{"id": "std_openeuler2203", "policy": "Standard Benchmark for openEuler", "title": "Standard Benchmark for openEuler", "source": "https://gitee.com/openeuler/security-committee/blob/master/sub-projects/secure-configuration-benchmark/release/", "definition_location": "/aptdata/openscap/scap-security-guide/controls/std_openeuler2203.yml", "controls": [{"id": "1.1.1", "levels": ["l1_server"], "notes": "", "title": "Ensure All Files Have Owner And Group", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_ungroupowned", "no_files_unowned_by_user", "no_files_unowned_by_user.severity=high", "file_permissions_ungroupowned.severity=high"], "controls": []}, {"id": "1.1.2", "levels": ["l1_server"], "notes": "", "title": "Ensure No Empty Symlink", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.3", "levels": ["l1_server"], "notes": "", "title": "Ensure No Hidden Executable Files", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.4", "levels": ["l1_server"], "notes": "", "title": "Ensure Sticky Set On Global Writable Folder", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dir_perms_world_writable_sticky_bits", "dir_perms_world_writable_sticky_bits.severity=high"], "controls": []}, {"id": "1.1.5", "levels": ["l1_server"], "notes": "", "title": "Ensure UMASK Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_umask_etc_bashrc", "var_accounts_user_umask=077", "accounts_umask_etc_bashrc.severity=high"], "controls": []}, {"id": "1.1.6", "levels": ["l1_server"], "notes": "", "title": "Ensure No Global Writable File", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_unauthorized_world_writable", "file_permissions_unauthorized_world_writable.severity=high"], "controls": []}, {"id": "1.1.7", "levels": ["l1_server"], "notes": "", "title": "Umount Unnecessary File System", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.8", "levels": ["l1_server"], "notes": "", "title": "Ensure Mount As Readonly If No Need To Write", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.9", "levels": ["l1_server"], "notes": "", "title": "Ensure Mount As Nodev", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.10", "levels": ["l1_server"], "notes": "", "title": "Ensure Mount As Noexec", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.11", "levels": ["l1_server"], "notes": "", "title": "Ensure Mount As Noexec And Nodev For Removable Device", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["mount_option_noexec_removable_partitions", "mount_option_nodev_removable_partitions", "mount_option_noexec_removable_partitions.severity=high", "mount_option_nodev_removable_partitions.severity=high"], "controls": []}, {"id": "1.1.12", "levels": ["l1_server"], "notes": "", "title": "Ensure Mount As Nosuid", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.13", "levels": ["l1_server"], "notes": "", "title": "Ensure Remove Unnecessary SUID And SGID", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_permissions_unauthorized_suid", "file_permissions_unauthorized_sgid", "file_permissions_unauthorized_suid.severity=high", "file_permissions_unauthorized_sgid.severity=high"], "controls": []}, {"id": "1.1.14", "levels": ["l1_server"], "notes": "", "title": "Ensure File Permission Minimize", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.15", "levels": ["l1_server"], "notes": "", "title": "Ensure Ulinmit Correctly", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.16", "levels": ["l1_server"], "notes": "", "title": "Ensure Symlinks And Hardlinks Protected", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_fs_protected_hardlinks", "sysctl_fs_protected_symlinks", "sysctl_fs_protected_symlinks.severity=high", "sysctl_fs_protected_hardlinks.severity=high"], "controls": []}, {"id": "1.1.17", "levels": ["l2_server"], "notes": "", "title": "Ensure USB Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["kernel_module_usb-storage_disabled", "kernel_module_usb-storage_disabled.severity=low"], "controls": []}, {"id": "1.1.18", "levels": ["l2_server"], "notes": "", "title": "Ensure Different Data Store In Different Partitions", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.19", "levels": ["l1_server"], "notes": "", "title": "Ensure LD_LIBRARY_PATH Correct", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.1.20", "levels": ["l1_server"], "notes": "", "title": "Ensure User PATH Correct", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.2.1", "levels": ["l1_server"], "notes": "", "title": "Ensure FTP Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_ftp_removed", "package_ftp_removed.severity=high"], "controls": []}, {"id": "1.2.2", "levels": ["l1_server"], "notes": "", "title": "Ensure TFTP Server Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_tftp-server_removed", "package_tftp_removed", "package_tftp_removed.severity=high", "package_tftp-server_removed.severity=high"], "controls": []}, {"id": "1.2.3", "levels": ["l1_server"], "notes": "", "title": "Ensure Telnet Server Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_telnet_removed", "package_telnet-server_removed", "package_telnet_removed.severity=high", "package_telnet-server_removed.severity=high"], "controls": []}, {"id": "1.2.4", "levels": ["l1_server"], "notes": "", "title": "Ensure SNMP Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_net-snmp_removed", "package_net-snmp_removed.severity=high"], "controls": []}, {"id": "1.2.5", "levels": ["l1_server"], "notes": "", "title": "Ensure Python2 Not Installed", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.2.6", "levels": ["l1_server"], "notes": "", "title": "Ensure GPG Check Configured", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["ensure_gpgcheck_globally_activated", "ensure_gpgcheck_never_disabled", "ensure_gpgcheck_globally_activated.severity=high", "ensure_gpgcheck_never_disabled.severity=high"], "controls": []}, {"id": "1.2.7", "levels": ["l1_server"], "notes": "", "title": "Ensure Debug-Shell Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_debug-shell_disabled", "service_debug-shell_disabled.severity=high"], "controls": []}, {"id": "1.2.8", "levels": ["l1_server"], "notes": "", "title": "Ensure Rsync Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_rsyncd_disabled", "service_rsyncd_disabled.severity=high"], "controls": []}, {"id": "1.2.9", "levels": ["l1_server"], "notes": "", "title": "Ensure Avahi Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_avahi-daemon_disabled", "service_avahi-daemon_disabled.severity=high"], "controls": []}, {"id": "1.2.10", "levels": ["l1_server"], "notes": "", "title": "Ensure LDAP Server Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_openldap-servers_removed", "package_openldap-servers_removed.severity=high"], "controls": []}, {"id": "1.2.11", "levels": ["l1_server"], "notes": "", "title": "Ensure CUPS Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_cups_removed", "package_cups_removed.severity=high"], "controls": []}, {"id": "1.2.12", "levels": ["l1_server"], "notes": "", "title": "Ensure NIS Server Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_ypserv_removed", "package_ypserv_removed.severity=high"], "controls": []}, {"id": "1.2.13", "levels": ["l1_server"], "notes": "", "title": "Ensure NIS Client Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_ypbind_removed", "package_ypbind_removed.severity=high"], "controls": []}, {"id": "1.2.14", "levels": ["l1_server"], "notes": "", "title": "Ensure LDAP Client Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_openldap-clients_removed", "package_openldap-clients_removed.severity=high"], "controls": []}, {"id": "1.2.15", "levels": ["l1_server"], "notes": "", "title": "Ensure Network Sniffing Software Removed", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.2.16", "levels": ["l1_server"], "notes": "", "title": "Ensure Debug Tools Removed", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.2.17", "levels": ["l1_server"], "notes": "", "title": "Ensure Compiler Tools Removed", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "1.2.18", "levels": ["l2_server"], "notes": "", "title": "Ensure X Window Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["xwindows_remove_packages", "xwindows_remove_packages.severity=low"], "controls": []}, {"id": "1.2.19", "levels": ["l2_server"], "notes": "", "title": "Ensure Http Service Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_httpd_removed", "package_httpd_removed.severity=low"], "controls": []}, {"id": "1.2.20", "levels": ["l2_server"], "notes": "", "title": "Ensure Samba Service Not Installed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_samba_removed", "package_samba_removed.severity=low"], "controls": []}, {"id": "1.2.21", "levels": ["l2_server"], "notes": "", "title": "Ensure DNS Service Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_named_disabled", "service_named_disabled.severity=low"], "controls": []}, {"id": "1.2.22", "levels": ["l2_server"], "notes": "", "title": "Ensure NFS Service Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_nfs_disabled", "service_nfs_disabled.severity=low"], "controls": []}, {"id": "1.2.23", "levels": ["l2_server"], "notes": "", "title": "Ensure RPC Service Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_rpcbind_disabled", "service_rpcbind_disabled.severity=low"], "controls": []}, {"id": "1.2.24", "levels": ["l2_server"], "notes": "", "title": "Ensure DHCP Service Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_dhcpd_disabled", "service_dhcpd_disabled.severity=low"], "controls": []}, {"id": "2.1.1", "levels": ["l1_server"], "notes": "", "title": "Ensure All Login Accounts Are Necessary", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.1.2", "levels": ["l1_server"], "notes": "", "title": "Ensure No Unused Accounts", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.1.3", "levels": ["l1_server"], "notes": "", "title": "Ensure Different Accounts Have Different GroupID", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.1.4", "levels": ["l1_server"], "notes": "", "title": "Ensure Only Root's UID Is 0", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_no_uid_except_zero", "accounts_no_uid_except_zero.severity=high"], "controls": []}, {"id": "2.1.5", "levels": ["l1_server"], "notes": "", "title": "Ensure Account Related Files Have Correct Permission", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_owner_backup_etc_shadow", "file_permissions_etc_shadow", "file_owner_backup_etc_group", "file_owner_backup_etc_gshadow", "file_owner_etc_group", "file_permissions_etc_passwd", "file_permissions_backup_etc_passwd", "file_groupowner_backup_etc_shadow", "file_groupowner_backup_etc_gshadow", "file_groupowner_etc_group", "file_permissions_etc_gshadow", "file_owner_etc_gshadow", "file_groupowner_backup_etc_group", "file_permissions_backup_etc_shadow", "file_owner_etc_passwd", "file_groupowner_etc_passwd", "file_owner_etc_shadow", "file_permissions_backup_etc_gshadow", "file_groupowner_etc_shadow", "file_groupowner_backup_etc_passwd", "file_owner_backup_etc_passwd", "file_permissions_etc_group", "file_groupowner_etc_gshadow", "file_permissions_backup_etc_group", "file_owner_etc_passwd.severity=high", "file_groupowner_etc_passwd.severity=high", "file_owner_etc_shadow.severity=high", "file_groupowner_etc_shadow.severity=high", "file_owner_etc_group.severity=high", "file_groupowner_etc_group.severity=high", "file_owner_etc_gshadow.severity=high", "file_groupowner_etc_gshadow.severity=high", "file_owner_backup_etc_passwd.severity=high", "file_groupowner_backup_etc_passwd.severity=high", "file_owner_backup_etc_shadow.severity=high", "file_groupowner_backup_etc_shadow.severity=high", "file_owner_backup_etc_group.severity=high", "file_groupowner_backup_etc_group.severity=high", "file_owner_backup_etc_gshadow.severity=high", "file_groupowner_backup_etc_gshadow.severity=high", "file_permissions_etc_passwd.severity=high", "file_permissions_etc_shadow.severity=high", "file_permissions_etc_group.severity=high", "file_permissions_etc_gshadow.severity=high", "file_permissions_backup_etc_passwd.severity=high", "file_permissions_backup_etc_shadow.severity=high", "file_permissions_backup_etc_group.severity=high", "file_permissions_backup_etc_gshadow.severity=high"], "controls": []}, {"id": "2.1.6", "levels": ["l1_server"], "notes": "", "title": "Ensure All Accounts Have Own Home Folder", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_user_interactive_home_directory_exists", "accounts_user_interactive_home_directory_exists.severity=high"], "controls": []}, {"id": "2.1.7", "levels": ["l1_server"], "notes": "", "title": "Ensure All Groups Existed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["gid_passwd_group_same", "gid_passwd_group_same.severity=high"], "controls": []}, {"id": "2.1.8", "levels": ["l1_server"], "notes": "", "title": "Ensure UID Unique", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["account_unique_id", "account_unique_id.severity=high"], "controls": []}, {"id": "2.1.9", "levels": ["l1_server"], "notes": "", "title": "Ensure Account Name Unique", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["account_unique_name", "account_unique_name.severity=high"], "controls": []}, {"id": "2.1.10", "levels": ["l1_server"], "notes": "", "title": "Ensure Group Unique ID", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["group_unique_id", "group_unique_id.severity=high"], "controls": []}, {"id": "2.1.11", "levels": ["l1_server"], "notes": "", "title": "Ensure Group Unique Name", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["group_unique_name", "group_unique_name.severity=high"], "controls": []}, {"id": "2.1.12", "levels": ["l2_server"], "notes": "", "title": "Ensure Account Expire Date Correct", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["account_temp_expire_date", "account_temp_expire_date.severity=low"], "controls": []}, {"id": "2.1.13", "levels": ["l2_server"], "notes": "", "title": "Ensure No .forward Files In Home Folder", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_forward_files", "no_forward_files.severity=low"], "controls": []}, {"id": "2.1.14", "levels": ["l2_server"], "notes": "", "title": "Ensure No .netrc Files In Home Folder", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["no_netrc_files", "no_netrc_files.severity=low"], "controls": []}, {"id": "2.2.1", "levels": ["l1_server"], "notes": "", "title": "Ensure Set Correct Password Complexity", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_pam_minlen", "accounts_password_pam_ocredit", "accounts_password_pam_minclass", "accounts_password_pam_enforce_root", "accounts_password_pam_ucredit", "accounts_password_pam_retry", "accounts_password_pam_lcredit", "accounts_password_pam_dcredit", "var_password_pam_minlen=8", "var_password_pam_minclass=3", "var_password_pam_retry=3", "var_password_pam_dcredit=0", "var_password_pam_ucredit=0", "var_password_pam_lcredit=0", "var_password_pam_ocredit=0", "accounts_password_pam_minlen.severity=high", "accounts_password_pam_minclass.severity=high", "accounts_password_pam_retry.severity=high", "accounts_password_pam_dcredit.severity=high", "accounts_password_pam_ucredit.severity=high", "accounts_password_pam_lcredit.severity=high", "accounts_password_pam_ocredit.severity=high", "accounts_password_pam_enforce_root.severity=high"], "controls": []}, {"id": "2.2.2", "levels": ["l1_server"], "notes": "", "title": "Ensure No History Password Used", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_pam_unix_remember", "var_password_pam_unix_remember=5", "accounts_password_pam_unix_remember.severity=high"], "controls": []}, {"id": "2.2.3", "levels": ["l1_server"], "notes": "", "title": "Ensure Old Password Verified", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.2.4", "levels": ["l1_server"], "notes": "", "title": "Ensure Password Not Contain User Name", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.2.5", "levels": ["l1_server"], "notes": "", "title": "Ensure Using Strong Hash Algorithm To Encipher Password", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_password_hashing_algorithm_systemauth", "set_password_hashing_algorithm_passwordauth", "var_password_hashing_algorithm_pam=sha512", "set_password_hashing_algorithm_systemauth.severity=high", "set_password_hashing_algorithm_passwordauth.severity=high"], "controls": []}, {"id": "2.2.6", "levels": ["l1_server"], "notes": "", "title": "Ensure Password Dictionary Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_pam_dictcheck", "accounts_password_pam_dictcheck.severity=high"], "controls": []}, {"id": "2.2.7", "levels": ["l1_server"], "notes": "", "title": "Ensure Password Expire Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_password_warn_age_login_defs", "accounts_minimum_age_login_defs", "accounts_maximum_age_login_defs", "var_accounts_maximum_age_login_defs=90", "var_accounts_password_warn_age_login_defs=7", "var_accounts_minimum_age_login_defs=0", "accounts_maximum_age_login_defs.severity=high", "accounts_password_warn_age_login_defs.severity=high", "accounts_minimum_age_login_defs.severity=high"], "controls": []}, {"id": "2.2.8", "levels": ["l1_server"], "notes": "", "title": "Ensure No Empty Password", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_empty_passwords", "sshd_disable_empty_passwords.severity=high"], "controls": []}, {"id": "2.2.9", "levels": ["l1_server"], "notes": "", "title": "Ensure Grub Password Set", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["grub2_password", "grub2_uefi_password", "grub2_password.severity=high", "grub2_uefi_password.severity=high"], "controls": []}, {"id": "2.2.10", "levels": ["l1_server"], "notes": "", "title": "Ensure Password Set In Single User Mode", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["require_emergency_target_auth", "require_emergency_target_auth.severity=high"], "controls": []}, {"id": "2.2.11", "levels": ["l1_server"], "notes": "", "title": "Ensure Password Changed At First Login", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.3.1", "levels": ["l1_server"], "notes": "", "title": "Ensure Account Locked After Accessing Fail", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_passwords_pam_faillock_unlock_time", "accounts_passwords_pam_faillock_deny", "var_accounts_passwords_pam_faillock_deny=3", "var_accounts_passwords_pam_faillock_unlock_time=300", "accounts_passwords_pam_faillock_deny.severity=high", "accounts_passwords_pam_faillock_unlock_time.severity=high"], "controls": []}, {"id": "2.3.2", "levels": ["l1_server"], "notes": "", "title": "Ensure TIMOUT Set Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_tmout", "var_accounts_tmout=5_min", "accounts_tmout.severity=high"], "controls": []}, {"id": "2.3.3", "levels": ["l1_server"], "notes": "", "title": "Ensure Warning Banners Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_owner_etc_motd", "file_groupowner_etc_issue_net", "file_permissions_etc_issue", "file_groupowner_etc_motd", "file_owner_etc_issue_net", "file_permissions_etc_issue_net", "file_groupowner_etc_issue", "file_permissions_etc_motd", "file_owner_etc_issue", "file_groupowner_etc_issue.severity=high", "file_groupowner_etc_issue_net.severity=high", "file_groupowner_etc_motd.severity=high", "file_owner_etc_issue.severity=high", "file_owner_etc_issue_net.severity=high", "file_owner_etc_motd.severity=high", "file_permissions_etc_issue.severity=high", "file_permissions_etc_issue_net.severity=high", "file_permissions_etc_motd.severity=high"], "controls": []}, {"id": "2.3.4", "levels": ["l1_server"], "notes": "", "title": "Ensure Warning Path Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_enable_warning_banner_net", "sshd_enable_warning_banner_net.severity=high"], "controls": []}, {"id": "2.4.1", "levels": ["l2_server"], "notes": "", "title": "Ensure HISTSIZE Limited", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.4.2", "levels": ["l2_server"], "notes": "", "title": "Ensure SELinux Enforce", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["selinux_state", "selinux_state.severity=low"], "controls": []}, {"id": "2.4.3", "levels": ["l2_server"], "notes": "", "title": "Ensure SELinux Configurate Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["selinux_policytype", "selinux_policytype.severity=low"], "controls": []}, {"id": "2.4.4", "levels": ["l1_server"], "notes": "", "title": "Ensure SU Usage Limited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["use_pam_wheel_for_su", "use_pam_wheel_for_su.severity=high"], "controls": []}, {"id": "2.4.5", "levels": ["l1_server"], "notes": "", "title": "Ensure Use Sudo To Run", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sudo_restrict_privilege_elevation_to_authorized", "sudo_restrict_privilege_elevation_to_authorized.severity=high"], "controls": []}, {"id": "2.4.6", "levels": ["l1_server"], "notes": "", "title": "Ensure No Files In /etc/sudoers Can Be Write By Low-privilege User", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.4.7", "levels": ["l1_server"], "notes": "", "title": "Ensure Low-privilege User Cannot Escalate By Pkexec", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.4.8", "levels": ["l1_server"], "notes": "", "title": "Ensure ALWAYS_SET_PATH Configurated", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.4.9", "levels": ["l2_server"], "notes": "", "title": "Ensure Root Can Not Login Local", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.4.10", "levels": ["l2_server"], "notes": "", "title": "Ensure Not Run Files wiht unconfined_service_t Flag", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["selinux_confinement_of_daemons", "selinux_confinement_of_daemons.severity=low"], "controls": []}, {"id": "2.5.1", "levels": ["l2_server"], "notes": "", "title": "Ensure IMA Enabled", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.5.2", "levels": ["l2_server"], "notes": "", "title": "Ensure AIDE Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_aide_installed", "aide_build_database", "package_aide_installed.severity=low", "aide_build_database.severity=low"], "controls": []}, {"id": "2.6.1", "levels": ["l2_server"], "notes": "", "title": "Ensure Haveged Enabled", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "2.6.2", "levels": ["l2_server"], "notes": "", "title": "Global Crypto Setting Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["configure_crypto_policy", "configure_crypto_policy.severity=low"], "controls": []}, {"id": "3.1.1", "levels": ["l2_server"], "notes": "", "title": "Ensure No Unusual Network Service", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["kernel_module_sctp_disabled", "kernel_module_tipc_disabled", "kernel_module_sctp_disabled.severity=low", "kernel_module_tipc_disabled.severity=low"], "controls": []}, {"id": "3.1.2", "levels": ["l2_server"], "notes": "", "title": "Ensure No WIFI", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["wireless_disable_interfaces", "wireless_disable_interfaces.severity=low"], "controls": []}, {"id": "3.2.1", "levels": ["l2_server"], "notes": "", "title": "Ensure Firewalld Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_firewalld_enabled", "service_firewalld_enabled.severity=low"], "controls": []}, {"id": "3.2.2", "levels": ["l2_server"], "notes": "", "title": "Ensure Firewalld Set Default Zone Correctly", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.2.3", "levels": ["l2_server"], "notes": "", "title": "Ensure Firewalld Set Correct Interface Zone", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_firewalld_appropriate_zone", "set_firewalld_appropriate_zone.severity=low"], "controls": []}, {"id": "3.2.4", "levels": ["l2_server"], "notes": "", "title": "Ensure Unnecessary Service And Port Disabled", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["unnecessary_firewalld_services_ports_disabled", "unnecessary_firewalld_services_ports_disabled.severity=low"], "controls": []}, {"id": "3.2.5", "levels": ["l2_server"], "notes": "", "title": "Ensure Iptables Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_iptables_enabled", "service_ip6tables_enabled", "service_iptables_enabled.severity=low", "service_ip6tables_enabled.severity=low"], "controls": []}, {"id": "3.2.6", "levels": ["l2_server"], "notes": "", "title": "Ensure Iptables Default Refuse Rules Set", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_iptables_default_rule", "set_iptables_default_rule.severity=low"], "controls": []}, {"id": "3.2.7", "levels": ["l2_server"], "notes": "", "title": "Ensure Iptables Loopback Rules Set", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_loopback_traffic", "set_ipv6_loopback_traffic", "set_loopback_traffic.severity=low", "set_ipv6_loopback_traffic.severity=low"], "controls": []}, {"id": "3.2.8", "levels": ["l2_server"], "notes": "", "title": "Ensure Iptables Input Rules Set", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.2.9", "levels": ["l2_server"], "notes": "", "title": "Ensure Iptables Output Rules Set", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.2.10", "levels": ["l2_server"], "notes": "", "title": "Ensure Iptables Input Output Connection Rules Set", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_iptables_outbound_n_established", "set_iptables_outbound_n_established.severity=low"], "controls": []}, {"id": "3.2.11", "levels": ["l2_server"], "notes": "", "title": "Ensure Nftables Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_nftables_enabled", "service_nftables_enabled.severity=low"], "controls": []}, {"id": "3.2.12", "levels": ["l2_server"], "notes": "", "title": "Ensure Nftables Default Refuse Rules Set", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["nftables_ensure_default_deny_policy", "nftables_ensure_default_deny_policy.severity=low"], "controls": []}, {"id": "3.2.13", "levels": ["l2_server"], "notes": "", "title": "Ensure Nftables Loopback Rules Set", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_nftables_loopback_traffic", "set_nftables_loopback_traffic.severity=low"], "controls": []}, {"id": "3.2.14", "levels": ["l2_server"], "notes": "", "title": "Ensure Nftables Input Rules Set", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.2.15", "levels": ["l2_server"], "notes": "", "title": "Ensure Nftables Output Rules Set", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.2.16", "levels": ["l2_server"], "notes": "", "title": "Ensure Nftables Input Output Connection Rules Set", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["set_nftables_new_connections", "set_nftables_new_connections.severity=low"], "controls": []}, {"id": "3.3.1", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Protocol Version Is 2", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_allow_only_protocol2", "sshd_allow_only_protocol2.severity=high"], "controls": []}, {"id": "3.3.2", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Authentication Setting Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_rhosts", "disable_host_auth", "sshd_disable_rhosts.severity=high", "disable_host_auth.severity=high"], "controls": []}, {"id": "3.3.3", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Key Exchange Algorithm Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_use_strong_kex", "sshd_strong_kex=std_openeuler", "sshd_use_strong_kex.severity=high"], "controls": []}, {"id": "3.3.4", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Pubkey Algorithm Correct", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.3.5", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd PAM Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_enable_pam", "sshd_enable_pam.severity=high"], "controls": []}, {"id": "3.3.6", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd MACs Algorithm Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_use_strong_macs", "sshd_use_strong_macs.severity=high"], "controls": []}, {"id": "3.3.7", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Ciphers Algorithm Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_use_strong_ciphers", "sshd_use_strong_ciphers.severity=high"], "controls": []}, {"id": "3.3.8", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Ciphers Algorithm Not Overwritten", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.3.9", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Forbid Root Login From Remote", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_root_login", "sshd_disable_root_login.severity=low"], "controls": []}, {"id": "3.3.10", "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd Log Level Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_loglevel_verbose", "sshd_set_loglevel_verbose.severity=low"], "controls": []}, {"id": "3.3.11", "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd Listen Address Set Correct", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.3.12", "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd MaxStartups Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_maxstartups", "var_sshd_set_maxstartups=10:30:60", "sshd_set_maxstartups.severity=low"], "controls": []}, {"id": "3.3.13", "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd Maxsessions Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_max_sessions", "var_sshd_max_sessions=10", "sshd_set_max_sessions.severity=low"], "controls": []}, {"id": "3.3.14", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd X11 Forwarding Forbidden", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_x11_forwarding", "sshd_disable_x11_forwarding.severity=high"], "controls": []}, {"id": "3.3.15", "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd MaxAuthTries Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_max_auth_tries", "sshd_max_auth_tries_value=3", "sshd_set_max_auth_tries.severity=low"], "controls": []}, {"id": "3.3.16", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd PermitUserEnvironment Forbidden", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_do_not_permit_user_env", "sshd_do_not_permit_user_env.severity=high"], "controls": []}, {"id": "3.3.17", "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd LoginGraceTime Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_set_login_grace_time", "var_sshd_set_login_grace_time=60", "sshd_set_login_grace_time.severity=low"], "controls": []}, {"id": "3.3.18", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Authorized Keys Not Set", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.3.19", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Known Hosts Not Set", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_user_known_hosts", "sshd_disable_user_known_hosts.severity=high"], "controls": []}, {"id": "3.3.20", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd Has No Obsolete Configurations", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.3.21", "levels": ["l1_server"], "notes": "", "title": "Ensure SSHd TCP Forward Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sshd_disable_tcp_forwarding", "sshd_disable_tcp_forwarding.severity=high"], "controls": []}, {"id": "3.3.22", "levels": ["l2_server"], "notes": "", "title": "Ensure SSHd Has Correct White and Black Access List", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.4.1", "levels": ["l1_server"], "notes": "", "title": "Ensure Cron Not Run Low Privilege User Writable Bash", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.4.2", "levels": ["l1_server"], "notes": "", "title": "Ensure Cron Deamon Running", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_crond_enabled", "service_crond_enabled.severity=high"], "controls": []}, {"id": "3.4.3", "levels": ["l1_server"], "notes": "", "title": "Ensure AT And Cron Set Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["file_groupowner_at_allow", "file_owner_cron_weekly", "file_groupowner_cron_daily", "file_at_deny_not_exist", "file_groupowner_cron_weekly", "file_groupowner_crontab", "file_owner_cron_d", "file_owner_cron_monthly", "file_permissions_cron_monthly", "file_permissions_cron_d", "file_groupowner_cron_monthly", "file_cron_deny_not_exist", "file_permissions_cron_hourly", "file_owner_cron_daily", "file_groupowner_cron_d", "file_permissions_cron_allow", "file_owner_at_allow", "file_permissions_cron_weekly", "file_permissions_crontab", "file_groupowner_cron_allow", "file_owner_crontab", "file_permissions_at_allow", "file_groupowner_cron_hourly", "file_permissions_cron_daily", "file_owner_cron_hourly", "file_owner_cron_allow", "file_groupowner_cron_d.severity=high", "file_groupowner_cron_daily.severity=high", "file_groupowner_cron_hourly.severity=high", "file_groupowner_cron_monthly.severity=high", "file_groupowner_cron_weekly.severity=high", "file_groupowner_crontab.severity=high", "file_owner_cron_d.severity=high", "file_owner_cron_daily.severity=high", "file_owner_cron_hourly.severity=high", "file_owner_cron_monthly.severity=high", "file_owner_cron_weekly.severity=high", "file_owner_crontab.severity=high", "file_permissions_cron_d.severity=high", "file_permissions_cron_daily.severity=high", "file_permissions_cron_hourly.severity=high", "file_permissions_cron_monthly.severity=high", "file_permissions_cron_weekly.severity=high", "file_permissions_crontab.severity=high", "file_at_deny_not_exist.severity=high", "file_cron_deny_not_exist.severity=high", "file_groupowner_at_allow.severity=high", "file_groupowner_cron_allow.severity=high", "file_owner_at_allow.severity=high", "file_owner_cron_allow.severity=high", "file_permissions_at_allow.severity=high", "file_permissions_cron_allow.severity=high"], "controls": []}, {"id": "3.5.1", "levels": ["l1_server"], "notes": "", "title": "Ensure KASLR Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_kernel_randomize_va_space", "sysctl_kernel_randomize_va_space.severity=high"], "controls": []}, {"id": "3.5.2", "levels": ["l1_server"], "notes": "", "title": "Ensure Dmesg Access Permission Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_kernel_dmesg_restrict", "sysctl_kernel_dmesg_restrict.severity=high"], "controls": []}, {"id": "3.5.3", "levels": ["l1_server"], "notes": "", "title": "Ensure Kptr_restrict Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_kernel_kptr_restrict", "sysctl_kernel_kptr_restrict_value=1", "sysctl_kernel_kptr_restrict.severity=high"], "controls": []}, {"id": "3.5.4", "levels": ["l1_server"], "notes": "", "title": "Ensure Kernel SMAP Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["grub2_nosmap_argument_absent", "grub2_nosmap_argument_absent.severity=high"], "controls": []}, {"id": "3.5.5", "levels": ["l1_server"], "notes": "", "title": "Ensure Kernel SMEP Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["grub2_nosmep_argument_absent", "grub2_nosmep_argument_absent.severity=high"], "controls": []}, {"id": "3.5.6", "levels": ["l1_server"], "notes": "", "title": "Ensure ICMP Broadcast Package Not Responsed", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_icmp_echo_ignore_broadcasts", "sysctl_net_ipv4_icmp_echo_ignore_broadcasts.severity=high"], "controls": []}, {"id": "3.5.7", "levels": ["l1_server"], "notes": "", "title": "Ensure ICMP Redirect Package Not Received", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_default_secure_redirects", "sysctl_net_ipv4_conf_all_accept_redirects", "sysctl_net_ipv4_conf_all_secure_redirects", "sysctl_net_ipv6_conf_all_accept_redirects", "sysctl_net_ipv4_conf_all_accept_redirects_value=disabled", "sysctl_net_ipv4_conf_all_secure_redirects_value=disabled", "sysctl_net_ipv4_conf_default_secure_redirects_value=disabled", "sysctl_net_ipv6_conf_all_accept_redirects_value=disabled", "sysctl_net_ipv4_conf_all_accept_redirects.severity=high", "sysctl_net_ipv4_conf_all_secure_redirects.severity=high", "sysctl_net_ipv4_conf_default_secure_redirects.severity=high", "sysctl_net_ipv6_conf_all_accept_redirects.severity=high"], "controls": []}, {"id": "3.5.8", "levels": ["l1_server"], "notes": "", "title": "Ensure No ICMP Redirect Package Forwarded", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_default_send_redirects", "sysctl_net_ipv4_conf_all_send_redirects", "sysctl_net_ipv4_conf_all_send_redirects.severity=high", "sysctl_net_ipv4_conf_default_send_redirects.severity=high"], "controls": []}, {"id": "3.5.9", "levels": ["l2_server"], "notes": "", "title": "Ensure Ignore All ICMP Request", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.5.10", "levels": ["l1_server"], "notes": "", "title": "Ensure Ignore Bogus Error ICMP Package", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_icmp_ignore_bogus_error_responses", "sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled", "sysctl_net_ipv4_icmp_ignore_bogus_error_responses.severity=high"], "controls": []}, {"id": "3.5.11", "levels": ["l1_server"], "notes": "", "title": "Ensure Reverse Proxy Filter Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_all_rp_filter", "sysctl_net_ipv4_conf_default_rp_filter", "sysctl_net_ipv4_conf_all_rp_filter_value=enabled", "sysctl_net_ipv4_conf_default_rp_filter_value=enabled", "sysctl_net_ipv4_conf_all_rp_filter.severity=high", "sysctl_net_ipv4_conf_default_rp_filter.severity=high"], "controls": []}, {"id": "3.5.12", "levels": ["l1_server"], "notes": "", "title": "Ensure IP Forwarding Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_ip_forward", "sysctl_net_ipv6_conf_all_forwarding", "sysctl_net_ipv6_conf_all_forwarding_value=disabled", "sysctl_net_ipv4_ip_forward.severity=high", "sysctl_net_ipv6_conf_all_forwarding.severity=high"], "controls": []}, {"id": "3.5.13", "levels": ["l1_server"], "notes": "", "title": "Ensure Source Route Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_default_accept_source_route", "sysctl_net_ipv4_conf_all_accept_source_route", "sysctl_net_ipv6_conf_default_accept_source_route", "sysctl_net_ipv6_conf_all_accept_source_route", "sysctl_net_ipv4_conf_all_accept_source_route_value=disabled", "sysctl_net_ipv4_conf_default_accept_source_route_value=disabled", "sysctl_net_ipv6_conf_all_accept_source_route_value=disabled", "sysctl_net_ipv6_conf_default_accept_source_route_value=disabled", "sysctl_net_ipv4_conf_all_accept_source_route.severity=high", "sysctl_net_ipv4_conf_default_accept_source_route.severity=high", "sysctl_net_ipv6_conf_all_accept_source_route.severity=high", "sysctl_net_ipv6_conf_default_accept_source_route.severity=high"], "controls": []}, {"id": "3.5.14", "levels": ["l1_server"], "notes": "", "title": "Ensure TCP-SYN Cookie Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_tcp_syncookies", "sysctl_net_ipv4_tcp_syncookies.severity=high"], "controls": []}, {"id": "3.5.15", "levels": ["l1_server"], "notes": "", "title": "Ensure Source Route And Redirectly Logged", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_net_ipv4_conf_all_log_martians", "sysctl_net_ipv4_conf_default_log_martians", "sysctl_net_ipv4_conf_all_log_martians.severity=high", "sysctl_net_ipv4_conf_default_log_martians.severity=high"], "controls": []}, {"id": "3.5.16", "levels": ["l1_server"], "notes": "", "title": "Ensure tcp_timestamps Disabled", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.5.17", "levels": ["l1_server"], "notes": "", "title": "Ensure TCP Time Wait Correct", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.5.18", "levels": ["l1_server"], "notes": "", "title": "Ensure SYN Recv Set Correct", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.5.19", "levels": ["l1_server"], "notes": "", "title": "Ensure No ARP Proxy", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.5.20", "levels": ["l1_server"], "notes": "", "title": "Ensure Core Dump Set Correct", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "3.5.21", "levels": ["l1_server"], "notes": "", "title": "Ensure SysRq Key Disabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_kernel_sysrq", "sysctl_kernel_sysrq.severity=high"], "controls": []}, {"id": "3.5.22", "levels": ["l2_server"], "notes": "", "title": "Ensure ptrace_scope Set Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["sysctl_kernel_yama_ptrace_scope", "sysctl_kernel_yama_ptrace_scope.severity=low"], "controls": []}, {"id": "3.5.23", "levels": ["l2_server"], "notes": "", "title": "Ensure Seccomp Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["kernel_config_seccomp", "kernel_config_seccomp.severity=low"], "controls": []}, {"id": "3.6.1", "levels": ["l2_server"], "notes": "", "title": "Ensure Ntpd Configuration Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["ntpd_configure_restrictions", "ntpd_specify_remote_server", "service_ntpd_enabled", "service_ntpd_enabled.severity=low", "ntpd_configure_restrictions.severity=low", "ntpd_specify_remote_server.severity=low"], "controls": []}, {"id": "3.6.2", "levels": ["l2_server"], "notes": "", "title": "Ensure Chrony Configuration Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_chronyd_enabled", "chronyd_specify_remote_server", "service_chronyd_enabled.severity=low", "chronyd_specify_remote_server.severity=low"], "controls": []}, {"id": "4.1.1", "levels": ["l1_server"], "notes": "", "title": "Ensure Auditd Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_auditd_enabled", "service_auditd_enabled.severity=high"], "controls": []}, {"id": "4.1.2", "levels": ["l1_server"], "notes": "", "title": "Ensure Auditd Rotate Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_data_retention_max_log_file_action", "auditd_data_retention_num_logs", "var_auditd_max_log_file_action=rotate", "var_auditd_num_logs=5", "auditd_data_retention_max_log_file_action.severity=high", "auditd_data_retention_num_logs.severity=high"], "controls": []}, {"id": "4.1.3", "levels": ["l2_server"], "notes": "", "title": "Ensure Lastlog Recorded", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_login_events_lastlog", "audit_rules_login_events_lastlog.severity=low"], "controls": []}, {"id": "4.1.4", "levels": ["l2_server"], "notes": "", "title": "Ensure Account Info Changing Audited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_usergroup_modification_gshadow", "audit_rules_usergroup_modification_shadow", "audit_rules_usergroup_modification_group", "audit_rules_usergroup_modification_passwd", "audit_rules_usergroup_modification_opasswd", "audit_rules_usergroup_modification_group.severity=low", "audit_rules_usergroup_modification_gshadow.severity=low", "audit_rules_usergroup_modification_opasswd.severity=low", "audit_rules_usergroup_modification_passwd.severity=low", "audit_rules_usergroup_modification_shadow.severity=low"], "controls": []}, {"id": "4.1.5", "levels": ["l2_server"], "notes": "", "title": "Ensure Escalation Audited", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "4.1.6", "levels": ["l2_server"], "notes": "", "title": "Ensure Module Changes Audited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_insmod", "audit_rules_privileged_commands_rmmod", "audit_rules_kernel_module_loading", "audit_rules_privileged_commands_modprobe", "audit_rules_privileged_commands_modprobe.severity=low", "audit_rules_privileged_commands_insmod.severity=low", "audit_rules_privileged_commands_rmmod.severity=low", "audit_rules_kernel_module_loading.severity=low"], "controls": []}, {"id": "4.1.7", "levels": ["l2_server"], "notes": "", "title": "Ensure Sudo Operation Audited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_privileged_commands_sudo", "audit_rules_privileged_commands_sudo.severity=low"], "controls": []}, {"id": "4.1.8", "levels": ["l2_server"], "notes": "", "title": "Ensure Auditd Enabled During Boot", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["grub2_audit_argument", "grub2_audit_argument.severity=low"], "controls": []}, {"id": "4.1.9", "levels": ["l2_server"], "notes": "", "title": "Ensure Audit Backlog Limit Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["grub2_audit_backlog_limit_argument", "var_audit_backlog_limit=8192", "grub2_audit_backlog_limit_argument.severity=low"], "controls": []}, {"id": "4.1.10", "levels": ["l2_server"], "notes": "", "title": "Ensure Auditctl Not Used", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_immutable", "audit_rules_immutable.severity=low"], "controls": []}, {"id": "4.1.11", "levels": ["l1_server"], "notes": "", "title": "Ensure Audit Log Size Set Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_data_retention_max_log_file_action", "auditd_data_retention_max_log_file", "auditd_data_retention_max_log_file.severity=high", "auditd_data_retention_max_log_file_action.severity=high"], "controls": []}, {"id": "4.1.12", "levels": ["l2_server"], "notes": "", "title": "Ensure Audit Disk Space Set Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["auditd_data_retention_space_left_action", "auditd_data_retention_admin_space_left_action", "auditd_data_disk_error_action", "auditd_audispd_disk_full_action", "auditd_data_retention_space_left", "auditd_data_retention_admin_space_left_percentage", "auditd_data_disk_full_action", "var_auditd_space_left_action=syslog", "var_auditd_admin_space_left_percentage=50pc", "var_auditd_admin_space_left_action=suspend", "var_auditd_disk_full_action=suspend", "var_auditd_disk_error_action=suspend", "auditd_data_retention_space_left.severity=low", "auditd_data_retention_space_left_action.severity=low", "auditd_data_retention_admin_space_left_percentage.severity=low", "auditd_data_retention_admin_space_left_action.severity=low", "auditd_audispd_disk_full_action.severity=low", "auditd_data_disk_full_action.severity=low", "auditd_data_disk_error_action.severity=low"], "controls": []}, {"id": "4.1.13", "levels": ["l2_server"], "notes": "", "title": "Ensure Sudoers Audited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_sudoers", "audit_rules_sudoers.severity=low"], "controls": []}, {"id": "4.1.14", "levels": ["l2_server"], "notes": "", "title": "Ensure Session Audited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_session_events", "audit_rules_session_events.severity=low"], "controls": []}, {"id": "4.1.15", "levels": ["l2_server"], "notes": "", "title": "Ensure Time Changing Audited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_time_adjtimex", "audit_rules_time_clock_settime", "audit_rules_time_settimeofday", "audit_rules_time_adjtimex.severity=low", "audit_rules_time_settimeofday.severity=low", "audit_rules_time_clock_settime.severity=low"], "controls": []}, {"id": "4.1.16", "levels": ["l2_server"], "notes": "", "title": "Ensure SELinux Audited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_mac_modification", "audit_rules_mac_modification_usr_share", "audit_rules_mac_modification.severity=low", "audit_rules_mac_modification_usr_share.severity=low"], "controls": []}, {"id": "4.1.17", "levels": ["l2_server"], "notes": "", "title": "Ensure Network Audited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_networkconfig_modification", "audit_rules_networkconfig_modification.severity=low"], "controls": []}, {"id": "4.1.18", "levels": ["l2_server"], "notes": "", "title": "Ensure Successful File Access Audited", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_successful_file_modification_removexattr", "audit_rules_successful_file_modification_fchmodat", "audit_rules_successful_file_modification_fremovexattr", "audit_rules_successful_file_modification_chmod", "audit_rules_successful_file_modification_fsetxattr", "audit_rules_successful_file_modification_lsetxattr", "audit_rules_successful_file_modification_fchmod", "audit_rules_successful_file_modification_chown", "audit_rules_successful_file_modification_lremovexattr", "audit_rules_successful_file_modification_setxattr", "audit_rules_successful_file_modification_fchown", "audit_rules_successful_file_modification_fchownat", "audit_rules_successful_file_modification_chmod.severity=low", "audit_rules_successful_file_modification_fchmod.severity=low", "audit_rules_successful_file_modification_fchmodat.severity=low", "audit_rules_successful_file_modification_chown.severity=low", "audit_rules_successful_file_modification_fchown.severity=low", "audit_rules_successful_file_modification_fchownat.severity=low", "audit_rules_successful_file_modification_setxattr.severity=low", "audit_rules_successful_file_modification_lsetxattr.severity=low", "audit_rules_successful_file_modification_fsetxattr.severity=low", "audit_rules_successful_file_modification_removexattr.severity=low", "audit_rules_successful_file_modification_lremovexattr.severity=low", "audit_rules_successful_file_modification_fremovexattr.severity=low"], "controls": []}, {"id": "4.1.19", "levels": ["l2_server"], "notes": "", "title": "Ensure Unsuccessful File Access Audited", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_unsuccessful_file_modification", "audit_rules_unsuccessful_file_modification.severity=low"], "controls": []}, {"id": "4.1.20", "levels": ["l2_server"], "notes": "", "title": "Ensure File Delete Audited", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_successful_file_modification_rename", "audit_rules_successful_file_modification_unlink", "audit_rules_successful_file_modification_renameat", "audit_rules_successful_file_modification_unlinkat", "audit_rules_successful_file_modification_rename.severity=low", "audit_rules_successful_file_modification_renameat.severity=low", "audit_rules_successful_file_modification_unlink.severity=low", "audit_rules_successful_file_modification_unlinkat.severity=low"], "controls": []}, {"id": "4.1.21", "levels": ["l2_server"], "notes": "", "title": "Ensure Mount Audited", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "4.2.1", "levels": ["l1_server"], "notes": "", "title": "Ensure Rsyslog Enabled", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["service_rsyslog_enabled", "service_rsyslog_enabled.severity=high"], "controls": []}, {"id": "4.2.2", "levels": ["l1_server"], "notes": "", "title": "Ensure Authentication Logged", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["rsyslog_remote_access_monitoring", "rsyslog_remote_access_monitoring.severity=high"], "controls": []}, {"id": "4.2.3", "levels": ["l1_server"], "notes": "", "title": "Ensure Cron Logged", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["rsyslog_cron_logging", "rsyslog_cron_logging.severity=high"], "controls": []}, {"id": "4.2.4", "levels": ["l2_server"], "notes": "", "title": "Ensure Rsyslog's Files Permission Correct", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["rsyslog_filecreatemode", "rsyslog_filecreatemode.severity=low"], "controls": []}, {"id": "4.2.5", "levels": ["l2_server"], "notes": "", "title": "Ensure Important Services Logged", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["rsyslog_logging_configured", "rsyslog_logging_configured.severity=low"], "controls": []}, {"id": "4.2.6", "levels": ["l1_server"], "notes": "", "title": "Ensure Journald Transfer Set Correct", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "4.2.7", "levels": ["l1_server"], "notes": "", "title": "Ensure Rotate Setting In Rsyslog", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "4.2.8", "levels": ["l2_server"], "notes": "", "title": "Ensure Remote Log Server Correct", "description": null, "rationale": null, "automated": "no", "status": "planned", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "4.2.9", "levels": ["l2_server"], "notes": "", "title": "Ensure Only Specified Server Can Receive Logs", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["rsyslog_accept_remote_messages_tcp", "rsyslog_accept_remote_messages_udp", "rsyslog_accept_remote_messages_tcp.severity=low", "rsyslog_accept_remote_messages_udp.severity=low"], "controls": []}], "levels": [{"id": "l1_server", "inherits_from": null}, {"id": "l2_server", "inherits_from": ["l1_server"]}]}