{"id": "std_kylinserver10", "policy": "Standard Benchmark for Kylin Server 10", "title": "Standard Benchmark for Kylin Server 10", "source": "", "definition_location": "/aptdata/openscap/scap-security-guide/controls/std_kylinserver10.yml", "controls": [{"id": 1.1, "levels": ["l2_server"], "notes": "", "title": "Ensure a print server is not installed (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": ["service_cups_disabled"], "rules": ["package_cups_removed"], "controls": []}, {"id": 1.1, "levels": ["l2_server"], "notes": "", "title": "system must not have the sendmail package installed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_sendmail_removed"], "controls": []}, {"id": 1.3, "levels": ["l2_server"], "notes": "", "title": "Ensure NFS Service Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_nfs_disabled", "service_nfs_disabled.severity=low"], "controls": []}, {"id": 1.4, "levels": ["l2_server"], "notes": "", "title": "Ensure nfs-utils is not installed or the nfs-server service is masked (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_nfs-utils_removed", "service_nfs_disabled"], "controls": []}, {"id": 1.5, "levels": ["l2_server"], "notes": "", "title": "ident{auth.socket}", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.6, "levels": ["l2_server"], "notes": "", "title": "ntalk", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.7, "levels": ["l2_server"], "notes": "", "title": "Ensure DHCP Service Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_dhcpd_disabled", "service_dhcpd_disabled.severity=low"], "controls": []}, {"id": 1.8, "levels": ["l2_server"], "notes": "", "title": "Ensure NIS Client Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_ypbind_removed", "package_ypbind_removed.severity=high"], "controls": []}, {"id": 1.9, "levels": ["l2_server"], "notes": "", "title": "Ensure TFTP Server Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_tftp_removed", "package_tftp-server_removed", "package_tftp_removed.severity=high", "package_tftp-server_removed.severity=high"], "controls": []}, {"id": 1.1, "levels": ["l2_server"], "notes": "", "title": "Ensure rsync-daemon is not installed or the rsyncd service is masked (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": ["service_rsyncd_disabled"], "rules": ["package_rsync_removed"], "controls": []}, {"id": 1.11, "levels": ["l2_server"], "notes": "", "title": "Prohibit anonymous VSFTP user login", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.12, "levels": ["l2_server"], "notes": "", "title": "Prohibit root login to VSFTP", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.13, "levels": ["l2_server"], "notes": "", "title": "ensure-local-login-warning-banner-is-configured-properly", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["banner_etc_issue", "login_banner_text=cis_banners"], "controls": []}, {"id": 1.14, "levels": ["l2_server"], "notes": "", "title": "ensure-message-of-the-day-is-configured-properly", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["banner_etc_motd", "login_banner_text=cis_banners"], "controls": []}, {"id": 1.15, "levels": ["l2_server"], "notes": "", "title": "Ensure sshd PermitRootLogin is disabled (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_root_login"], "controls": []}, {"id": 1.16, "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd Protocol Version Is 2", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_allow_only_protocol2", "sshd_allow_only_protocol2.severity=high"], "controls": []}, {"id": 1.17, "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd Log Level Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_loglevel_verbose", "sshd_set_loglevel_verbose.severity=low"], "controls": []}, {"id": 1.18, "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd MaxAuthTries Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_max_auth_tries", "sshd_max_auth_tries_value=3", "sshd_set_max_auth_tries.severity=low"], "controls": []}, {"id": 1.19, "levels": ["l2_server"], "notes": "", "title": "ensure-ssh-permitemptypasswords-is-disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_empty_passwords"], "controls": []}, {"id": 1.2, "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd PermitUserEnvironment Forbidden", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_do_not_permit_user_env", "sshd_do_not_permit_user_env.severity=high"], "controls": []}, {"id": 1.21, "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd Ciphers Algorithm Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_use_strong_ciphers", "sshd_use_strong_ciphers.severity=high"], "controls": []}, {"id": 1.22, "levels": ["l2_server"], "notes": "", "title": "check is installed chkrootkit", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.23, "levels": ["l2_server"], "notes": "", "title": "Check for the existence of rootkit programs", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.24, "levels": ["l2_server"], "notes": "", "title": "Restricting the directories that FTP users can access after logging in", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.25, "levels": ["l2_server"], "notes": "", "title": "operating system must use SSH to protect the confidentiality and integrity of transmitted information.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_sshd_enabled", "package_openssh-server_installed"], "controls": []}, {"id": 1.26, "levels": ["l2_server"], "notes": "", "title": "Ensure telnet server services are not in use (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": ["service_telnet_disabled"], "rules": ["package_telnet-server_removed"], "controls": []}, {"id": 1.27, "levels": ["l2_server"], "notes": "", "title": "Prohibit remote telnet login for root user", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.28, "levels": ["l2_server"], "notes": "", "title": "Set warning banner before telnet login", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.29, "levels": ["l2_server"], "notes": "", "title": "Set warning banner after telnet login", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.3, "levels": ["l2_server"], "notes": "", "title": "Disable unnecessary xinetd services", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.31, "levels": ["l2_server"], "notes": "", "title": "Ensure Unnecessary Service And Port Disabled (Manual)", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 1.32, "levels": ["l2_server"], "notes": "", "title": "Ensure SSH access is limited (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_limit_user_access"], "controls": []}, {"id": 1.33, "levels": ["l2_server"], "notes": "", "title": "SSH daemon must display the date and time of the last successful account logon upon an SSH logon.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_print_last_log"], "controls": []}, {"id": 2.1, "levels": ["l2_server"], "notes": "", "title": "Ensure ICMP Redirect Package Not Received", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_all_secure_redirects", "sysctl_net_ipv4_conf_all_accept_redirects", "sysctl_net_ipv4_conf_default_secure_redirects", "sysctl_net_ipv4_conf_all_accept_redirects_value=disabled", "sysctl_net_ipv4_conf_all_secure_redirects_value=disabled", "sysctl_net_ipv4_conf_default_secure_redirects_value=disabled", "sysctl_net_ipv4_conf_all_accept_redirects.severity=high", "sysctl_net_ipv4_conf_all_secure_redirects.severity=high", "sysctl_net_ipv4_conf_default_secure_redirects.severity=high"], "controls": []}, {"id": 2.2, "levels": ["l2_server"], "notes": "", "title": "Ensure packet redirect sending is disabled (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_all_send_redirects", "sysctl_net_ipv4_conf_default_send_redirects"], "controls": []}, {"id": 2.3, "levels": ["l2_server"], "notes": "", "title": "Ensure ICMP Broadcast Package Not Responsed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_icmp_echo_ignore_broadcasts", "sysctl_net_ipv4_icmp_echo_ignore_broadcasts.severity=high"], "controls": []}, {"id": 2.4, "levels": ["l2_server"], "notes": "", "title": "Ensure Source Route Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_default_accept_source_route", "sysctl_net_ipv4_conf_all_accept_source_route", "sysctl_net_ipv4_conf_all_accept_source_route_value=disabled", "sysctl_net_ipv4_conf_default_accept_source_route_value=disabled", "sysctl_net_ipv4_conf_all_accept_source_route.severity=high", "sysctl_net_ipv4_conf_default_accept_source_route.severity=high"], "controls": []}, {"id": 2.5, "levels": ["l2_server"], "notes": "", "title": "Ensure IP Forwarding Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_ip_forward", "sysctl_net_ipv4_ip_forward.severity=high"], "controls": []}, {"id": 3.1, "levels": ["l2_server"], "notes": "", "title": "Modify SNMP default group characters", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 3.2, "levels": ["l2_server"], "notes": "", "title": "Disable multi IP binding", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 3.3, "levels": ["l2_server"], "notes": "", "title": "Ensure Reverse Proxy Filter Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_all_rp_filter", "sysctl_net_ipv4_conf_default_rp_filter", "sysctl_net_ipv4_conf_all_rp_filter_value=enabled", "sysctl_net_ipv4_conf_default_rp_filter_value=enabled", "sysctl_net_ipv4_conf_all_rp_filter.severity=high", "sysctl_net_ipv4_conf_default_rp_filter.severity=high"], "controls": []}, {"id": 4.1, "levels": ["l2_server"], "notes": "", "title": "Ensure sudo log file exists (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudo_custom_logfile"], "controls": []}, {"id": 4.2, "levels": ["l2_server"], "notes": "", "title": "Ensure sudo commands use pty (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudo_add_use_pty"], "controls": []}, {"id": 4.3, "levels": ["l2_server"], "notes": "", "title": "must use the invoking user's password for privilege escalation when using \"sudo\".", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudoers_validate_passwd"], "controls": []}, {"id": 4.4, "levels": ["l1_server"], "notes": "", "title": "Ensure Important Services Logged", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["rsyslog_logging_configured", "rsyslog_logging_configured.severity=low"], "controls": []}, {"id": 4.5, "levels": ["l1_server"], "notes": "", "title": "Ensure HISTSIZE and HISTFILESIZE Limited", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 5.1, "levels": ["l1_server"], "notes": "", "title": "check is installed swatch", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 5.2, "levels": ["l2_server"], "notes": "", "title": "Ensure Auditd Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_auditd_enabled", "service_auditd_enabled.severity=high"], "controls": []}, {"id": 5.3, "levels": ["l1_server"], "notes": "", "title": "Set system audit log rules", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 5.4, "levels": ["l1_server"], "notes": "", "title": "Ensure Audit Disk Space Set Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_data_retention_space_left", "auditd_data_retention_space_left.severity=low"], "controls": []}, {"id": 5.5, "levels": ["l2_server"], "notes": "", "title": "Ensure cron is restricted to authorized users (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_cron_allow_exists"], "controls": []}, {"id": 5.6, "levels": ["l2_server"], "notes": "", "title": "Ensure Rsyslog Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_rsyslog_enabled", "service_rsyslog_enabled.severity=high"], "controls": []}, {"id": 5.7, "levels": ["l2_server"], "notes": "", "title": "Record user operations on the device", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_psacct_installed", "service_psacct_enabled"], "controls": []}, {"id": 5.8, "levels": ["l1_server"], "notes": "", "title": "Record user login logs", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 5.9, "levels": ["l1_server"], "notes": "", "title": "Configure security event logs", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 5.1, "levels": ["l2_server"], "notes": "", "title": "Ensure Cron Logged", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["rsyslog_cron_logging", "rsyslog_cron_logging.severity=high"], "controls": []}, {"id": 5.11, "levels": ["l1_server"], "notes": "", "title": "Ensure AIDE Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_aide_installed", "package_aide_installed.severity=low"], "controls": []}, {"id": 5.12, "levels": ["l2_server"], "notes": "", "title": "Ensure filesystem integrity is regularly checked (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["aide_periodic_cron_checking"], "controls": []}, {"id": 6.1, "levels": ["l2_server"], "notes": "", "title": "Ensure TIMOUT Set Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_tmout", "var_accounts_tmout=5_min", "accounts_tmout.severity=high"], "controls": []}, {"id": 6.2, "levels": ["l2_server"], "notes": "", "title": "Ensure Grub Password Set", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["grub2_password", "grub2_uefi_password", "grub2_password.severity=high", "grub2_uefi_password.severity=high"], "controls": []}, {"id": 6.3, "levels": ["l2_server"], "notes": "", "title": "Ensure Use Sudo To Run", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudo_restrict_privilege_elevation_to_authorized", "sudoers_no_root_target", "sudo_restrict_privilege_elevation_to_authorized.severity=high"], "controls": []}, {"id": 6.4, "levels": ["l2_server"], "notes": "", "title": "Ensure SU Usage Limited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["use_pam_wheel_for_su", "use_pam_wheel_for_su.severity=high"], "controls": []}, {"id": 6.5, "levels": ["l2_server"], "notes": "", "title": "Ensure time synchronization is in use (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_ntp_installed", "package_chrony_installed"], "controls": []}, {"id": 6.6, "levels": ["l2_server"], "notes": "", "title": "Ensure chrony is running as user _chrony (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_chronyd_or_ntpd_enabled", "chronyd_configure_pool_and_server"], "controls": []}, {"id": 6.7, "levels": ["l2_server"], "notes": "", "title": "must disable core dumps for all users.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["disable_users_coredumps"], "controls": []}, {"id": 6.8, "levels": ["l2_server"], "notes": "", "title": "operating system must disable the x86 Ctrl-Alt-Delete key sequence if a graphical user interface is installed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dconf_gnome_disable_ctrlaltdel_reboot"], "controls": []}, {"id": 6.9, "levels": ["l2_server"], "notes": "", "title": "Enable idle screen lock time", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dconf_gnome_screensaver_idle_delay"], "controls": []}, {"id": 6.1, "levels": ["l2_server"], "notes": "", "title": "via the session lock, information previously visible on the display with a publicly viewable image.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dconf_gnome_screensaver_mode_blank"], "controls": []}, {"id": 6.11, "levels": ["l1_server"], "notes": "", "title": "Prohibit automatic system login", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 6.12, "levels": ["l2_server"], "notes": "", "title": "Prohibit SSH password free login", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_pubkey_auth"], "controls": []}, {"id": 6.13, "levels": ["l1_server"], "notes": "", "title": "Set the umask value of the daemon process", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 6.14, "levels": ["l2_server"], "notes": "", "title": "limit the number of concurrent sessions to ten for all accounts and/or account types.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_max_concurrent_login_sessions", "var_accounts_max_concurrent_login_sessions=10"], "controls": []}, {"id": 7.1, "levels": ["l2_server"], "notes": "", "title": "Ensure No Empty Symlink", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 7.2, "levels": ["l2_server"], "notes": "", "title": "Ensure SNMP Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_net-snmp_removed", "package_net-snmp_removed.severity=high"], "controls": []}, {"id": 7.3, "levels": ["l2_server"], "notes": "", "title": "Check the debuggable components", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_binutils_installed"], "controls": []}, {"id": 7.4, "levels": ["l2_server"], "notes": "", "title": "/etc/aliases Disable unnecessary aliases", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["postfix_client_configure_mail_alias"], "controls": []}, {"id": 7.5, "levels": ["l2_server"], "notes": "", "title": "/etc/mail/aliases Disable unnecessary aliases", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 7.6, "levels": ["l1_server"], "notes": "", "title": "Ensure No .netrc Files In Home Folder", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_netrc_files", "no_netrc_files.severity=low"], "controls": []}, {"id": 7.7, "levels": ["l2_server"], "notes": "", "title": "Ensure No hosts.equiv Files In Home Folder", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 7.8, "levels": ["l2_server"], "notes": "", "title": "Ensure No .rhosts Files In Home Folder", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": ["no_rsh_trust_files"], "rules": [], "controls": []}, {"id": 7.9, "levels": ["l2_server"], "notes": "", "title": "Ensure No equiv Files In Home Folder", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 7.1, "levels": ["l2_server"], "notes": "", "title": "Ensure No rhosts Files In Home Folder", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 8.1, "levels": ["l2_server"], "notes": "", "title": "Ensure All Files Have Owner And Group", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_files_unowned_by_user", "file_permissions_ungroupowned", "no_files_unowned_by_user.severity=high", "file_permissions_ungroupowned.severity=high"], "controls": []}, {"id": 8.2, "levels": ["l2_server"], "notes": "", "title": "Ensure UMASK Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_umask_etc_bashrc", "var_accounts_user_umask=027", "accounts_umask_etc_bashrc.severity=high"], "controls": []}, {"id": 8.3, "levels": ["l2_server"], "notes": "", "title": "Ensure File Permission Minimize", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 8.4, "levels": ["l2_server"], "notes": "", "title": "Ensure permissions on /etc/passwd are configured (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_owner_etc_passwd", "file_groupowner_etc_passwd", "file_permissions_etc_passwd"], "controls": []}, {"id": 8.5, "levels": ["l2_server"], "notes": "", "title": "Ensure permissions on /etc/group are configured (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_groupowner_etc_group", "file_owner_etc_group", "file_permissions_etc_group"], "controls": []}, {"id": 8.6, "levels": ["l2_server"], "notes": "", "title": "Ensure permissions on /etc/shadow are configured (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_groupowner_etc_shadow", "file_owner_etc_shadow", "file_permissions_etc_shadow"], "controls": []}, {"id": 8.7, "levels": ["l2_server"], "notes": "", "title": "Ensure all logfiles have appropriate permissions(Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["rsyslog_files_permissions"], "controls": []}, {"id": 8.8, "levels": ["l2_server"], "notes": "", "title": "Restrict the permissions of FTP users to upload files", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 8.9, "levels": ["l2_server"], "notes": "", "title": "Prohibit global read-write of log files", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 9.1, "levels": ["l2_server"], "notes": "", "title": "Delete accounts unrelated to device operation, maintenance, and other work", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 9.2, "levels": ["l2_server"], "notes": "", "title": "Ensure pam_unix does not include nullok (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_empty_passwords"], "controls": []}, {"id": 9.3, "levels": ["l2_server"], "notes": "", "title": "Ensure /etc/shadow password fields are not empty (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_empty_passwords_etc_shadow"], "controls": []}, {"id": 9.4, "levels": ["l2_server"], "notes": "", "title": "Prohibit interactive login of system accounts", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 9.5, "levels": ["l2_server"], "notes": "", "title": "Ensure UID Unique", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["account_unique_id", "account_unique_id.severity=high"], "controls": []}, {"id": 10.1, "levels": ["l2_server"], "notes": "", "title": "Check the usage rate of system disk partitions", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 11.1, "levels": ["l2_server"], "notes": "", "title": "Ensure Set Correct Password Complexity", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_pam_lcredit", "accounts_password_pam_minclass", "accounts_password_pam_ucredit", "accounts_password_pam_enforce_root", "accounts_password_pam_retry", "accounts_password_pam_dcredit", "accounts_password_pam_ocredit", "var_password_pam_minclass=3", "var_password_pam_retry=3", "var_password_pam_dcredit=0", "var_password_pam_ucredit=0", "var_password_pam_lcredit=0", "var_password_pam_ocredit=0", "accounts_password_pam_minclass.severity=high", "accounts_password_pam_retry.severity=high", "accounts_password_pam_dcredit.severity=high", "accounts_password_pam_ucredit.severity=high", "accounts_password_pam_lcredit.severity=high", "accounts_password_pam_ocredit.severity=high", "accounts_password_pam_enforce_root.severity=high"], "controls": []}, {"id": 11.2, "levels": ["l2_server"], "notes": "", "title": "Ensure Password Expiration Warning Days", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_warn_age_login_defs", "var_accounts_password_warn_age_login_defs=7", "accounts_password_warn_age_login_defs.severity=high"], "controls": []}, {"id": 11.3, "levels": ["l2_server"], "notes": "", "title": "Enable password complexity policy", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 11.4, "levels": ["l2_server"], "notes": "", "title": "Ensure Password Expire Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_maximum_age_login_defs", "var_accounts_maximum_age_login_defs=90", "accounts_maximum_age_login_defs.severity=high"], "controls": []}, {"id": 11.5, "levels": ["l2_server"], "notes": "", "title": "Ensure Set Correct Password Complexity", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_pam_minlen", "var_password_pam_minlen=8", "accounts_password_pam_minlen.severity=high"], "controls": []}, {"id": 11.6, "levels": ["l2_server"], "notes": "", "title": "Minimum Days Between Password Change", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_minimum_age_login_defs", "var_accounts_minimum_age_login_defs=0", "accounts_minimum_age_login_defs.severity=high"], "controls": []}, {"id": 11.7, "levels": ["l2_server"], "notes": "", "title": "Ensure No History Password Used", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_pam_unix_remember", "var_password_pam_unix_remember=5", "accounts_password_pam_unix_remember.severity=high"], "controls": []}, {"id": 11.8, "levels": ["l2_server"], "notes": "", "title": "Ensure Using Strong Hash Algorithm To Encipher Password", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_password_hashing_algorithm_systemauth", "set_password_hashing_algorithm_passwordauth", "set_password_hashing_algorithm_systemauth.severity=high", "set_password_hashing_algorithm_passwordauth.severity=high"], "controls": []}, {"id": 12.1, "levels": ["l2_server"], "notes": "", "title": "Ensure Account Locked After Accessing Fail", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_passwords_pam_faillock_deny", "accounts_passwords_pam_faillock_unlock_time", "var_accounts_passwords_pam_faillock_deny=3", "var_accounts_passwords_pam_faillock_unlock_time=300", "accounts_passwords_pam_faillock_deny.severity=high", "accounts_passwords_pam_faillock_unlock_time.severity=high"], "controls": []}, {"id": 13.1, "levels": ["l1_server"], "notes": "", "title": "Ensure Firewalld Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_firewalld_enabled", "service_firewalld_enabled.severity=low"], "controls": []}, {"id": 13.2, "levels": ["l2_server"], "notes": "", "title": "Ensure the SELinux mode is not disabled (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["selinux_not_disabled"], "controls": []}, {"id": 13.3, "levels": ["l1_server"], "notes": "", "title": "Ensure firewalld default zone is set (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_firewalld_default_zone"], "controls": []}, {"id": 14.1, "levels": ["l2_server"], "notes": "", "title": "Ensure authentication required for single user mode (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["require_singleuser_auth", "require_emergency_target_auth"], "controls": []}, {"id": 15.1, "levels": ["l2_server"], "notes": "", "title": "Check system resource usage control", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": 16.1, "levels": ["l2_server"], "notes": "", "title": "Ensure root path integrity (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_root_path_dirs_no_write", "root_path_no_dot"], "controls": []}, {"id": 16.2, "levels": ["l2_server"], "notes": "", "title": "Ensure GPG Check Configured", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["ensure_gpgcheck_never_disabled", "ensure_gpgcheck_globally_activated", "ensure_gpgcheck_globally_activated.severity=high", "ensure_gpgcheck_never_disabled.severity=high"], "controls": []}, {"id": 16.3, "levels": ["l2_server"], "notes": "", "title": "ensure-permissions-on-ssh-private-host-key-files-are-configured", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_sshd_private_key"], "controls": []}, {"id": 16.4, "levels": ["l2_server"], "notes": "", "title": "Ensure SSH IgnoreRhosts is enabled (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_rhosts"], "controls": []}, {"id": 16.5, "levels": ["l2_server"], "notes": "", "title": "Ensure that SSH X11 forwarding is disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_x11_forwarding"], "controls": []}, {"id": 16.6, "levels": ["l2_server"], "notes": "", "title": "Ensure sshd Hostl2_serverdAuthentication is disabled (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["disable_host_auth"], "controls": []}, {"id": 16.7, "levels": ["l2_server"], "notes": "", "title": "interactive user accounts must be assigned a home directory upon creation.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_have_homedir_login_defs"], "controls": []}, {"id": 16.8, "levels": ["l2_server"], "notes": "", "title": "Ensure autofs services are not in use (Automated)", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_autofs_disabled"], "controls": []}], "levels": [{"id": "l1_server", "inherits_from": null}, {"id": "l2_server", "inherits_from": null}]}