#
# (C) 2012-2015 Tenable Network Security, Inc.
#
# This script is released under the Tenable Subscription License and
# may not be used from within scripts released under another license
# without authorization from Tenable Network Security, Inc.
#
# See the following licenses for details:
#
# http://static.tenable.com/prod_docs/Nessus_6_SLA_and_Subscription_Agreement.pdf
#
# @PROFESSIONALFEED@
#
# $Revision: 1.12 $
# $Date: Tue Jun 9 10:13:38 2015 -0400 $
#
# Description : This .audit file is written again the Center for Internet
# Security benchmark for HP-UX 11i v1.5.0
# https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf
#
# NOTE : Some queries in this .audit require site-specific data to be
# known to the query in order to function properly. Please note
# the following queries and edit their values accordingly.
# 1.3.8 Only enable Windows-compatibility server processes if absolutely necessary
# 1.4.3 Use more random TCP sequence numbers
# 1.6.6 Configure IPFilter to allow only select communication
# 1.9.2 Create warning banners for GUI logins
# SN.9 Configure inetd security
#
# NOTE : Some queries are commented out as they may take a long time to
# run or are applicable only to certain systems. These should
# be reviewed before use and uncommented accordingly.
# 1.5.1 Set Sticky Bit on World Writable Directories
# 1.5.2 Secure unauthorized world-writable files and SUID/SGID executables
# 1.5.3 Resolve 'unowned' files and directories
#
# NOTE : CIS lists several services in sections 1.2 and 1.3 which are to be disabled if not needed. Queries for services addressed
# under these sections assume they are not in use and should be disabled. Queries for individual services which are in use
# in specific environments should have those queries modified to match the target environment.
#
# NOTE : CIS lists several services in section 1.3 which are classified as "set to '1' ... only if necessary". This .audit file has been
# written to assume that they are all to be set to '0'. Services addressed under section 1.2 which are in use will need to
# have those queries modified accordingly.
#
#
#CIS HP-UX 11i v1.5
#unix,cis,hpux
#
#
#RANDOM_STRING
#Ty*WqSebni1I_sAvjIX6yv=e#Xu/VHU"
#TCP ISN passphrase
#This passphrase increases the randomness of TCP initial sequence numbers. This passphrase may be any length character string. Only the first 32 characters will be retained.
#
#
#IPFILTER_ALLOWED_NETWORK_1
#192\.0\.2\.0\\/24
#IPFilter allowed network
#The IP address and network mask allowed to connect to the server through IPFilter.
#
#
#BANNER
#Authorized users only.
#Banner text
#The text of the login banner shown to all users.
#
#
#PERS_BANNER
#Welcome %s
#Personalized banner text
#The text of the login banner shown to each individual.
#
#
#INETD_ALLOWED_NETWORK_1
#192\.0\.2\.0\\/24
#Inetd kshell allowed network
#The IP address and network mask allowed to connect to the server through inetd.
#
#
#
type : CMD_EXEC
description : "HP-UX - HP-UX found"
cmd : "/usr/bin/uname"
expect : "HP-UX"
dont_echo_cmd : YES
description : "HP-UX 11i"
info : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : Please read the .audit header for CIS_HPUX_v1_5_0.audit before running a compliance scan."
info : "Please review the header notes as some queries may not behave as anticipated due to unique environmental variables that may be present on"
info : "your system(s)."
info : "Thank you."
info : "Tenable Network Security, Inc."
description : "1.1.1 Apply the latest OS patches"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : Nessus has not performed this query, and this check is only provided for informational purposes."
info : "NOTE : A full patch audit with Nessus should be performed in addition to the use of this compliance .audit file."
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.1.2 Install and configure HP-UX Secure Shell 'Protocol=2'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/opt/ssh/etc/sshd_config"
regex : "^[\\s]*[pP][rR][oO][tT][oO][cC][oO][lL]\\s"
expect : "^[\\s]*[pP][rR][oO][tT][oO][cC][oO][lL]\\s+2\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.1.2 Install and configure HP-UX Secure Shell 'X11Forwarding=yes'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/opt/ssh/etc/sshd_config"
regex : "^[\\s]*[xX]11[fF][oO][rR][wW][aA][rR][dD][iI][nN][gG]\\s"
expect : "^[\\s]*[xX]11[fF][oO][rR][wW][aA][rR][dD][iI][nN][gG]\\s+[yY][eE][sS]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.1.2 Install and configure HP-UX Secure Shell 'IgnoreRhosts=yes'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/opt/ssh/etc/sshd_config"
regex : "^[\\s]*[iI][gG][nN][oO][rR][eE][rR][hH][oO][sS][tT][sS]\\s"
expect : "^[\\s]*[iI][gG][nN][oO][rR][eE][rR][hH][oO][sS][tT][sS]\\s+[yY][eE][sS]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.1.2 Install and configure HP-UX Secure Shell 'RhostsAuthentication=no'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/opt/ssh/etc/sshd_config"
regex : "^[\\s]*[rR][hH][oO][sS][tT][sS][aA][uU][tT][hH][eE][nN][tT][iI][cC][aA][tT][iI][oO][nN]\\s"
expect : "^[\\s]*[rR][hH][oO][sS][tT][sS][aA][uU][tT][hH][eE][nN][tT][iI][cC][aA][tT][iI][oO][nN]\\s+[nN][oO]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.1.2 Install and configure HP-UX Secure Shell 'RhostsRSAAuthentication=no'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/opt/ssh/etc/sshd_config"
regex : "^[\\s]*[rR][hH][oO][sS][tT][sS][rR][sS][aA][aA][uU][tT][hH][eE][nN][tT][iI][cC][aA][tT][iI][oO][nN]\\s"
expect : "^[\\s]*[rR][hH][oO][sS][tT][sS][rR][sS][aA][aA][uU][tT][hH][eE][nN][tT][iI][cC][aA][tT][iI][oO][nN]\\s+[nN][oO]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.1.2 Install and configure HP-UX Secure Shell 'PermitRootLogin=no'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/opt/ssh/etc/sshd_config"
regex : "^[\\s]*[pP][eE][rR][mM][iI][tT][rR][oO][oO][tT][lL][oO][gG][iI][nN]\\s"
expect : "^[\\s]*[pP][eE][rR][mM][iI][tT][rR][oO][oO][tT][lL][oO][gG][iI][nN]\\s+[nN][oO]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.1.2 Install and configure HP-UX Secure Shell 'PermitEmptyPasswords=no'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/opt/ssh/etc/sshd_config"
regex : "^[\\s]*[pP][eE][rR][mM][iI][tT][eE][mM][pP][tT][yY][pP][aA][sS][sS][wW][oO][rR][dD][sS]\\s"
expect : "^[\\s]*[pP][eE][rR][mM][iI][tT][eE][mM][pP][tT][yY][pP][aA][sS][sS][wW][oO][rR][dD][sS]\\s+[nN][oO]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.1.2 Install and configure HP-UX Secure Shell 'Banner=/etc/banner'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/opt/ssh/etc/sshd_config"
regex : "^[\\s]*Banner"
expect : "^[\\s]*Banner\\s*/etc/banner\\s*$"
system : "HP-UX"
type : FILE_CHECK
description : "1.1.2 Install and configure HP-UX Secure Shell '/opt/ssh/etc/sshd_config'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/opt/ssh/etc/sshd_config"
owner : "root"
group : "sys"
mask : "0022"
description : "1.1.3 Use Bastille to report security configuration state"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : Nessus has not performed this query, and this check is only provided for informational purposes."
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'echo'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*echo\\s"
expect : "^[\\s]*echo\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'discard'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*discard\\s"
expect : "^[\\s]*discard\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'daytime'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*daytime\\s"
expect : "^[\\s]*daytime\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'chargen'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*chargen\\s"
expect : "^[\\s]*chargen\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'dtspc'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*dtspc\\s"
expect : "^[\\s]*dtspc\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'exec'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*exec\\s"
expect : "^[\\s]*exec\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'ntalk'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*ntalk\\s"
expect : "^[\\s]*ntalk\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'finger'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*finger\\s"
expect : "^[\\s]*finger\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'uucp'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*uucp\\s"
expect : "^[\\s]*uucp\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'ident'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*ident\\s"
expect : "^[\\s]*ident\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'auth'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*auth\\s"
expect : "^[\\s]*auth\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'instl_boots'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*instl_boots\\s"
expect : "^[\\s]*instl_boots\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'registrar'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*registrar\\s"
expect : "^[\\s]*registrar\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'recserv'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*recserv\\s"
expect : "^[\\s]*recserv\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'rpc.rstatd'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*rpc.*rpc\.rstatd\\s"
expect : "^[\\s]*rpc.*rpc\.rstatd\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'rpc.rusersd'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*rpc.*rpc\.rusersd\\s"
expect : "^[\\s]*rpc.*rpc\.rusersd\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'rpc.rwalld'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*rpc.*rpc\.rwalld\\s"
expect : "^[\\s]*rpc.*rpc\.rwalld\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'rpc.sprayd'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*rpc.*rpc\.sprayd\\s"
expect : "^[\\s]*rpc.*rpc\.sprayd\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'rpc.cmsd'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*rpc.*rpc\.cmsd\\s"
expect : "^[\\s]*rpc.*rpc\.cmsd\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'kcms_server'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*kcms_server\\s"
expect : "^[\\s]*kcms_server\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'printer'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*printer\\s"
expect : "^[\\s]*printer\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'shell'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*shell\\s"
expect : "^[\\s]*shell\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'login'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*login\\s"
expect : "^[\\s]*login\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1/1.2.2 Disable Standard Services 'telnet'"
info : "1.2.1 Disable Standard Services 'telnet'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : ""
info : "1.2.2 Only enable telnet if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends enabling 'only ... if absolutely necessary.' Assuming no need for this service, the query expects it to be disabled."
file : "/etc/inetd.conf"
regex : "^[\\s]*telnet\\s"
expect : "^[\\s]*telnet\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1/1.2.3 Disable FTP, if necessary"
info : "1.2.1 Disable Standard Services 'ftp'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : ""
info : "1.2.3 Only enable FTP if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends enabling 'only ... if absolutely necessary.' Assuming no need for this service, the query expects it to be disabled."
file : "/etc/inetd.conf"
regex : "^[\\s]*ftp\\s"
expect : "^[\\s]*ftp\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'tftp'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*tftp\\s"
expect : "^[\\s]*tftp\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'bootps'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*bootps\\s"
expect : "^[\\s]*bootps\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'kshell'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*kshell\\s"
expect : "^[\\s]*kshell\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1 Disable Standard Services 'klogin'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*klogin\\s"
expect : "^[\\s]*klogin\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1/1.2.7 Disable rpc.rquotad"
info : "1.2.1 Disable Standard Services 'rpc.rquotad'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : ""
info : "1.2.7 Only enable rquotad if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*rpc.*rpc\.rquotad\\s"
expect : "^[\\s]*rpc.*rpc\.rquotad\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.1/1.2.8 Disable rpc.ttdbserver"
info : "1.2.1 Disable Standard Services 'rpc.ttdbserver'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : ""
info : "1.2.8 Only enable CDE-related daemons if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*rpc.*rpc\.ttdbserver\\s"
expect : "^[\\s]*rpc.*rpc\.ttdbserver\\s"
system : "HP-UX"
type : FILE_CHECK
description : "1.2.1 Disable Standard Services '/etc/inetd.conf'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
owner : "root"
group : "sys"
mask : "7133"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.4 Only enable rlogin/remsh/rcp if absolutely necessary 'shell'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends enabling 'only ... if absolutely necessary.' Assuming no need for this service, the query expects it to be disabled."
file : "/etc/inetd.conf"
regex : "^[\\s]*shell\\s"
expect : "^[\\s]*shell\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.4 Only enable rlogin/remsh/rcp if absolutely necessary 'login'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends enabling 'only ... if absolutely necessary.' Assuming no need for this service, the query expects it to be disabled."
file : "/etc/inetd.conf"
regex : "^[\\s]*login\\s"
expect : "^[\\s]*login\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.5 Only enable TFTP if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends enabling 'only ... if absolutely necessary.' Assuming no need for this service, the query expects it to be disabled."
file : "/etc/inetd.conf"
regex : "^[\\s]*tftp\\s"
expect : "^[\\s]*tftp\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.6 Only enable printer service if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends enabling 'only ... if absolutely necessary.' Assuming no need for this service, the query expects it to be disabled."
file : "/etc/inetd.conf"
regex : "^[\\s]*printer\\s"
expect : "^[\\s]*printer\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.9 Only enable Kerberos-related daemons if absolutely necessary 'kshell'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends enabling 'only ... if absolutely necessary.' Assuming no need for this service, the query expects it to be disabled."
file : "/etc/inetd.conf"
regex : "^[\\s]*kshell\\s"
expect : "^[\\s]*kshell\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.9 Only enable Kerberos-related daemons if absolutely necessary 'klogin'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*klogin\\s"
expect : "^[\\s]*klogin\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.2.10 Only enable BOOTP/DHCP daemon if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*bootps\\s"
expect : "^[\\s]*bootps\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.3.1 Disable login: prompts on serial ports"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inittab"
regex : "^[^#].*getty.*tty.*"
expect : "^[^#].*getty.*tty.*"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.2 Disable NIS/NIS+ related processes, if possible 'NIS_MASTER_SERVER=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/namesvrs"
regex : "^[\\s]*NIS_MASTER_SERVER\\s*="
expect : "^[\\s]*NIS_MASTER_SERVER\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.2 Disable NIS/NIS+ related processes, if possible 'NIS_SLAVE_SERVER=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/namesvrs"
regex : "^[\\s]*NIS_SLAVE_SERVER\\s*="
expect : "^[\\s]*NIS_SLAVE_SERVER\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.2 Disable NIS/NIS+ related processes, if possible 'NIS_CLIENT=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/namesvrs"
regex : "^[\\s]*NIS_CLIENT\\s*="
expect : "^[\\s]*NIS_CLIENT\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.2 Disable NIS/NIS+ related processes, if possible 'NISPLUS_SERVER=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/namesvrs"
regex : "^[\\s]*NISPLUS_SERVER\\s*="
expect : "^[\\s]*NISPLUS_SERVER\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.2 Disable NIS/NIS+ related processes, if possible 'NISPLUS_CLIENT=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/namesvrs"
regex : "^[\\s]*NISPLUS_CLIENT\\s*="
expect : "^[\\s]*NISPLUS_CLIENT\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.3 Disable printer daemons, if possible 'XPRINTSERVERS='"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/tps"
regex : "^[\\s]*XPRINTSERVERS\\s*="
expect : "^[\\s]*XPRINTSERVERS\\s*=\\s*($|''\\s*$)"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.3 Disable printer daemons, if possible 'LP=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/lp"
regex : "^[\\s]*LP\\s*="
expect : "^[\\s]*LP\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.4 Disable the CDE GUI login, if possible"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/desktop"
regex : "^[\\s]*DESKTOP\\s*="
expect : "^[\\s]*DESKTOP\\s*=\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.5 Disable email server, if possible 'SENDMAIL_SERVER=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/mailservs"
regex : "^[\\s]*SENDMAIL_SERVER\\s*="
expect : "^[\\s]*SENDMAIL_SERVER\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.5 Disable email server, if possible"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/var/spool/cron/crontabs/root"
regex : "^[\\s]*0\\s+\\*\\s+\\*\\s+\\*\\s+\\*\\s+\\/usr\\/lib\\/sendmail"
expect : "^[\\s]*0\\s+\\*\\s+\\*\\s+\\*\\s+\\*\\s+\\/usr\\/lib\\/sendmail\\s+-q"
system : "HP-UX"
type : FILE_CHECK_NOT
description : "1.3.6 Disable SNMP and OpenView Agents, if remote management or monitoring are not needed."
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/sbin/rc2.d/S570SnmpFddi"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.6 Disable SNMP and OpenView Agents, if remote management or monitoring are not needed. 'SNMP_HPUNIX_START=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/SnmpHpunix"
regex : "^[\\s]*SNMP_HPUNIX_START\\s*="
expect : "^[\\s]*SNMP_HPUNIX_START\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.6 Disable SNMP and OpenView Agents, if remote management or monitoring are not needed. 'SNMP_MASTER_START=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/SnmpMaster"
regex : "^[\\s]*SNMP_MASTER_START\\s*="
expect : "^[\\s]*SNMP_MASTER_START\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.6 Disable SNMP and OpenView Agents, if remote management or monitoring are not needed. 'SNMP_MIB2_START=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/SnmpMib2"
regex : "^[\\s]*SNMP_MIB2_START\\s*="
expect : "^[\\s]*SNMP_MIB2_START\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.6 Disable SNMP and OpenView Agents, if remote management or monitoring are not needed. 'SNMP_TRAPDEST_START=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/SnmpTrpDst"
regex : "^[\\s]*SNMP_TRAPDEST_START\\s*="
expect : "^[\\s]*SNMP_TRAPDEST_START\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.6 Disable SNMP and OpenView Agents, if remote management or monitoring are not needed. 'OSPFMIB=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/netdaemons"
regex : "^[\\s]*OSPFMIB\\s*="
expect : "^[\\s]*OSPFMIB\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.6 Disable SNMP and OpenView Agents, if remote management or monitoring are not needed. 'OPCAGT=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/opcagt"
regex : "^[\\s]*OPCAGT\\s*="
expect : "^[\\s]*OPCAGT\\s*=\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'START_SNAPLUS=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/snaplus2"
regex : "^[\\s]*START_SNAPLUS\\s*="
expect : "^[\\s]*START_SNAPLUS\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'START_SNANODE=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/snaplus2"
regex : "^[\\s]*START_SNANODE\\s*="
expect : "^[\\s]*START_SNANODE\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'START_SNAINETD=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/snaplus2"
regex : "^[\\s]*START_SNAINETD\\s*="
expect : "^[\\s]*START_SNAINETD\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'MROUTED=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/netdaemons"
regex : "^[\\s]*MROUTED\\s*="
expect : "^[\\s]*MROUTED\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'RWHOD=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/netdaemons"
regex : "^[\\s]*RWHOD\\s*="
expect : "^[\\s]*RWHOD\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'DDFA=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/netdaemons"
regex : "^[\\s]*DDFA\\s*="
expect : "^[\\s]*DDFA\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'START_RBOOTD=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/netdaemons"
regex : "^[\\s]*START_RBOOTD\\s*="
expect : "^[\\s]*START_RBOOTD\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'RARPD=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/netconf"
regex : "^[\\s]*RARPD\\s*="
expect : "^[\\s]*RARPD\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'RDPD=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/netconf"
regex : "^[\\s]*RDPD\\s*="
expect : "^[\\s]*RDPD\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'PTYDAEMON_START=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/ptydaemon"
regex : "^[\\s]*PTYDAEMON_START\\s*="
expect : "^[\\s]*PTYDAEMON_START\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'VTDAEMON_START=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/vt"
regex : "^[\\s]*VTDAEMON_START\\s*="
expect : "^[\\s]*VTDAEMON_START\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'NAMED=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/namesvrs"
regex : "^[\\s]*NAMED\\s*="
expect : "^[\\s]*NAMED\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'START_I4LMD=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/i4lmd"
regex : "^[\\s]*START_I4LMD\\s*="
expect : "^[\\s]*START_I4LMD\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'RUN_X_FONT_SERVER=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/xfs"
regex : "^[\\s]*RUN_X_FONT_SERVER\\s*="
expect : "^[\\s]*RUN_X_FONT_SERVER\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'AUDIO_SERVER=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/audio"
regex : "^[\\s]*AUDIO_SERVER\\s*="
expect : "^[\\s]*AUDIO_SERVER\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'SLSD_DAEMON=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/slsd"
regex : "^[\\s]*SLSD_DAEMON\\s*="
expect : "^[\\s]*SLSD_DAEMON\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'RUN_SAMBA=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/samba"
regex : "^[\\s]*RUN_SAMBA\\s*="
expect : "^[\\s]*RUN_SAMBA\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'RUN_CIFSCLIENT=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/cifsclient"
regex : "^[\\s]*RUN_CIFSCLIENT\\s*="
expect : "^[\\s]*RUN_CIFSCLIENT\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'NFS_SERVER=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/nfsconf"
regex : "^[\\s]*NFS_SERVER\\s*="
expect : "^[\\s]*NFS_SERVER\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'NFS_CLIENT=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/nfsconf"
regex : "^[\\s]*NFS_CLIENT\\s*="
expect : "^[\\s]*NFS_CLIENT\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'HPWS_APACHE_START=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/hpws_apacheconf"
regex : "^[\\s]*HPWS_APACHE_START\\s*="
expect : "^[\\s]*HPWS_APACHE_START\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.7 Disable rarely used standard boot services 'NFS_CORE=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/nfsconf"
regex : "^[\\s]*NFS_CORE\\s*="
expect : "^[\\s]*NFS_CORE\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.8 Only enable Windows-compatibility server processes if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/samba"
regex : "^[\\s]*RUN_SAMBA\\s*="
expect : "^[\\s]*RUN_SAMBA\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.9 Only enable Windows-compatibility client processes if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/cifsclient"
regex : "^[\\s]*RUN_CIFSCLIENT\\s*="
expect : "^[\\s]*RUN_CIFSCLIENT\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.10 Only enable NFS server processes if absolutely necessary"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/nfsconf"
regex : "^[\\s]*NFS_SERVER\\s*="
expect : "^[\\s]*NFS_SERVER\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.11 Only enable NFS client processes if absolutely necessary 'NFS_SERVER=0'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/nfsconf"
regex : "^[\\s]*NFS_SERVER\\s*="
expect : "^[\\s]*NFS_SERVER\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.11 Only enable NFS client processes if absolutely necessary 'NUM_NFSD=0'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/nfsconf"
regex : "^[\\s]*NUM_NFSD\\s*="
expect : "^[\\s]*NUM_NFSD\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.11 Only enable NFS client processes if absolutely necessary 'NUM_NFSIOD=0'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/nfsconf"
regex : "^[\\s]*NUM_NFSIOD\\s*="
expect : "^[\\s]*NUM_NFSIOD\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : CMD_EXEC
description : "Version"
cmd : "/usr/bin/uname -r"
expect : "11\.([01][0-9]|2[0-3])"
severity : HIGH
dont_echo_cmd: YES
system : "HP-UX"
type : FILE_CHECK_NOT
description : "1.3.12 Only enable RPC-based services if absolutely necessary (<= 11.23)"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/sbin/rc2.d/400nfs.core"
system : "HP-UX"
type : CMD_EXEC
description : "Version"
cmd : "/usr/bin/uname -r"
expect : "11\.(3[1-9])"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.12 Only enable RPC-based services if absolutely necessary (>= 11.31)"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/nfsconf"
regex : "^[\\s]*NFS_CORE\\s*="
expect : "^[\\s]*NFS_CORE\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.13 Only enable Web server if absolutely necessary 'NS_FTRACK=0'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/ns-ftrack"
regex : "^[\\s]*NS_FTRACK\\s*="
expect : "^[\\s]*NS_FTRACK\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.13 Only enable Web server if absolutely necessary 'APACHE_START=0'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/apacheconf"
regex : "^[\\s]*APACHE_START\\s*="
expect : "^[\\s]*APACHE_START\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.13 Only enable Web server if absolutely necessary 'HPWS_APACHE32_START=0'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/hpws_apache32conf"
regex : "^[\\s]*HPWS_APACHE32_START\\s*="
expect : "^[\\s]*HPWS_APACHE32_START\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.13 Only enable Web server if absolutely necessary 'HPWS_TOMCAT_START=0"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/hpws_tomcatconf"
regex : "^[\\s]*HPWS_TOMCAT_START\\s*="
expect : "^[\\s]*HPWS_TOMCAT_START\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.13 Only enable Web server if absolutely necessary 'HPWS_WEBMIN_START=0'"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/hpws_webminconf"
regex : "^[\\s]*HPWS_WEBMIN_START\\s*="
expect : "^[\\s]*HPWS_WEBMIN_START\\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : CMD_EXEC
description : "Version"
cmd : "/usr/bin/uname -r"
expect : "11\.([01][0-9]|2[0-3])"
severity : HIGH
dont_echo_cmd: YES
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.14 Only enable BIND DNS server if absolutely necessary (<=11.23)"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/namesvrs"
regex : "^[\\s]*NAMED\s*="
expect : "^[\\s]*NAMED\s*=\\s*0\\s*$"
file_required: NO
system : "HP-UX"
type : CMD_EXEC
description : "Version"
cmd : "/usr/bin/uname -r"
expect : "11\.(3[1-9])"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.3.14 Only enable BIND DNS server if absolutely necessary (>=11.31)"
info : "Scoring Status : Not Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : CIS recommends settings this to '1' 'only ... if absolutely necessary.' Assuming no need, this query expects a value of '0'."
file : "/etc/rc.config.d/namesvrs_dns"
regex : "^[\\s]*NAMED\s*="
expect : "^[\\s]*NAMED\s*=\\s*0\\s*$"
file_required : NO
system : "HP-UX"
type : CMD_EXEC
description : "Version"
cmd : "/usr/bin/uname -r"
expect : "11\.(2[3-9]|3[0-9])"
severity : HIGH
dont_echo_cmd: YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.1 Enable stack protection (>=11.23)"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/sbin/kctune -q executable_stack"
expect : "^[\\s]*executable_stack\\s+0\\s"
severity : HIGH
dont_echo_cmd: YES
system : "HP-UX"
type : CMD_EXEC
description : "Version"
cmd : "/usr/bin/uname -r"
expect : "11\.11"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.1 Enable stack protection (=11.11)"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/sbin/kmtune -q executable_stack"
expect : "^[\\s]*executable_stack\\s+0\\s"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.2 Network parameter modifications 'tcp_syn_rcvd_max=4096'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*tcp_syn_rcvd_max\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*(40([0-8][0-9]|9[0-6])|[1-3][0-9]{3}|[1-9][0-9]{0,2})\\s*$"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.2 Network parameter modifications 'arp_cleanup_interval=60000'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*arp_cleanup_interval\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*(60000|[1-5][0-9]{4}|[1-9][0-9]{0,3})\\s*$"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.2 Network parameter modifications 'ip_forward_src_routed=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*ip_forward_src_routed\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*0\\s*$"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.2 Network parameter modifications 'ip_forward_directed_broadcasts=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*ip_forward_directed_broadcasts\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*0\\s*$"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.2 Network parameter modifications 'ip_respond_to_timestamp=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*ip_respond_to_timestamp\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*0\\s*$"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.2 Network parameter modifications 'ip_respond_to_timestamp_broadcast=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*ip_respond_to_timestamp_broadcast\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*0\\s*$"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.2 Network parameter modifications 'ip_respond_to_address_mask_broadcast=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*ip_respond_to_address_mask_broadcast\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*0\\s*$"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.2 Network parameter modifications 'ip_respond_to_echo_broadcast=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*ip_respond_to_echo_broadcast\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*0\\s*$"
severity : HIGH
dont_echo_cmd : YES
type : FILE_CONTENT_CHECK
description : "1.4.3 Use more random TCP sequence numbers - S999tcpisn"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : This query requires the place holder value of RANDOM_STRING be replaced with the appropriate random string for your environment."
file : "/sbin/rc2.d/S999tcpisn"
regex : "^[\\s]*ndd\\s+-set\\s+\\/dev\\/tcp\\s+tcp_isn_passphrase\\s+"
#expect : "ndd\\s+-set\\s+\\/dev\\/tcp\\s+tcp_isn_passphrase\\s+@RANDOM_STRING@"
expect : "ndd\\s+-set\\s+\\/dev\\/tcp\\s+tcp_isn_passphrase\\s+\\$passphrase"
file_required : YES
type : FILE_CONTENT_CHECK
description : "1.4.3 Use more random TCP sequence numbers - S339tcpsin"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : This query requires the place holder value of RANDOM_STRING be replaced with the appropriate random string for your environment."
file : "/sbin/rc2.d/S339tcpisn"
regex : "^[\\s]*ndd\\s+-set\\s+\\/dev\\/tcp\\s+tcp_isn_passphrase\\s+"
#expect : "ndd\\s+-set\\s+\\/dev\\/tcp\\s+tcp_isn_passphrase\\s+@RANDOM_STRING@"
expect : "ndd\\s+-set\\s+\\/dev\\/tcp\\s+tcp_isn_passphrase\\s+\\$passphrase"
file_required : YES
description : "1.4.3 Use more random TCP sequence numbers"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : This query requires the place holder value of RANDOM_STRING be replaced with the appropriate random string for your environment."
description : "1.4.3 Use more random TCP sequence numbers"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : This query requires the place holder value of RANDOM_STRING be replaced with the appropriate random string for your environment."
system : "HP-UX"
type : CMD_EXEC
description : "1.4.4 Additional network parameter modifications 'ip_forwarding=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*ip_forwarding\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*0\\s*$"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "1.4.4 Additional network parameter modifications 'ip_send_redirects=0'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/bin/awk '/^[\\s]*NDD_NAME\\[[0-9]+\\]\\s*=\\s*ip_send_redirects\\s*$/,/^[\\s]*NDD_VALUE/' /etc/rc.config.d/nddconf"
expect : "^[\\s]*NDD_VALUE\\[[0-9]+\\]\\s*=\\s*0\\s*$"
severity : HIGH
dont_echo_cmd : YES
#-
# name : "find_world_writeable_directories"
# description : "1.5.1 Set Sticky Bit on World Writable Directories"
# info : "Level : 1"
# info : "Scoring Status : Scorable"
# see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
#
#-
# name : "find_world_writeable_files"
# description : "1.5.2 Secure unauthorized world-writable files and SUID/SGID executables 'world writable'"
# info : "Level : 1"
# info : "Scoring Status : "
# see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
#
#-
# name : "find_suid_sgid_files"
# description : "1.5.2 Secure unauthorized world-writable files and SUID/SGID executables 'SUID/SGID'"
# info : "Level : 1"
# info : "Scoring Status : "
# see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
#
#-
# name : "find_orphan_files"
# description : "1.5.3 Resolve 'unowned' files and directories"
# info : "Level : 1"
# info : "Scoring Status : Scorable"
# see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
#
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.6.1 Enable Hidden Passwords '/etc/passwd'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[a-zA-Z0-9_-]+:[^*].[^:]*:"
expect : "^[a-zA-Z0-9_-]+:[^*].[^:]*:"
system : "HP-UX"
type : FILE_CHECK
description : "1.6.1 Enable Hidden Passwords '/etc/shadow'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/shadow"
-
name : "admin_accounts_in_ftpusers"
description : "1.6.2 Restrict users who can access to FTP 'users'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
system : "HP-UX"
type : FILE_CHECK
description : "1.6.2 Restrict users who can access to FTP '/etc/ftpd/ftpusers'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/ftpd/ftpusers"
owner : "bin"
group : "bin"
mask : "7177"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.6.3 Prevent Syslog from accepting messages from the network"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/syslogd"
regex : "^[\\s]*SYSLOGD_OPTS\\s*="
expect : "SYSLOGD_OPTS\\s*=.*-N.*[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.6.4 Disable XDMCP port"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/dt/config/Xconfig"
regex : "^[\\s]*Dtlogin\.requestPort\\s*:"
expect : "Dtlogin\.requestPort\\s*:\\s*0\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.6.5 Set default locking screensaver timeout 'saverTimeout=15'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/usr/dt/config/*/sys.resources"
regex : "^[\\s]*dtsession\\*saverTimeout\\s*:"
expect : "dtsession\\*saverTimeout\\s*:\\s*15\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.6.5 Set default locking screensaver timeout 'lockTimeout=15'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/usr/dt/config/*/sys.resources"
regex : "^[\\s]*dtsession\\*lockTimeout\\s*:"
expect : "dtsession\\*lockTimeout\\s*:\\s*15\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.6.6 Configure IPFilter to allow only select communication 'block in all'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/ipf/ipf.conf"
regex : "^[\\s]*block\\s+in\\s"
expect : "block\\s+in\\s+all\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.6.6 Configure IPFilter to allow only select communication 'pass in from /'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : Customize the variable IPFILTER_ALLOWED_NETWORK_1 to match the target environment."
info : "This query should be repeated for each allowed network, with the text of the 'description' line modified to match the target string."
file : "/etc/opt/ipf/ipf.conf"
regex : "^[\\s]*pass\\s+in\\s+from\\s"
expect : "pass\\s+in\\s+from\\s+@IPFILTER_ALLOWED_NETWORK_1@\\s*$"
system : "HP-UX"
type : FILE_CHECK_NOT
description : "1.6.7 Restrict at/cron to authorized users '!cron.deny'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/var/adm/cron/cron.deny"
system : "HP-UX"
type : FILE_CHECK_NOT
description : "1.6.7 Restrict at/cron to authorized users '!at.deny'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/var/adm/cron/at.deny"
type : GRAMMAR_CHECK
description : "1.6.7 Restrict at/cron to authorized users 'at.allow, root'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/var/adm/cron/at.allow"
regex : "^[\\s]*root\\s*$"
type : GRAMMAR_CHECK
description : "1.6.7 Restrict at/cron to authorized users 'cron.allow, root'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/var/adm/cron/cron.allow"
regex : "^[\\s]*root\\s*$"
system : "HP-UX"
type : FILE_CHECK
description : "1.6.7 Restrict at/cron to authorized users 'cron.allow'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/var/adm/cron/cron.allow"
owner : "root"
group : "sys"
mask : "7377"
system : "HP-UX"
type : FILE_CHECK
description : "1.6.7 Restrict at/cron to authorized users 'at.allow'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/var/adm/cron/at.allow"
owner : "root"
group : "sys"
mask : "7377"
type : FILE_CHECK
description : "1.6.8 Restrict crontab file permissions"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/var/spool/cron/crontabs/*"
mask : "7077"
owner : "root"
group : "sys"
type : GRAMMAR_CHECK
description : "1.6.9 Restrict root logins to system console 'root'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/securetty"
regex : "^[\\s]*console\\s*$"
type : FILE_CHECK
description : "1.6.9 Restrict root logins to system console '/etc/securetty'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/securetty"
mask : "7077"
owner : "root"
group : "sys"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.6.11 Disable nobody access for secure RPC"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/namesvrs"
regex : "^[\\s]*KEYSERV_OPTIONS\\s*="
expect : "KEYSERV_OPTIONS\\s*=.*-d.*[\"]\\s*$"
description : "1.7.1 Enable kernel-level auditing"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : Nessus has not performed this query, and this check is only provided for informational purposes."
info : "NOTE : CIS recommends running :"
info : " /opt/sec_mgmt/bastille/bin/bastille --assessnobrowser"
info : "and using 'the Systems Management Homepage (SMH) facility to configure and enable the type and level of auditing appropriate for"
info : "your environment.'"
type : FILE_CONTENT_CHECK
description : "1.7.2 Enable logging from inetd"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/rc.config.d/netdaemons"
regex : "^[\\s]*INETD_ARGS\\s*="
expect : "INETD_ARGS\\s*=\\s*-l\\s*$"
type : FILE_CONTENT_CHECK
description : "1.7.3 Turn on additional logging for FTP daemon"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[^#].*/usr/lbin/ftpd\\s"
expect : "\\sftpd\\s(-L\\s+-l|-l\\s+-L)"
string_required : NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'www'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*www:"
expect : "www:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'sys'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*sys:"
expect : "sys:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'smbnull'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*smbnull:"
expect : "smbnull:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'iwww'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*iwww:"
expect : "iwww:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'owww'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*owww:"
expect : "owww:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'sshd'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*sshd:"
expect : "sshd:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'hpsmh'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*hpsmh:"
expect : "hpsmh:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'named'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*named:"
expect : "named:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'uucp'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*uucp:"
expect : "uucp:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'nuucp'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*nuucp:"
expect : "nuucp:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'adm'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*adm:"
expect : "adm:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'daemon'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*daemon:"
expect : "daemon:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'bin'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*bin:"
expect : "bin:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'lp'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*lp:"
expect : "lp:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'nobody'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*nobody:"
expect : "nobody:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'noaccess'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*noaccess:"
expect : "noaccess:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'hpdb'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*hpdb:"
expect : "hpdb:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.1 Block system accounts 'useradm'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*useradm:"
expect : "useradm:\\*:[^:]*:[^:]*:[^:]*:[^:]*:\\/bin\\/false"
string_required:NO
type : CMD_EXEC
description : "1.8.2 Verify that there are no accounts with empty password fields"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/sbin/logins -p 2>&1 | /usr/bin/wc -l"
expect : "0"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : FILE_CHECK_NOT
description : "Non-trusted system test"
file : "/tcb/files/auth/system/default"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.6.10 Set retry limit for account lockout 'AUTH_MAXTRIES=3' (non-trusted)"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*AUTH_MAXTRIES\\s*="
expect : "AUTH_MAXTRIES\\s*=\\s*([1-9]|3)\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.3 Set account expiration parameters on active accounts 'PASSWORD_MAXDAYS=60'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*PASSWORD_MAXDAYS\\s*="
expect : "PASSWORD_MAXDAYS\\s*=\\s*(6[0]|[1-8][0-9]|[1-9])\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.3 Set account expiration parameters on active accounts 'PASSWORD_MINDAYS=1'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*PASSWORD_MINDAYS\\s*="
expect : "PASSWORD_MINDAYS\\s*=\\s*(90|[1-8][0-9]|[7-9])\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.3 Set account expiration parameters on active accounts 'PASSWORD_WARNDAYS=14'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*PASSWORD_WARNDAYS\\s*="
expect : "PASSWORD_WARNDAYS\\s*=\\s*(90|[3-8][0-9]|2[89])\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.4 Set strong password enforcement policies 'MIN_PASSORD_LENGTH=8'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*MIN_PASSORD_LENGTH\\s*="
expect : "^[\\s]*MIN_PASSORD_LENGTH\\s*=\\s*(1[0-9]|[7-9])\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.4 Set strong password enforcement policies 'PASSWORD_HISTORY_DEPTH=24'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*PASSWORD_HISTORY_DEPTH\\s*="
expect : "^[\\s]*PASSWORD_HISTORY_DEPTH\\s*=\\s*([13][0-9])\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.4 Set strong password enforcement policies 'PASSWORD_MIN_UPPER_CASE_CHARS=1'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*PASSWORD_MIN_UPPER_CASE_CHARS\\s*="
expect : "^[\\s]*PASSWORD_MIN_UPPER_CASE_CHARS\\s*=\\s*([1-9])\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.4 Set strong password enforcement policies 'PASSWORD_MIN_DIGIT_CHARS=1'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*PASSWORD_MIN_DIGIT_CHARS\\s*="
expect : "^[\\s]*PASSWORD_MIN_DIGIT_CHARS\\s*=\\s*([1-9])\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.4 Set strong password enforcement policies 'PASSWORD_MIN_SPECIAL_CHARS=1'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*PASSWORD_MIN_SPECIAL_CHARS\\s*="
expect : "^[\\s]*PASSWORD_MIN_SPECIAL_CHARS\\s*=\\s*([1-9])\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.8.4 Set strong password enforcement policies 'PASSWORD_MIN_LOWER_CASE_CHARS=1'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*PASSWORD_MIN_LOWER_CASE_CHARS\\s*="
expect : "^[\\s]*PASSWORD_MIN_LOWER_CASE_CHARS\\s*=\\s*([1-9])\\s*$"
system : "HP-UX"
type : CMD_EXEC
description : "1.8.3 Set account expiration parameters on active accounts 'exptm=90'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/lbin/getprdef -m exptm 2>&1"
expect : "exptm=(90|[1-8][0-9]|[1-9])"
severity : HIGH
dont_echo_cmd: YES
system : "HP-UX"
type : CMD_EXEC
description : "1.8.3 Set account expiration parameters on active accounts 'mintm=7'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/lbin/getprdef -m mintm 2>&1"
expect : "mintm=([1-3][0-9]|[7-9])"
severity : HIGH
dont_echo_cmd: YES
system : "HP-UX"
type : CMD_EXEC
description : "1.8.3 Set account expiration parameters on active accounts 'expwarn=30 '"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/lbin/getprdef -m expwarn 2>&1"
expect : "expwarn=([34][0-9])"
severity : HIGH
dont_echo_cmd: YES
system : "HP-UX"
type : CMD_EXEC
description : "1.8.4 Set strong password enforcement policies 'nullpw=NO'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/lbin/getprdef -m nullpw 2>&1"
expect : "nullpw=NO"
severity : HIGH
dont_echo_cmd: YES
system : "HP-UX"
type : CMD_EXEC
description : "1.8.4 Set strong password enforcement policies 'rstrpw=YES'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/lbin/getprdef -m rstrpw 2>&1"
expect : "rstrpw=YES"
severity : HIGH
dont_echo_cmd: YES
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.6.10 Set retry limit for account lockout 'AUTH_MAXTRIES=3' (trusted)"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*AUTH_MAXTRIES\\s*="
expect : "AUTH_MAXTRIES\\s*=\\s*([1-3]|3)\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.8.5 Verify no legacy '+' entries exist in passwd and group files '/etc/passwd'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/passwd"
regex : "^[\\s]*\\+:"
expect : "^[\\s]*\\+:"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "1.8.5 Verify no legacy '+' entries exist in passwd and group files '/etc/group'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/group"
regex : "^[\\s]*\\+:"
expect : "^[\\s]*\\+:"
-
name : "dot_in_root_path_variable"
description : "1.8.6 No '.' or group/world-writable directory in root $PATH"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
-
name : "accounts_bad_home_permissions"
description : "1.8.7 Secure user home directories"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
mask : "7027"
-
name : "home_dir_localization_files_user_check"
description : "1.8.8 No user dot-files should be group/world writable"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
mask : "7022"
system : "HP-UX"
type : FILE_CHECK_NOT
description : "1.8.9 Remove user .netrc, .rhosts and .shosts files '.netrc'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "~/.netrc"
system : "HP-UX"
type : FILE_CHECK_NOT
description : "1.8.9 Remove user .netrc, .rhosts and .shosts files '.rhosts'"
info : "Level : 1"
info : "Scoring Status : Scorable"
file : "~/.rhosts"
system : "HP-UX"
type : FILE_CHECK_NOT
description : "1.8.9 Remove user .netrc, .rhosts and .shosts files '.shosts'"
info : "Level : 1"
info : "Scoring Status : Scorable"
file : "~/.shosts"
system : "HP-UX"
type : FILE_CHECK
description : "1.8.10 Set default umask for users '/etc/profile'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/profile"
regex : "^[\\s]*umask\\s*="
expect : "umask\\s*=\\s*077\\s*$"
system : "HP-UX"
type : FILE_CHECK
description : "1.8.10 Set default umask for users '/etc/csh.login'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/csh.login"
regex : "^[\\s]*umask\\s*="
expect : "umask\\s*=\\s*077\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CHECK
description : "1.8.10 Set default umask for users '/etc/d.profile'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/d.profile"
regex : "^[\\s]*umask\\s*="
expect : "umask\\s*=\\s*077\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CHECK
description : "1.8.10 Set default umask for users '/etc/d.login'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/d.login"
regex : "^[\\s]*umask\\s*="
expect : "umask\\s*=\\s*077\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CHECK
description : "1.8.10 Set default umask for users '/etc/default/security'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/default/security"
regex : "^[\\s]*UMASK\\s*="
expect : "UMASK\\s*=\\s*077\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CHECK
description : "1.8.11 Set 'mesg n' as default for all users '/etc/profile'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/profile"
regex : "^[\\s]*mesg\\s"
expect : "mesg\\s+n\\s*$"
system : "HP-UX"
type : FILE_CHECK
description : "1.8.11 Set 'mesg n' as default for all users '/etc/csh.login'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/csh.login"
regex : "^[\\s]*mesg\\s"
expect : "mesg\\s+n\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CHECK
description : "1.8.11 Set 'mesg n' as default for all users '/etc/d.profile'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/d.profile"
regex : "^[\\s]*mesg\\s"
expect : "mesg\\s+n\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CHECK
description : "1.8.11 Set 'mesg n' as default for all users '/etc/d.login'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/d.login"
regex : "^[\\s]*mesg\\s"
expect : "mesg\\s+n\\s*$"
file_required : NO
type : FILE_CONTENT_CHECK
description : "1.9.1 Create warning banners for terminal-session logins '/etc/motd content'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/motd"
regex : "[aA][uU][tT][hH][oO][rR][iI][zZ][eE][dD]\\s+[uU][sS][eE][rR][sS]\\s+[oO][nN][lL][yY]\.\\s+[aA][lL][lL]\\s+[aA][cC][tT][iI][vV][iI][tT][yY]\\s+[mM][aA][yY]\\s+[bB][eE]\\s+[mM][oO][nN][iI][tT][oO][rR][eE][dD]\\s+[aA][nN][dD]\\s+[rR][eE][pP][oO][rR][tT][eE][dD]\."
expect : "[aA][uU][tT][hH][oO][rR][iI][zZ][eE][dD]\\s+[uU][sS][eE][rR][sS]\\s+[oO][nN][lL][yY]\.\\s+[aA][lL][lL]\\s+[aA][cC][tT][iI][vV][iI][tT][yY]\\s+[mM][aA][yY]\\s+[bB][eE]\\s+[mM][oO][nN][iI][tT][oO][rR][eE][dD]\\s+[aA][nN][dD]\\s+[rR][eE][pP][oO][rR][tT][eE][dD]\."
type : FILE_CONTENT_CHECK
description : "1.9.1/1.9.3 Create warning banners for terminal-session logins and ftp daemon '/etc/issue content'"
info : "1.9.1 Create warning banners for terminal-session logins"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : ""
info : "1.9.3 Create warning banners for FTP daemon"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/issue"
regex : "[aA][uU][tT][hH][oO][rR][iI][zZ][eE][dD]\\s+[uU][sS][eE][rR][sS]\\s+[oO][nN][lL][yY]\.\\s+[aA][lL][lL]\\s+[aA][cC][tT][iI][vV][iI][tT][yY]\\s+[mM][aA][yY]\\s+[bB][eE]\\s+[mM][oO][nN][iI][tT][oO][rR][eE][dD]\\s+[aA][nN][dD]\\s+[rR][eE][pP][oO][rR][tT][eE][dD]\."
expect : "[aA][uU][tT][hH][oO][rR][iI][zZ][eE][dD]\\s+[uU][sS][eE][rR][sS]\\s+[oO][nN][lL][yY]\.\\s+[aA][lL][lL]\\s+[aA][cC][tT][iI][vV][iI][tT][yY]\\s+[mM][aA][yY]\\s+[bB][eE]\\s+[mM][oO][nN][iI][tT][oO][rR][eE][dD]\\s+[aA][nN][dD]\\s+[rR][eE][pP][oO][rR][tT][eE][dD]\."
type : FILE_CHECK
description : "1.9.1 Create warning banners for terminal-session logins '/etc/motd perms'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/motd"
mask : "7133"
owner : "root"
group : "sys"
type : FILE_CHECK
description : "1.9.1 Create warning banners for terminal-session logins '/etc/issue perms'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/issue"
mask : "7133"
owner : "root"
group : "root"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.9.2 Create warning banners for GUI logins 'Dtlogin*greeting.labelString:'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : Customize the variable BANNER to match the target environment."
file : "/etc/dt/config/*/Xresources"
regex : "^[\\s]*Dtlogin\\*greeting\.labelString:"
expect : "Dtlogin\\*greeting\.labelString:\\s*@BANNER@\\s*$"
file_required : YES
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.9.2 Create warning banners for GUI logins 'Dtlogin*greeting.persLabelString'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : Customize the variable PERS_BANNER to match the target environment."
file : "/etc/dt/config/*/Xresources"
regex : "^[\\s]*Dtlogin\\*greeting\.persLabelString:"
expect : "Dtlogin\\*greeting\.persLabelString:\\s*@PERS_BANNER@\\s*$"
file_required : YES
system : "HP-UX"
type : FILE_CHECK
description : "1.9.2 Create warning banners for GUI logins 'Xresources perms'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/dt/config/*/Xresources"
mask : "133"
owner : "root"
group : "sys"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "1.9.3 Create warning banners for FTP daemon '/etc/ftpd/ftpaccess banner'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/ftpd/ftpaccess"
regex : "^[\\s]*banner\\s"
expect : "banner\\s+\\/etc\\/issue\\s*$"
file_required : NO
system : "HP-UX"
type : FILE_CHECK
description : "1.9.3 Create warning banners for FTP daemon '/etc/ftpd perms'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/ftpd"
owner : "root"
group : "sys"
required : NO
system : "HP-UX"
type : FILE_CHECK
description : "1.9.3 Create warning banners for FTP daemon '/etc/ftpd/ftpaccess perms'"
info : "Level : 1"
info : "Scoring Status : Scorable"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/ftpd/ftpaccess"
mask : "177"
owner : "root"
group : "sys"
required : NO
description : "SN.1 Enable process accounting on bootup"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : Nessus has not performed this query, and this check is only provided for informational purposes."
info : "NOTE : CIS recommends installing Nagios or using HP-UX Capacity Advisor."
system : "HP-UX"
type : CMD_EXEC
description : "SN.2 Create symlinks for dangerous files '.rhosts'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/bin/file -h /.rhosts"
expect : "\.rhosts:\\s+symbolic\\s+link\\s+to\\s+\\/dev\\/null"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "SN.2 Create symlinks for dangerous files '.shosts'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/bin/file -h /.shosts"
expect : "\.rhosts:\\s+symbolic\\s+link\\s+to\\s+\\/dev\\/null"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "SN.2 Create symlinks for dangerous files '/etc/hosts.equiv'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/bin/file -h /etc/hosts.equiv"
expect : "\.rhosts:\\s+symbolic\\s+link\\s+to\\s+\\/dev\\/null"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "SN.2 Create symlinks for dangerous files '.netrc'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/bin/file -h /.netrc"
expect : "\.rhosts:\\s+symbolic\\s+link\\s+to\\s+\\/dev\\/null"
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "SN.3 ob体育 systems are mounted either 'ro' or 'nosuid' '/stand'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/fstab"
regex : "^[\\s]*.[^\\s]*\\s+\\/stand\\s"
expect : "^[\\s]*.[^\\s]*\\s+\\/stand\\s+.[^\\s]*\\s+.[^\\s]*,nosuid\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "SN.3 ob体育 systems are mounted either 'ro' or 'nosuid' '/tmp'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/fstab"
regex : "^[\\s]*.[^\\s]*\\s+\\/tmp\\s"
expect : "^[\\s]*.[^\\s]*\\s+\\/tmp\\s+.[^\\s]*\\s+.[^\\s]*,nosuid\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "SN.3 ob体育 systems are mounted either 'ro' or 'nosuid' '/home'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/fstab"
regex : "^[\\s]*.[^\\s]*\\s+\\/home\\s"
expect : "^[\\s]*.[^\\s]*\\s+\\/home\\s+.[^\\s]*\\s+.[^\\s]*,nosuid\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "SN.3 ob体育 systems are mounted either 'ro' or 'nosuid' '/opt'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/fstab"
regex : "^[\\s]*.[^\\s]*\\s+\\/opt\\s"
expect : "^[\\s]*.[^\\s]*\\s+\\/opt\\s+.[^\\s]*\\s+ro\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "SN.3 ob体育 systems are mounted either 'ro' or 'nosuid' '/var'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/fstab"
regex : "^[\\s]*.[^\\s]*\\s+\\/var\\s"
expect : "^[\\s]*.[^\\s]*\\s+\\/var\\s+.[^\\s]*\\s+.[^\\s]*,nosuid\\s"
system : "HP-UX"
type : FILE_CONTENT_CHECK_NOT
description : "SN.4 inetd content check"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/inetd.conf"
regex : "^[\\s]*[a-zA-Z1-9]+"
expect : ".*"
system : "HP-UX"
type : FILE_CHECK_NOT
description : "SN.4 Disable inetd, if possible '/sbin/rc2.d/S500inetd'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/sbin/rc2.d/S500inetd"
system : "HP-UX"
type : FILE_CHECK
description : "SN.4 Disable inetd, if possible '/sbin/rc2.d/.NOS500inetd'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/sbin/rc2.d/.NOS500inetd"
description : "SN.4 Disable inetd, if possible"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : /etc/inetd.conf was not found empty; SN.4 should not apply."
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "SN.5 Change default greeting string for Sendmail"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/mail/sendmail.cf"
regex : "^O SmtpGreetingMessage\\s*="
expect : "^O SmtpGreetingMessage\\s*=\\s*mailer\\s+ready\\s*$"
system : "HP-UX"
type : FILE_CHECK
description : "SN.6 Install and configure sudo"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/usr/bin/sudo"
required : YES
system : "HP-UX"
type : CMD_EXEC
description : "SN.7 Remove Compilers 'gcc'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/sbin/swlist | /usr/bin/grep ^\ *gcc"
expect : ""
severity : HIGH
dont_echo_cmd : YES
system : "HP-UX"
type : CMD_EXEC
description : "SN.7 Remove Compilers 'aCC'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
cmd : "/usr/sbin/swlist | /usr/bin/grep ^\ *HP-ACC-Link"
expect : ""
severity : HIGH
dont_echo_cmd : YES
-
name : "passwd_zero_uid"
description : "SN.8 Verify that no UID 0 accounts exist other than root"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "SN.9 Configure inetd security 'kshell allow'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : Customize the variable INETD_ALLOWED_NETWORK_1 to match the target environment."
info : "NOTE : This query should be repeated for each netblock in use, for each service listed in /etc/inetd.conf ."
file : "/var/adm/inetd.sec"
regex : "^[\\s]*kshell\\s+allow\\s"
expect : "kshell\\s+allow\\s+@INETD_ALLOWED_NETWORK_1@\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "SN.9 Configure inetd security 'kshell deny'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
info : "NOTE : This query should be repeated for each service listed in /etc/inetd.conf ."
file : "/var/adm/inetd.sec"
regex : "^[\\s]*kshell\\s+deny"
expect : "kshell\\s+deny\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.ABORT_LOGIN_ON_MISSING_HOMEDIR=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.ABORT_LOGIN_ON_MISSING_HOMEDIR\\s*=\\s*"
expect : "AccountSecurity.ABORT_LOGIN_ON_MISSING_HOMEDIR\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.MIN_PASSWORD_LENGTH=7'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.MIN_PASSWORD_LENGTH\\s*=\\s*"
expect : "AccountSecurity.MIN_PASSWORD_LENGTH\\s*=\\s*[\"]7[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.NOLOGIN=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.NOLOGIN\\s*=\\s*"
expect : "AccountSecurity.NOLOGIN\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.NUMBER_OF_LOGINS_ALLOWEDyn=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.NUMBER_OF_LOGINS_ALLOWEDyn\\s*=\\s*"
expect : "AccountSecurity.NUMBER_OF_LOGINS_ALLOWEDyn\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.PASSWORD_HISTORY_DEPTH=10'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.PASSWORD_HISTORY_DEPTH\\s*=\\s*"
expect : "AccountSecurity.PASSWORD_HISTORY_DEPTH\\s*=\\s*[\"]10[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.PASSWORD_HISTORY_DEPTHyn=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.PASSWORD_HISTORY_DEPTHyn\\s*=\\s*"
expect : "AccountSecurity.PASSWORD_HISTORY_DEPTHyn\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.PASSWORD_MAXDAYS=91'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.PASSWORD_MAXDAYS\\s*=\\s*"
expect : "AccountSecurity.PASSWORD_MAXDAYS\\s*=\\s*[\"]91[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.PASSWORD_MINDAYS=7'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.PASSWORD_MINDAYS\\s*=\\s*"
expect : "AccountSecurity.PASSWORD_MINDAYS\\s*=\\s*[\"]7[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.PASSWORD_WARNDAYS=28'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.PASSWORD_WARNDAYS\\s*=\\s*"
expect : "AccountSecurity.PASSWORD_WARNDAYS\\s*=\\s*[\"]28[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.SU_DEFAULT_PATHyn=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.SU_DEFAULT_PATHyn\\s*=\\s*"
expect : "AccountSecurity.SU_DEFAULT_PATHyn\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.atuser=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.atuser\\s*=\\s*"
expect : "AccountSecurity.atuser\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.block_system_accounts=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.block_system_accounts\\s*=\\s*"
expect : "AccountSecurity.block_system_accounts\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.create_securetty=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.create_securetty\\s*=\\s*"
expect : "AccountSecurity.create_securetty\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.crontabs_file=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.crontabs_file\\s*=\\s*"
expect : "AccountSecurity.crontabs_file\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.cronuser=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.cronuser\\s*=\\s*"
expect : "AccountSecurity.cronuser\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.gui_login=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.gui_login\\s*=\\s*"
expect : "AccountSecurity.gui_login\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.hidepasswords=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.hidepasswords\\s*=\\s*"
expect : "AccountSecurity.hidepasswords\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.lock_account_nopasswd=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.lock_account_nopasswd\\s*=\\s*"
expect : "AccountSecurity.lock_account_nopasswd\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.mesgn=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.mesgn\\s*=\\s*"
expect : "AccountSecurity.mesgn\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.passwordpolicies=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.passwordpolicies\\s*=\\s*"
expect : "AccountSecurity.passwordpolicies\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.restrict_home=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.restrict_home\\s*=\\s*"
expect : "AccountSecurity.restrict_home\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.root_path=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.root_path\\s*=\\s*"
expect : "AccountSecurity.root_path\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.serial_port_login=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.serial_port_login\\s*=\\s*"
expect : "AccountSecurity.serial_port_login\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.single_user_password=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.single_user_password\\s*=\\s*"
expect : "AccountSecurity.single_user_password\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.system_auditing=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.system_auditing\\s*=\\s*"
expect : "AccountSecurity.system_auditing\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.umask=077'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.umask\\s*=\\s*"
expect : "AccountSecurity.umask\\s*=\\s*[\"]077[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.umaskyn=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.umaskyn\\s*=\\s*"
expect : "AccountSecurity.umaskyn\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.unowned_files=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.unowned_files\\s*=\\s*"
expect : "AccountSecurity.unowned_files\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.user_dot_files=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.user_dot_files\\s*=\\s*"
expect : "AccountSecurity.user_dot_files\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'AccountSecurity.user_rc_files=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*AccountSecurity.user_rc_files\\s*=\\s*"
expect : "AccountSecurity.user_rc_files\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'Apache.chrootapache=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*Apache.chrootapache\\s*=\\s*"
expect : "Apache.chrootapache\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'Apache.deactivate_hpws_apache=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*Apache.deactivate_hpws_apache\\s*=\\s*"
expect : "Apache.deactivate_hpws_apache\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'DNS.chrootbind=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*DNS.chrootbind\\s*=\\s*"
expect : "DNS.chrootbind\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'FTP.ftpusers=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*FTP.ftpusers\\s*=\\s*"
expect : "FTP.ftpusers\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'ob体育Permissions.world_writeable=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*ob体育Permissions.world_writeable\\s*=\\s*"
expect : "ob体育Permissions.world_writeable\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'HP_UX.gui_banner=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*HP_UX.gui_banner\\s*=\\s*"
expect : "HP_UX.gui_banner\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'HP_UX.mail_config=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*HP_UX.mail_config\\s*=\\s*"
expect : "HP_UX.mail_config\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'HP_UX.ndd=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*HP_UX.ndd\\s*=\\s*"
expect : "HP_UX.ndd\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'HP_UX.other_tools=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*HP_UX.other_tools\\s*=\\s*"
expect : "HP_UX.other_tools\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'HP_UX.restrict_swacls=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*HP_UX.restrict_swacls\\s*=\\s*"
expect : "HP_UX.restrict_swacls\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'HP_UX.scan_ports=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*HP_UX.scan_ports\\s*=\\s*"
expect : "HP_UX.scan_ports\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'HP_UX.screensaver_timeout=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*HP_UX.screensaver_timeout\\s*=\\s*"
expect : "HP_UX.screensaver_timeout\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'HP_UX.stack_execute=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*HP_UX.stack_execute\\s*=\\s*"
expect : "HP_UX.stack_execute\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'HP_UX.tcp_isn=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*HP_UX.tcp_isn\\s*=\\s*"
expect : "HP_UX.tcp_isn\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'IPFilter.configure_ipfilter=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*IPFilter.configure_ipfilter\\s*=\\s*"
expect : "IPFilter.configure_ipfilter\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.configure_ssh=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.configure_ssh\\s*=\\s*"
expect : "MiscellaneousDaemons.configure_ssh\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.diagnostics_localonly=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.diagnostics_localonly\\s*=\\s*"
expect : "MiscellaneousDaemons.diagnostics_localonly\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.disable_bind=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.disable_bind\\s*=\\s*"
expect : "MiscellaneousDaemons.disable_bind\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.disable_ptydaemon=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.disable_ptydaemon\\s*=\\s*"
expect : "MiscellaneousDaemons.disable_ptydaemon\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.disable_pwgrd=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.disable_pwgrd\\s*=\\s*"
expect : "MiscellaneousDaemons.disable_pwgrd\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.disable_rbootd=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.disable_rbootd\\s*=\\s*"
expect : "MiscellaneousDaemons.disable_rbootd\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.disable_smbclient=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.disable_smbclient\\s*=\\s*"
expect : "MiscellaneousDaemons.disable_smbclient\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.disable_smbserver=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.disable_smbserver\\s*=\\s*"
expect : "MiscellaneousDaemons.disable_smbserver\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.nfs_client=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.nfs_client\\s*=\\s*"
expect : "MiscellaneousDaemons.nfs_client\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.nfs_core=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.nfs_core\\s*=\\s*"
expect : "MiscellaneousDaemons.nfs_core\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.nfs_server=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.nfs_server\\s*=\\s*"
expect : "MiscellaneousDaemons.nfs_server\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.nis_client=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.nis_client\\s*=\\s*"
expect : "MiscellaneousDaemons.nis_client\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.nis_server=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.nis_server\\s*=\\s*"
expect : "MiscellaneousDaemons.nis_server\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.nisplus_client=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.nisplus_client\\s*=\\s*"
expect : "MiscellaneousDaemons.nisplus_client\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.nisplus_server=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.nisplus_server\\s*=\\s*"
expect : "MiscellaneousDaemons.nisplus_server\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.nobody_secure_rpc=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.nobody_secure_rpc\\s*=\\s*"
expect : "MiscellaneousDaemons.nobody_secure_rpc\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.snmpd=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.snmpd\\s*=\\s*"
expect : "MiscellaneousDaemons.snmpd\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.syslog_localonly=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.syslog_localonly\\s*=\\s*"
expect : "MiscellaneousDaemons.syslog_localonly\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'MiscellaneousDaemons.xaccess=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*MiscellaneousDaemons.xaccess\\s*=\\s*"
expect : "MiscellaneousDaemons.xaccess\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'Patches.spc_cron_run'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*Patches.spc_cron_run\\s*=\\s*"
expect : "Patches.spc_cron_run\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'Patches.spc_proxy_yn=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*Patches.spc_proxy_yn\\s*=\\s*"
expect : "Patches.spc_proxy_yn\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'Patches.spc_run=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*Patches.spc_run\\s*=\\s*"
expect : "Patches.spc_run\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'Printing.printing=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*Printing.printing\\s*=\\s*"
expect : "Printing.printing\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.banners=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.banners\\s*=\\s*"
expect : "SecureInetd.banners\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_bootp=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_bootp\\s*=\\s*"
expect : "SecureInetd.deactivate_bootp\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_builtin=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_builtin\\s*=\\s*"
expect : "SecureInetd.deactivate_builtin\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_dttools=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_dttools\\s*=\\s*"
expect : "SecureInetd.deactivate_dttools\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_finger=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_finger\\s*=\\s*"
expect : "SecureInetd.deactivate_finger\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_ftp=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_ftp\\s*=\\s*"
expect : "SecureInetd.deactivate_ftp\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_ident=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_ident\\s*=\\s*"
expect : "SecureInetd.deactivate_ident\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_ktools=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_ktools\\s*=\\s*"
expect : "SecureInetd.deactivate_ktools\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_ntalk=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_ntalk\\s*=\\s*"
expect : "SecureInetd.deactivate_ntalk\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_printer=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_printer\\s*=\\s*"
expect : "SecureInetd.deactivate_printer\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_recserv=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_recserv\\s*=\\s*"
expect : "SecureInetd.deactivate_recserv\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_rquotad=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_rquotad\\s*=\\s*"
expect : "SecureInetd.deactivate_rquotad\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_rtools=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_rtools\\s*=\\s*"
expect : "SecureInetd.deactivate_rtools\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_swat=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_swat\\s*=\\s*"
expect : "SecureInetd.deactivate_swat\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_telnet=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_telnet\\s*=\\s*"
expect : "SecureInetd.deactivate_telnet\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_tftp=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_tftp\\s*=\\s*"
expect : "SecureInetd.deactivate_tftp\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_time=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_time\\s*=\\s*"
expect : "SecureInetd.deactivate_time\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.deactivate_uucp=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.deactivate_uucp\\s*=\\s*"
expect : "SecureInetd.deactivate_uucp\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.ftp_logging=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.ftp_logging\\s*=\\s*"
expect : "SecureInetd.ftp_logging\\s*=\\s*[\"]N[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.inetd_general=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.inetd_general\\s*=\\s*"
expect : "SecureInetd.inetd_general\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.log_inetd=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.log_inetd\\s*=\\s*"
expect : "SecureInetd.log_inetd\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'SecureInetd.owner=its owner'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*SecureInetd.owner\\s*=\\s*"
expect : "SecureInetd.owner\\s*=\\s*[\"]its\\s+owner[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'Sendmail.sendmailcron=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*Sendmail.sendmailcron\\s*=\\s*"
expect : "Sendmail.sendmailcron\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'Sendmail.sendmaildaemon=Y'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*Sendmail.sendmaildaemon\\s*=\\s*"
expect : "Sendmail.sendmaildaemon\\s*=\\s*[\"]Y[\"]\\s*$"
system : "HP-UX"
type : FILE_CONTENT_CHECK
description : "Appendix E: HP-UX Bastille configuration entries 'Sendmail.vrfyexpn=N'"
see_also : "https://benchmarks.cisecurity.org/tools2/hpux/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf"
file : "/etc/opt/sec_mgmt/bastille/configs/defaults/CIS.config"
regex : "^[\\s]*Sendmail.vrfyexpn\\s*=\\s*"
expect : "Sendmail.vrfyexpn\\s*=\\s*[\"]N[\"]\\s*$"