{"id": "stig_slmicro5", "policy": "SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide", "title": "SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide", "source": "https://www.cyber.mil/stigs/downloads/", "definition_location": "/aptdata/openscap/scap-security-guide/controls/stig_slmicro5.yml", "controls": [{"id": "SLEM-05-211010", "levels": ["high"], "notes": "", "title": "SLEM 5 must be a vendor-supported release.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["installed_OS_is_vendor_supported"], "controls": []}, {"id": "SLEM-05-211015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must implement an endpoint security tool.", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "SLEM-05-211020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner before granting any local or remote connection to the system.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["banner_etc_issue", "login_banner_text=dod_banners"], "controls": []}, {"id": "SLEM-05-211025", "levels": ["high"], "notes": "", "title": "SLEM 5 must disable the x86 Ctrl-Alt-Delete key sequence.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["disable_ctrlaltdel_reboot"], "controls": []}, {"id": "SLEM-05-212010", "levels": ["high"], "notes": "", "title": "SLEM 5 with a basic input/output system (BIOS) must require authentication upon booting into single-user and maintenance modes.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["grub2_password"], "controls": []}, {"id": "SLEM-05-212015", "levels": ["high"], "notes": "", "title": "SLEM 5 with Unified Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["grub2_uefi_password"], "controls": []}, {"id": "SLEM-05-213010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must restrict access to the kernel message buffer.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_kernel_dmesg_restrict"], "controls": []}, {"id": "SLEM-05-213015", "levels": ["medium"], "notes": "", "title": "SLEM 5 kernel core dumps must be disabled unless needed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_kdump_disabled"], "controls": []}, {"id": "SLEM-05-213020", "levels": ["medium"], "notes": "", "title": "Address space layout randomization (ASLR) must be implemented by SLEM 5 to protect memory from unauthorized code execution.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_kernel_randomize_va_space"], "controls": []}, {"id": "SLEM-05-213025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must implement kptr-restrict to prevent the leaking of internal kernel addresses.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_kernel_kptr_restrict"], "controls": []}, {"id": "SLEM-05-214010", "levels": ["medium"], "notes": "", "title": "Vendor-packaged SLEM 5 security patches and updates must be installed and up to date.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["security_patches_up_to_date"], "controls": []}, {"id": "SLEM-05-214015", "levels": ["high"], "notes": "", "title": "The SLEM 5 tool zypper must have gpgcheck enabled.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["ensure_gpgcheck_globally_activated"], "controls": []}, {"id": "SLEM-05-214020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must remove all outdated software components after updated versions have been installed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["clean_components_post_updating"], "controls": []}, {"id": "SLEM-05-215010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must use vlock to allow for session locking.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["vlock_installed"], "controls": []}, {"id": "SLEM-05-215015", "levels": ["high"], "notes": "", "title": "SLEM 5 must not have the telnet-server package installed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_telnet-server_removed"], "controls": []}, {"id": "SLEM-05-231010", "levels": ["medium"], "notes": "", "title": "A separate file system must be used for SLEM 5 user home directories (such as /home or an equivalent).", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["partition_for_home"], "controls": []}, {"id": "SLEM-05-231015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must use a separate file system for /var.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["partition_for_var"], "controls": []}, {"id": "SLEM-05-231020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must use a separate file system for the system audit data path.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["partition_for_var_log_audit"], "controls": []}, {"id": "SLEM-05-231025", "levels": ["medium"], "notes": "", "title": "SLEM 5 file systems that are being imported via Network File System (NFS) must be mounted to prevent files with the setuid and setgid bit set from being executed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["mount_option_nosuid_remote_filesystems"], "controls": []}, {"id": "SLEM-05-231030", "levels": ["medium"], "notes": "", "title": "SLEM 5 file systems that are being imported via Network File System (NFS) must be mounted to prevent binary files from being executed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["mount_option_noexec_remote_filesystems"], "controls": []}, {"id": "SLEM-05-231035", "levels": ["medium"], "notes": "", "title": "SLEM 5 file systems that are used with removable media must be mounted to prevent files with the setuid and setgid bit set from being executed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["mount_option_nosuid_removable_partitions"], "controls": []}, {"id": "SLEM-05-231040", "levels": ["high"], "notes": "", "title": "All SLEM 5 persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["encrypt_partitions"], "controls": []}, {"id": "SLEM-05-231045", "levels": ["medium"], "notes": "", "title": "SLEM 5 file systems that contain user home directories must be mounted to prevent files with the setuid and setgid bit set from being executed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["mount_option_home_nosuid"], "controls": []}, {"id": "SLEM-05-231050", "levels": ["medium"], "notes": "", "title": "SLEM 5 must disable the file system automounter unless required.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_autofs_disabled"], "controls": []}, {"id": "SLEM-05-232010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must have directories that contain system commands set to a mode of 755 or less permissive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dir_permissions_binary_dirs"], "controls": []}, {"id": "SLEM-05-232015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must have system commands set to a mode of 755 or less permissive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_binary_dirs"], "controls": []}, {"id": "SLEM-05-232020", "levels": ["medium"], "notes": "", "title": "SLEM 5 library directories must have mode 755 or less permissive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dir_permissions_library_dirs"], "controls": []}, {"id": "SLEM-05-232025", "levels": ["medium"], "notes": "", "title": "SLEM 5 library files must have mode 755 or less permissive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_library_dirs"], "controls": []}, {"id": "SLEM-05-232030", "levels": ["medium"], "notes": "", "title": "All SLEM 5 local interactive user home directories must have mode 750 or less permissive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_home_directories"], "controls": []}, {"id": "SLEM-05-232035", "levels": ["medium"], "notes": "", "title": "All SLEM 5 local initialization files must have mode 740 or less permissive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permission_user_init_files"], "controls": []}, {"id": "SLEM-05-232040", "levels": ["medium"], "notes": "", "title": "SLEM 5 SSH daemon public host key files must have mode 644 or less permissive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_sshd_pub_key"], "controls": []}, {"id": "SLEM-05-232045", "levels": ["medium"], "notes": "", "title": "SLEM 5 SSH daemon private host key files must have mode 640 or less permissive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_sshd_private_key"], "controls": []}, {"id": "SLEM-05-232050", "levels": ["medium"], "notes": "", "title": "SLEM 5 library files must be owned by root.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_ownership_library_dirs"], "controls": []}, {"id": "SLEM-05-232055", "levels": ["medium"], "notes": "", "title": "SLEM 5 library files must be group-owned by root.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["root_permissions_syslibrary_files"], "controls": []}, {"id": "SLEM-05-232060", "levels": ["medium"], "notes": "", "title": "SLEM 5 library directories must be owned by root.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dir_ownership_library_dirs"], "controls": []}, {"id": "SLEM-05-232065", "levels": ["medium"], "notes": "", "title": "SLEM 5 library directories must be group-owned by root.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dir_group_ownership_library_dirs"], "controls": []}, {"id": "SLEM-05-232070", "levels": ["medium"], "notes": "", "title": "SLEM 5 must have system commands owned by root.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_ownership_binary_dirs"], "controls": []}, {"id": "SLEM-05-232075", "levels": ["medium"], "notes": "", "title": "SLEM 5 must have system commands group-owned by root or a system account.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_groupownership_system_commands_dirs"], "controls": []}, {"id": "SLEM-05-232080", "levels": ["medium"], "notes": "", "title": "SLEM 5 must have directories that contain system commands owned by root.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dir_system_commands_root_owned"], "controls": []}, {"id": "SLEM-05-232085", "levels": ["medium"], "notes": "", "title": "SLEM 5 must have directories that contain system commands group-owned by root.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dir_system_commands_group_root_owned"], "controls": []}, {"id": "SLEM-05-232090", "levels": ["medium"], "notes": "", "title": "All SLEM 5 files and directories must have a valid owner.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_files_unowned_by_user"], "controls": []}, {"id": "SLEM-05-232095", "levels": ["medium"], "notes": "", "title": "All SLEM 5 files and directories must have a valid group owner.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_ungroupowned"], "controls": []}, {"id": "SLEM-05-232100", "levels": ["medium"], "notes": "", "title": "All SLEM 5 local interactive user home directories must be group-owned by the home directory owner's primary group.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_groupownership_home_directories"], "controls": []}, {"id": "SLEM-05-232105", "levels": ["medium"], "notes": "", "title": "All SLEM 5 world-writable directories must be group-owned by root, sys, bin, or an application group.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dir_perms_world_writable_system_owned_group"], "controls": []}, {"id": "SLEM-05-232110", "levels": ["medium"], "notes": "", "title": "The sticky bit must be set on all SLEM 5 world-writable directories.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dir_perms_world_writable_sticky_bits"], "controls": []}, {"id": "SLEM-05-232115", "levels": ["medium"], "notes": "", "title": "SLEM 5 must prevent unauthorized users from accessing system error messages.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_local_var_log_messages"], "controls": []}, {"id": "SLEM-05-232120", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["permissions_local_var_log"], "controls": []}, {"id": "SLEM-05-251010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_firewalld_enabled"], "controls": []}, {"id": "SLEM-05-252010", "levels": ["medium"], "notes": "", "title": "SLEM 5 clock must, for networked systems, be synchronized to an authoritative DOD time source at least every 24 hours.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["chronyd_or_ntpd_set_maxpoll", "chronyd_specify_remote_server", "var_multiple_time_servers=stig", "var_time_service_set_maxpoll=18_hours"], "controls": []}, {"id": "SLEM-05-252015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not have network interfaces in promiscuous mode unless approved and documented.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["network_sniffer_disabled"], "controls": []}, {"id": "SLEM-05-253010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not forward Internet Protocol version 4 (IPv4) source-routed packets.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_all_accept_source_route"], "controls": []}, {"id": "SLEM-05-253015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not forward Internet Protocol version 4 (IPv4) source-routed packets by default.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_default_accept_source_route"], "controls": []}, {"id": "SLEM-05-253020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must prevent Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages from being accepted.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_all_accept_redirects"], "controls": []}, {"id": "SLEM-05-253025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not allow interfaces to accept Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_default_accept_redirects"], "controls": []}, {"id": "SLEM-05-253030", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirects.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_all_send_redirects"], "controls": []}, {"id": "SLEM-05-253035", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not allow interfaces to send Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages by default.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_default_send_redirects"], "controls": []}, {"id": "SLEM-05-253040", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not be performing Internet Protocol version 4 (IPv4) packet forwarding unless the system is a router.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_ip_forward"], "controls": []}, {"id": "SLEM-05-253045", "levels": ["medium"], "notes": "", "title": "SLEM 5 must be configured to use TCP syncookies.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_tcp_syncookies"], "controls": []}, {"id": "SLEM-05-254010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not forward Internet Protocol version 6 (IPv6) source-routed packets.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv6_conf_all_accept_source_route"], "controls": []}, {"id": "SLEM-05-254015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not forward Internet Protocol version 6 (IPv6) source-routed packets by default.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv6_conf_default_accept_source_route"], "controls": []}, {"id": "SLEM-05-254020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must prevent Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages from being accepted.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv6_conf_all_accept_redirects"], "controls": []}, {"id": "SLEM-05-254025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not allow interfaces to accept Internet Protocol version 6 (IPv6) Internet Control Message Protocol (ICMP) redirect messages by default.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv6_conf_default_accept_redirects"], "controls": []}, {"id": "SLEM-05-254030", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv6_conf_all_forwarding"], "controls": []}, {"id": "SLEM-05-254035", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not be performing Internet Protocol version 6 (IPv6) packet forwarding by default unless the system is a router.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv6_conf_default_forwarding"], "controls": []}, {"id": "SLEM-05-255010", "levels": ["high"], "notes": "", "title": "SLEM 5 must have SSH installed to protect the confidentiality and integrity of transmitted information.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_openssh-server_installed"], "controls": []}, {"id": "SLEM-05-255015", "levels": ["high"], "notes": "", "title": "SLEM 5 must use SSH to protect the confidentiality and integrity of transmitted information.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_sshd_enabled"], "controls": []}, {"id": "SLEM-05-255020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must display the Standard Mandatory DOD Notice and Consent Banner before granting access via SSH.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_enable_warning_banner"], "controls": []}, {"id": "SLEM-05-255025", "levels": ["high"], "notes": "", "title": "SLEM 5 must not allow unattended or automatic logon via SSH.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_empty_passwords", "sshd_do_not_permit_user_env"], "controls": []}, {"id": "SLEM-05-255030", "levels": ["medium"], "notes": "", "title": "SLEM 5 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_keepalive", "var_sshd_set_keepalive=1"], "controls": []}, {"id": "SLEM-05-255035", "levels": ["medium"], "notes": "", "title": "SLEM 5 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_idle_timeout", "sshd_idle_timeout_value=10_minutes"], "controls": []}, {"id": "SLEM-05-255040", "levels": ["medium"], "notes": "", "title": "SLEM 5 SSH daemon must disable forwarded remote X connections for interactive users, unless to fulfill documented and validated mission requirements.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_x11_forwarding"], "controls": []}, {"id": "SLEM-05-255045", "levels": ["high"], "notes": "", "title": "SLEM 5 must implement DOD-approved encryption to protect the confidentiality of SSH remote connections.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_use_approved_ciphers_ordered_stig", "sshd_use_approved_ciphers"], "controls": []}, {"id": "SLEM-05-255050", "levels": ["high"], "notes": "", "title": "SLEM 5 SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2/140-3 approved cryptographic hash algorithms.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_use_approved_macs_ordered_stig", "sshd_use_approved_macs"], "controls": []}, {"id": "SLEM-05-255055", "levels": ["high"], "notes": "", "title": "SLEM 5 SSH server must be configured to use only FIPS 140-2/140-3 validated key exchange algorithms.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_use_approved_kex_ordered_stig"], "controls": []}, {"id": "SLEM-05-255060", "levels": ["medium"], "notes": "", "title": "SLEM 5 must deny direct logons to the root account using remote access via SSH.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_root_login"], "controls": []}, {"id": "SLEM-05-255065", "levels": ["medium"], "notes": "", "title": "SLEM 5 must log SSH connection attempts and failures to the server.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_loglevel_verbose"], "controls": []}, {"id": "SLEM-05-255070", "levels": ["medium"], "notes": "", "title": "SLEM 5 must display the date and time of the last successful account logon upon an SSH logon.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_print_last_log"], "controls": []}, {"id": "SLEM-05-255075", "levels": ["medium"], "notes": "", "title": "SLEM 5 SSH daemon must be configured to not allow authentication using known hosts authentication.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_user_known_hosts"], "controls": []}, {"id": "SLEM-05-255080", "levels": ["medium"], "notes": "", "title": "SLEM 5 SSH daemon must perform strict mode checking of home directory configuration files.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_enable_strictmodes"], "controls": []}, {"id": "SLEM-05-255085", "levels": ["medium"], "notes": "", "title": "SLEM 5, for PKI-based authentication, must enforce authorized access to the corresponding private key.", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["ssh_private_keys_have_passcode"], "controls": []}, {"id": "SLEM-05-255090", "levels": ["high"], "notes": "", "title": "There must be no .shosts files on SLEM 5.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_user_host_based_files"], "controls": []}, {"id": "SLEM-05-255095", "levels": ["high"], "notes": "", "title": "There must be no shosts.equiv files on SLEM 5.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_host_based_files"], "controls": []}, {"id": "SLEM-05-272010", "levels": ["high"], "notes": "", "title": "SLEM 5 must not allow unattended or automatic logon via the graphical user interface (GUI).", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["gnome_gdm_disable_unattended_automatic_login"], "controls": []}, {"id": "SLEM-05-291010", "levels": ["medium"], "notes": "", "title": "SLEM 5 wireless network adapters must be disabled unless approved and documented.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["wireless_disable_interfaces"], "controls": []}, {"id": "SLEM-05-291015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must disable the USB mass storage kernel module.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["kernel_module_usb-storage_disabled"], "controls": []}, {"id": "SLEM-05-411010", "levels": ["medium"], "notes": "", "title": "All SLEM 5 local interactive user accounts, upon creation, must be assigned a home directory.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_have_homedir_login_defs"], "controls": []}, {"id": "SLEM-05-411015", "levels": ["medium"], "notes": "", "title": "SLEM 5 default permissions must be defined in such a way that all authenticated users can only read and modify their own files.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_umask_etc_login_defs"], "controls": []}, {"id": "SLEM-05-411020", "levels": ["medium"], "notes": "", "title": "SLEM 5 shadow password suite must be configured to enforce a delay of at least five seconds between logon prompts following a failed logon attempt.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_logon_fail_delay", "var_accounts_fail_delay=5"], "controls": []}, {"id": "SLEM-05-411025", "levels": ["medium"], "notes": "", "title": "All SLEM 5 local interactive users must have a home directory assigned in the /etc/passwd file.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_user_interactive_home_directory_defined"], "controls": []}, {"id": "SLEM-05-411030", "levels": ["medium"], "notes": "", "title": "All SLEM 5 local interactive user home directories defined in the /etc/passwd file must exist.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_user_interactive_home_directory_exists"], "controls": []}, {"id": "SLEM-05-411035", "levels": ["medium"], "notes": "", "title": "All SLEM 5 local interactive user initialization files executable search paths must contain only paths that resolve to the users' home directory.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_user_home_paths_only"], "controls": []}, {"id": "SLEM-05-411040", "levels": ["medium"], "notes": "", "title": "All SLEM 5 local initialization files must not execute world-writable programs.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_user_dot_no_world_writable_programs"], "controls": []}, {"id": "SLEM-05-411045", "levels": ["medium"], "notes": "", "title": "SLEM 5 must automatically expire temporary accounts within 72 hours.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["account_temp_expire_date"], "controls": []}, {"id": "SLEM-05-411050", "levels": ["medium"], "notes": "", "title": "SLEM 5 must never automatically remove or disable emergency administrator accounts.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["account_emergency_admin"], "controls": []}, {"id": "SLEM-05-411055", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not have unnecessary accounts.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_authorized_local_users", "var_accounts_authorized_local_users_regex=slmicro5"], "controls": []}, {"id": "SLEM-05-411060", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not have unnecessary account capabilities.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_shelllogin_for_systemaccounts"], "controls": []}, {"id": "SLEM-05-411065", "levels": ["high"], "notes": "", "title": "SLEM 5 root account must be the only account with unrestricted access to the system.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_no_uid_except_zero"], "controls": []}, {"id": "SLEM-05-411070", "levels": ["medium"], "notes": "", "title": "SLEM 5 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity after password expiration.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["account_disable_post_pw_expiration"], "controls": []}, {"id": "SLEM-05-411075", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not have duplicate User IDs (UIDs) for interactive users.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["account_unique_id"], "controls": []}, {"id": "SLEM-05-412010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must display the date and time of the last successful account logon upon logon.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["display_login_attempts"], "controls": []}, {"id": "SLEM-05-412015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must initiate a session lock after a 15-minute period of inactivity.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_tmout", "var_accounts_tmout=15_min"], "controls": []}, {"id": "SLEM-05-412020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must lock an account after three consecutive invalid access attempts.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_passwords_pam_tally2", "var_password_pam_tally2=3"], "controls": []}, {"id": "SLEM-05-412025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must enforce a delay of at least five seconds between logon prompts following a failed logon attempt via pluggable authentication modules (PAM).", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_passwords_pam_faildelay_delay", "var_password_pam_delay=4000000"], "controls": []}, {"id": "SLEM-05-412035", "levels": ["low"], "notes": "", "title": "SLEM 5 must limit the number of concurrent sessions to 10 for all accounts and/or account types.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_max_concurrent_login_sessions", "var_accounts_max_concurrent_login_sessions=10"], "controls": []}, {"id": "SLEM-05-431010", "levels": ["low"], "notes": "", "title": "SLEM 5 must have policycoreutils package installed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_policycoreutils_installed"], "controls": []}, {"id": "SLEM-05-431015", "levels": ["high"], "notes": "", "title": "SLEM 5 must use a Linux Security Module configured to enforce limits on system services.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["selinux_state", "var_selinux_state=enforcing"], "controls": []}, {"id": "SLEM-05-431020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must enable the SELinux targeted policy.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["selinux_policytype", "var_selinux_policy_name=targeted"], "controls": []}, {"id": "SLEM-05-431025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must prevent nonprivileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures.", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["selinux_user_login_roles"], "controls": []}, {"id": "SLEM-05-432010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must use the invoking user's password for privilege escalation when using \"sudo\".", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudoers_validate_passwd"], "controls": []}, {"id": "SLEM-05-432015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must reauthenticate users when changing authenticators, roles, or escalating privileges.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudo_require_authentication", "sudo_remove_no_authenticate", "sudo_remove_nopasswd"], "controls": []}, {"id": "SLEM-05-432020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must require reauthentication when using the \"sudo\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudo_require_reauthentication"], "controls": []}, {"id": "SLEM-05-432025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must restrict privilege elevation to authorized personnel.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudo_restrict_privilege_elevation_to_authorized"], "controls": []}, {"id": "SLEM-05-432030", "levels": ["medium"], "notes": "", "title": "SLEM 5 must specify the default \"include\" directory for the /etc/sudoers file.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudoers_default_includedir"], "controls": []}, {"id": "SLEM-05-611010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must enforce passwords that contain at least one uppercase character.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["cracklib_accounts_password_pam_ucredit"], "controls": []}, {"id": "SLEM-05-611015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must enforce passwords that contain at least one lowercase character.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["cracklib_accounts_password_pam_lcredit"], "controls": []}, {"id": "SLEM-05-611020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must enforce passwords that contain at least one numeric character.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["cracklib_accounts_password_pam_dcredit"], "controls": []}, {"id": "SLEM-05-611025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must enforce passwords that contain at least one special character.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["cracklib_accounts_password_pam_ocredit"], "controls": []}, {"id": "SLEM-05-611030", "levels": ["medium"], "notes": "", "title": "SLEM 5 must prevent the use of dictionary words for passwords.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["cracklib_accounts_password_pam_retry", "var_password_pam_retry=3"], "controls": []}, {"id": "SLEM-05-611035", "levels": ["medium"], "notes": "", "title": "SLEM 5 must employ passwords with a minimum of 15 characters.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["cracklib_accounts_password_pam_minlen"], "controls": []}, {"id": "SLEM-05-611040", "levels": ["medium"], "notes": "", "title": "SLEM 5 must require the change of at least eight of the total number of characters when passwords are changed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["cracklib_accounts_password_pam_difok"], "controls": []}, {"id": "SLEM-05-611045", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not allow passwords to be reused for a minimum of five generations.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_pam_pwhistory_remember", "var_password_pam_remember_control_flag=requisite", "var_password_pam_remember=5"], "controls": []}, {"id": "SLEM-05-611050", "levels": ["medium"], "notes": "", "title": "SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_password_hashing_algorithm_systemauth"], "controls": []}, {"id": "SLEM-05-611055", "levels": ["high"], "notes": "", "title": "SLEM 5 must not be configured to allow blank or null passwords.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_empty_passwords"], "controls": []}, {"id": "SLEM-05-611060", "levels": ["high"], "notes": "", "title": "SLEM 5 must not have accounts configured with blank or null passwords.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_empty_passwords_etc_shadow"], "controls": []}, {"id": "SLEM-05-611065", "levels": ["medium"], "notes": "", "title": "SLEM 5 must employ user passwords with a minimum lifetime of 24 hours (one day).", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_set_min_life_existing", "var_accounts_minimum_age_login_defs=1"], "controls": []}, {"id": "SLEM-05-611070", "levels": ["medium"], "notes": "", "title": "SLEM 5 must employ user passwords with a maximum lifetime of 60 days.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_set_max_life_existing", "var_accounts_maximum_age_login_defs=60"], "controls": []}, {"id": "SLEM-05-611075", "levels": ["medium"], "notes": "", "title": "SLEM 5 must employ a password history file.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_etc_security_opasswd"], "controls": []}, {"id": "SLEM-05-611080", "levels": ["high"], "notes": "", "title": "SLEM 5 must employ FIPS 140-2/140-3-approved cryptographic hashing algorithms for system authentication.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_all_shadowed_sha512"], "controls": []}, {"id": "SLEM-05-611085", "levels": ["high"], "notes": "", "title": "SLEM 5 shadow password suite must be configured to use a sufficient number of hashing rounds.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_password_hashing_min_rounds_logindefs"], "controls": []}, {"id": "SLEM-05-611090", "levels": ["medium"], "notes": "", "title": "SLEM 5 must employ FIPS 140-2/140-3 approved cryptographic hashing algorithm for system authentication (login.defs).", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_password_hashing_algorithm_logindefs", "var_password_hashing_algorithm=SHA512"], "controls": []}, {"id": "SLEM-05-611095", "levels": ["medium"], "notes": "", "title": "SLEM 5 must be configured to create or update passwords with a minimum lifetime of 24 hours (one day).", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_minimum_age_login_defs"], "controls": []}, {"id": "SLEM-05-611100", "levels": ["medium"], "notes": "", "title": "SLEM 5 must be configured to create or update passwords with a maximum lifetime of 60 days.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_maximum_age_login_defs"], "controls": []}, {"id": "SLEM-05-612010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must have the packages required for multifactor authentication to be installed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["install_smartcard_packages"], "controls": []}, {"id": "SLEM-05-612015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must implement multifactor authentication for access to privileged accounts via pluggable authentication modules (PAM).", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["smartcard_pam_enabled"], "controls": []}, {"id": "SLEM-05-612020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must implement certificate status checking for multifactor authentication.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["smartcard_configure_cert_checking"], "controls": []}, {"id": "SLEM-05-631010", "levels": ["medium"], "notes": "", "title": "If Network Security Services (NSS) is being used by SLEM 5 it must prohibit the use of cached authentications after one day.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sssd_memcache_timeout", "var_sssd_memcache_timeout=1_day"], "controls": []}, {"id": "SLEM-05-631015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to prohibit the use of cached offline authentications after one day.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sssd_offline_cred_expiration"], "controls": []}, {"id": "SLEM-05-631020", "levels": ["medium"], "notes": "", "title": "SLEM 5, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["smartcard_configure_ca"], "controls": []}, {"id": "SLEM-05-631025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["pam_disable_automatic_configuration"], "controls": []}, {"id": "SLEM-05-651010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must use a file integrity tool to verify correct operation of all security functions.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["aide_build_database", "package_aide_installed"], "controls": []}, {"id": "SLEM-05-651015", "levels": ["medium"], "notes": "", "title": "SLEM 5 file integrity tool must be configured to verify Access Control Lists (ACLs).", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["aide_verify_acls"], "controls": []}, {"id": "SLEM-05-651020", "levels": ["medium"], "notes": "", "title": "SLEM 5 file integrity tool must be configured to verify extended attributes.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["aide_verify_ext_attributes"], "controls": []}, {"id": "SLEM-05-651025", "levels": ["medium"], "notes": "", "title": "SLEM 5 file integrity tool must be configured to protect the integrity of the audit tools.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["aide_check_audit_tools"], "controls": []}, {"id": "SLEM-05-651030", "levels": ["medium"], "notes": "", "title": "Advanced Intrusion Detection Environment (AIDE) must verify the baseline SLEM 5 configuration at least weekly.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["aide_periodic_checking_systemd_timer"], "controls": []}, {"id": "SLEM-05-651035", "levels": ["medium"], "notes": "", "title": "SLEM 5 must notify the system administrator (SA) when Advanced Intrusion Detection Environment (AIDE) discovers anomalies in the operation of any security functions.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["aide_scan_notification"], "controls": []}, {"id": "SLEM-05-652010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must offload rsyslog messages for networked systems in real time and offload standalone systems at least weekly.", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["systemd_journal_upload_url", "service_systemd-journal-upload_enabled", "package_systemd-journal-remote_installed", "systemd_journal_upload_server_tls"], "controls": []}, {"id": "SLEM-05-653010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must have the auditing package installed.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_audit_installed"], "controls": []}, {"id": "SLEM-05-653015", "levels": ["medium"], "notes": "", "title": "SLEM 5 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_auditd_enabled"], "controls": []}, {"id": "SLEM-05-653020", "levels": ["medium"], "notes": "", "title": "The audit-audispd-plugins package must be installed on SLEM 5.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_audit-audispd-plugins_installed"], "controls": []}, {"id": "SLEM-05-653025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_audispd_configure_sufficiently_large_partition"], "controls": []}, {"id": "SLEM-05-653030", "levels": ["medium"], "notes": "", "title": "SLEM 5 auditd service must notify the system administrator (SA) and information system security officer (ISSO) immediately when audit storage capacity is 75 percent full.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_data_retention_space_left_percentage", "auditd_data_retention_space_left_action", "var_auditd_space_left_percentage=25pc", "var_auditd_space_left_action=email"], "controls": []}, {"id": "SLEM-05-653035", "levels": ["medium"], "notes": "", "title": "SLEM 5 audit system must take appropriate action when the audit storage volume is full.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_data_disk_full_action"], "controls": []}, {"id": "SLEM-05-653040", "levels": ["medium"], "notes": "", "title": "SLEM 5 must offload audit records onto a different system or media from the system being audited.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_audispd_network_failure_action"], "controls": []}, {"id": "SLEM-05-653045", "levels": ["medium"], "notes": "", "title": "Audispd must take appropriate action when SLEM 5 audit storage is full.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_audispd_disk_full_action"], "controls": []}, {"id": "SLEM-05-653050", "levels": ["medium"], "notes": "", "title": "SLEM 5 must protect audit rules from unauthorized modification.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["permissions_local_var_log_audit"], "controls": []}, {"id": "SLEM-05-653055", "levels": ["medium"], "notes": "", "title": "SLEM 5 audit tools must have the proper permissions configured to protect against unauthorized access.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["permissions_local_audit_binaries"], "controls": []}, {"id": "SLEM-05-653060", "levels": ["medium"], "notes": "", "title": "SLEM 5 audit tools must have the proper permissions applied to protect against unauthorized access.", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "SLEM-05-653065", "levels": ["low"], "notes": "", "title": "SLEM 5 audit event multiplexor must be configured to use Kerberos.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_audispd_encrypt_sent_records"], "controls": []}, {"id": "SLEM-05-653070", "levels": ["medium"], "notes": "", "title": "Audispd must offload audit records onto a different system or media from SLEM 5 being audited.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_audispd_configure_remote_server"], "controls": []}, {"id": "SLEM-05-653075", "levels": ["medium"], "notes": "", "title": "The information system security officer (ISSO) and system administrator (SA), at a minimum, must have mail aliases to be notified of a SLEM 5 audit processing failure.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["postfix_client_configure_mail_alias"], "controls": []}, {"id": "SLEM-05-653080", "levels": ["medium"], "notes": "", "title": "The information system security officer (ISSO) and system administrator (SA), at a minimum, must be alerted of a SLEM 5 audit processing failure event.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_data_retention_action_mail_acct"], "controls": []}, {"id": "SLEM-05-654010", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"chacl\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_execution_chacl"], "controls": []}, {"id": "SLEM-05-654015", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"chage\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_chage"], "controls": []}, {"id": "SLEM-05-654020", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"chcon\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_execution_chcon"], "controls": []}, {"id": "SLEM-05-654025", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"chfn\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_chfn"], "controls": []}, {"id": "SLEM-05-654030", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"chmod\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_execution_chmod"], "controls": []}, {"id": "SLEM-05-654035", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for a uses of the \"chsh\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_chsh"], "controls": []}, {"id": "SLEM-05-654040", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"crontab\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_crontab"], "controls": []}, {"id": "SLEM-05-654045", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"gpasswd\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_gpasswd"], "controls": []}, {"id": "SLEM-05-654050", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"insmod\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_insmod"], "controls": []}, {"id": "SLEM-05-654055", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"kmod\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_kmod"], "controls": []}, {"id": "SLEM-05-654060", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"modprobe\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_modprobe"], "controls": []}, {"id": "SLEM-05-654065", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"newgrp\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_newgrp"], "controls": []}, {"id": "SLEM-05-654070", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"pam_timestamp_check\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_pam_timestamp_check"], "controls": []}, {"id": "SLEM-05-654075", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"passwd\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_passwd"], "controls": []}, {"id": "SLEM-05-654080", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"rm\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_execution_rm"], "controls": []}, {"id": "SLEM-05-654085", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"rmmod\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_rmmod"], "controls": []}, {"id": "SLEM-05-654090", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"setfacl\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_execution_setfacl"], "controls": []}, {"id": "SLEM-05-654095", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"ssh-agent\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_ssh_agent"], "controls": []}, {"id": "SLEM-05-654100", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"ssh-keysign\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_ssh_keysign"], "controls": []}, {"id": "SLEM-05-654105", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"su\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_su"], "controls": []}, {"id": "SLEM-05-654110", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"sudo\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_sudo"], "controls": []}, {"id": "SLEM-05-654115", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"sudoedit\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_sudoedit"], "controls": []}, {"id": "SLEM-05-654120", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"unix_chkpwd\" or \"unix2_chkpwd\" commands.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_unix_chkpwd"], "controls": []}, {"id": "SLEM-05-654125", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"usermod\" command.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_usermod"], "controls": []}, {"id": "SLEM-05-654130", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_usergroup_modification_group"], "controls": []}, {"id": "SLEM-05-654135", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_usergroup_modification_opasswd"], "controls": []}, {"id": "SLEM-05-654140", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_usergroup_modification_passwd"], "controls": []}, {"id": "SLEM-05-654145", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_usergroup_modification_shadow"], "controls": []}, {"id": "SLEM-05-654150", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"chmod\", \"fchmod\" and \"fchmodat\" system calls.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_dac_modification_fchmod"], "controls": []}, {"id": "SLEM-05-654155", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"chown\", \"fchown\", \"fchownat\", and \"lchown\" system calls.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_dac_modification_lchown"], "controls": []}, {"id": "SLEM-05-654160", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"creat\", \"open\", \"openat\", \"open_by_handle_at\", \"truncate\", and \"ftruncate\" system calls.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_unsuccessful_file_modification_open"], "controls": []}, {"id": "SLEM-05-654165", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"delete_module\" system call.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_kernel_module_loading_delete"], "controls": []}, {"id": "SLEM-05-654170", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"init_module\" and \"finit_module\" system calls.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_kernel_module_loading_finit"], "controls": []}, {"id": "SLEM-05-654175", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"mount\" system call.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_media_export"], "controls": []}, {"id": "SLEM-05-654180", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"setxattr\", \"fsetxattr\", \"lsetxattr\", \"removexattr\", \"fremovexattr\", and \"lremovexattr\" system calls.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_dac_modification_fremovexattr"], "controls": []}, {"id": "SLEM-05-654185", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"umount\" system call.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_dac_modification_umount2"], "controls": []}, {"id": "SLEM-05-654190", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of the \"unlink\", \"unlinkat\", \"rename\", \"renameat\", and \"rmdir\" system calls.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_unsuccessful_file_modification_rename"], "controls": []}, {"id": "SLEM-05-654195", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all uses of privileged functions.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_suid_privilege_function"], "controls": []}, {"id": "SLEM-05-654200", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all modifications to the \"lastlog\" file.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_login_events_lastlog"], "controls": []}, {"id": "SLEM-05-654205", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for all modifications to the \"tallylog\" file must generate an audit record.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_login_events_tallylog"], "controls": []}, {"id": "SLEM-05-654210", "levels": ["medium"], "notes": "", "title": "SLEM 5 must audit all uses of the sudoers file and all files in the \"/etc/sudoers.d/\" directory.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_sysadmin_actions"], "controls": []}, {"id": "SLEM-05-654215", "levels": ["medium"], "notes": "", "title": "Successful/unsuccessful uses of \"setfiles\" in SLEM 5 must generate an audit record.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_execution_setfiles"], "controls": []}, {"id": "SLEM-05-654220", "levels": ["medium"], "notes": "", "title": "Successful/unsuccessful uses of \"semanage\" in SLEM 5 must generate an audit record.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_execution_semanage", "package_policycoreutils-python-utils_installed"], "controls": []}, {"id": "SLEM-05-654225", "levels": ["medium"], "notes": "", "title": "Successful/unsuccessful uses of \"setsebool\" in SLEM 5 must generate an audit record.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_execution_setsebool"], "controls": []}, {"id": "SLEM-05-654230", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for the \"/run/utmp file\".", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_session_events_utmp"], "controls": []}, {"id": "SLEM-05-654235", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for the \"/var/log/btmp\" file.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_session_events_btmp"], "controls": []}, {"id": "SLEM-05-654240", "levels": ["medium"], "notes": "", "title": "SLEM 5 must generate audit records for the \"/var/log/wtmp\" file.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_session_events_wtmp"], "controls": []}, {"id": "SLEM-05-654245", "levels": ["medium"], "notes": "", "title": "SLEM 5 must not disable syscall auditing.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_enable_syscall_auditing"], "controls": []}, {"id": "SLEM-05-671010", "levels": ["high"], "notes": "", "title": "FIPS 140-2/140-3 mode must be enabled on SLEM 5.", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["is_fips_mode_enabled"], "controls": []}], "levels": [{"id": "high", "inherits_from": null}, {"id": "medium", "inherits_from": null}, {"id": "low", "inherits_from": null}]}