:"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CONTENT_CHECK_NOT
 description	: "9.2.4 Verify No Legacy '+' Entries Exist in /etc/group ob体育"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-14675-3"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "/etc/group"
 regex		: "^[\\s]*\\+:"
 expect		: "^[\\s]*\\+:"
</custom_item>

<item>
 name		: "passwd_zero_uid"
 description	: "9.2.5 Verify No UID 0 Accounts Exist Other Than root"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : Yes"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4009-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<item>
 name		: "accounts_bad_home_permissions"
 description    : "9.2.7 Check Permissions on User Home Directories"
 info           : "Configuration Level : Level-I"
 info           : "OS Default : N/A"
 info           : "Reboot Required : No"
 info           : "Scorable Item : Yes"
 reference	: "CCE|CCE-4090-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 mask		: "027"
</item>

<item>
 name		: "accounts_bad_home_permissions"
 description: "9.2.14 Check User Home Directory Ownership"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 reference	: "CCE|CCE-4090-7"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description    : "9.2.8 Check User Dot ob体育 Permissions"
 info           : "Configuration Level : Level-I"
 info           : "OS Default : N/A"
 info           : "Reboot Required : No"
 info           : "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "~/.*"
 mask		: "0002"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK
 description    : "9.2.9 Check Permissions on User .netrc ob体育s"
 info           : "Configuration Level : Level-I"
 info           : "OS Default : N/A"
 info           : "Reboot Required : No"
 info           : "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "~/.netrc"
 mask		: "0077"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK_NOT
 description	: "9.2.10 Check for Presence of User .rhosts ob体育s"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "~/.rhosts"
</custom_item>

<item>
 name		: "passwd_invalid_gid"
 description	: "9.2.11 Check Groups in /etc/passwd"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<item>
 name		: "accounts_without_home_dir"
 description: "9.2.12 Check That Users Are Assigned Home Directories"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<item>
 name		: "accounts_without_home_dir"
 description: "9.2.13 Check That Defined Home Directories Exist"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<item>
 name		: "passwd_duplicate_uid"
 description	: "9.2.15 Check for Duplicate UIDs"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<item>
 name		: "group_duplicate_gid"
 description	: "9.2.16 Check for Duplicate GIDs"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<item>
 name		: "passwd_duplicate_username"
 description	: "9.2.18 Check for Duplicate User Names"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<item>
 name		: "group_duplicate_name"
 description	: "9.2.19 Check for Duplicate Group Names"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
</item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK_NOT
 description	: "9.2.20 Check for Presence of User .netrc ob体育s"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "~/.netrc"
</custom_item>

<custom_item>
 system		: "Linux"
 type		: FILE_CHECK_NOT
 description	: "9.2.21 Check for Presence of User .forward ob体育s"
 info		: "Configuration Level : Level-I"
 info		: "OS Default : N/A"
 info		: "Reboot Required : No"
 info		: "Scorable Item : Yes"
 see_also	: "https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf"
 file		: "~/.forward"
</custom_item>

</then>
<else>
<report type	: "WARNING" >
 description	:"Red Hat 5 is not installed on target"
 info			:"Red Hat 5 is not installed on target"
</report>
</else>
</if>

</check_type>