From shawn at redhat.com Thu Aug 20 11:35:49 2015
Content-Type: multipart/mixed; boundary="===============2081371154702086732=="
MIME-Version: 1.0
From: Shawn Wells <shawn at redhat.com>
To: scap-security-guide at lists.fedorahosted.org
Subject: Re: [PATCH 3/3] add VMS IDs and release numbers
Date: Mon, 18 Nov 2013 17:04:32 -0700
Message-ID: <528AAB10.7040404@redhat.com>
In-Reply-To: 528AAAB4.2010106@redhat.com

--===============2081371154702086732==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 11/18/13, 5:03 PM, Shawn Wells wrote:
> On 11/18/13, 1:37 PM, Steinke, Leland J Sr CTR DISA FSO (US) wrote:
>> I am open to suggestions as to how to improve this method of =

>> inserting DISA Vulnerability Management System ID numbers into the =

>> SSG content.  This patch at least makes the information available.
>>
>>
>> Thanks,
>> Leland
>> -- =

>> Leland Steinke, Security+
>> DISA FSO Technical Support Contractor
>> tapestry technologies, Inc
>> 717-267-5797 (DSN 570)
>> leland.j.steinke.ctr(a)mail.mil (gov't)
>> lsteinke(a)tapestrytech.com (com'l)
>>
>> ---
>>   RHEL6/input/auxiliary/stig_overlay.xml |  255 =

>> ++++++++++++++++++++++++++++++++
>>   1 files changed, 255 insertions(+), 0 deletions(-)
>>
>> diff --git a/RHEL6/input/auxiliary/stig_overlay.xml =

>> b/RHEL6/input/auxiliary/stig_overlay.xml
>> index b2c7809..32eb751 100644
>> --- a/RHEL6/input/auxiliary/stig_overlay.xml
>> +++ b/RHEL6/input/auxiliary/stig_overlay.xml
>> @@ -1,45 +1,58 @@
>>   <?xml version=3D"1.0"?>
>>   <overlays xmlns=3D"http://checklists.nist.gov/xccdf/1.1">
>>       <overlay owner=3D"disastig" ruleid=3D"partition_for_tmp" =

>> ownerid=3D"RHEL-06-000001" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38455" SVKey=3D"50255" VRelease=3D"1" />
>>           <title>The system must use a separate file system for =

>> /tmp.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"partition_for_var" =

>> ownerid=3D"RHEL-06-000002" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38456" SVKey=3D"50256" VRelease=3D"1" />
>>           <title>The system must use a separate file system for =

>> /var.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"partition_for_var_log" =

>> ownerid=3D"RHEL-06-000003" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38463" SVKey=3D"50263" VRelease=3D"1" />
>>           <title>The system must use a separate file system for =

>> /var/log.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"partition_for_var_log_audit" =

>> ownerid=3D"RHEL-06-000004" disa=3D"137" severity=3D"low">
>> +        <VMSinfo VKey=3D"38467" SVKey=3D"50267" VRelease=3D"1" />
>>           <title>The system must use a separate file system for the =

>> system audit data path.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"auditd_data_retention_space_left_action" =

>> ownerid=3D"RHEL-06-000005" disa=3D"138" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38470" SVKey=3D"50270" VRelease=3D"1" />
>>           <title>The audit system must alert designated staff members =

>> when the audit storage volume approaches capacity.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"partition_for_home" =

>> ownerid=3D"RHEL-06-000007" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38473" SVKey=3D"50273" VRelease=3D"1" />
>>           <title>The system must use a separate file system for user =

>> home directories.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"ensure_redhat_gpgkey_installed" ownerid=3D"RHEL-06-000008" =

>> disa=3D"352" severity=3D"high">
>> +        <VMSinfo VKey=3D"38476" SVKey=3D"50276" VRelease=3D"1" />
>>           <title>Vendor-provided cryptographic certificates must be =

>> installed to verify the integrity of system software.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_rhnsd_disabled" =

>> ownerid=3D"RHEL-06-000009" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38478" SVKey=3D"50278" VRelease=3D"2" />
>>           <title>The Red Hat Network Service (rhnsd) service must not =

>> be running, unless using RHN or an RHN Satellite.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"security_patches_up_to_date" =

>> ownerid=3D"RHEL-06-000011" disa=3D"1233" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38481" SVKey=3D"50281" VRelease=3D"1" />
>>           <title>System security patches and updates must be =

>> installed and up-to-date.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"ensure_gpgcheck_globally_activated" ownerid=3D"RHEL-06-000013" =

>> disa=3D"663" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38483" SVKey=3D"50283" VRelease=3D"1" />
>>           <title>The system package management tool must =

>> cryptographically verify the authenticity of system software packages =

>> during installation.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"ensure_gpgcheck_never_disabled" ownerid=3D"RHEL-06-000015" =

>> disa=3D"663" severity=3D"low">
>> +        <VMSinfo VKey=3D"38487" SVKey=3D"50288" VRelease=3D"1" />
>>           <title>The system package management tool must =

>> cryptographically verify the authenticity of all software packages =

>> during installation.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"package_aide_installed" =

>> ownerid=3D"RHEL-06-000016" disa=3D"1069" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38489" SVKey=3D"50290" VRelease=3D"1" />
>>           <title>A file integrity tool must be installed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"enable_selinux_bootloader" =

>> ownerid=3D"RHEL-06-000017" disa=3D"22" severity=3D"medium">
>>           <title>The system must use a Linux Security Module at boot =

>> time.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"no_rsh_trust_files" =

>> ownerid=3D"RHEL-06-000019" disa=3D"1436" severity=3D"high">
>> +        <VMSinfo VKey=3D"38491" SVKey=3D"50292" VRelease=3D"1" />
>>           <title>There must be no .rhosts or hosts.equiv files on the =

>> system.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"selinux_state" =

>> ownerid=3D"RHEL-06-000020" disa=3D"22" severity=3D"medium">
>> @@ -52,201 +65,266 @@
>>           <title>All device files must be monitored by the system =

>> Linux Security Module.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"securetty_root_login_console_only" ownerid=3D"RHEL-06-000027" =

>> disa=3D"770" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38492" SVKey=3D"50293" VRelease=3D"1" />
>>           <title>The system must prevent the root account from =

>> logging in from virtual consoles.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"restrict_serial_port_logins" =

>> ownerid=3D"RHEL-06-000028" disa=3D"770" severity=3D"low">
>> +        <VMSinfo VKey=3D"38494" SVKey=3D"50295" VRelease=3D"1" />
>>           <title>The system must prevent the root account from =

>> logging in from serial consoles.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000029" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38496" SVKey=3D"50297" VRelease=3D"1" />
>>           <title>Default system accounts, other than root, must be =

>> locked.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"no_empty_passwords" =

>> ownerid=3D"RHEL-06-000030" disa=3D"366" severity=3D"high">
>> +        <VMSinfo VKey=3D"38497" SVKey=3D"50298" VRelease=3D"1" />
>>           <title>The system must not have accounts configured with =

>> blank or null passwords.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"no_hashes_outside_shadow" =

>> ownerid=3D"RHEL-06-000031" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38499" SVKey=3D"50300" VRelease=3D"1" />
>>           <title>The /etc/passwd file must not contain password =

>> hashes.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"accounts_no_uid_except_zero" =

>> ownerid=3D"RHEL-06-000032" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38500" SVKey=3D"50301" VRelease=3D"1" />
>>           <title>The root account must be the only account having a =

>> UID of 0.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"userowner_shadow_file" =

>> ownerid=3D"RHEL-06-000033" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38502" SVKey=3D"50303" VRelease=3D"1" />
>>           <title>The /etc/shadow file must be owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"groupowner_shadow_file" =

>> ownerid=3D"RHEL-06-000034" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38503" SVKey=3D"50304" VRelease=3D"1" />
>>           <title>The /etc/shadow file must be group-owned by =

>> root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"file_permissions_etc_shadow" =

>> ownerid=3D"RHEL-06-000035" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38504" SVKey=3D"50305" VRelease=3D"1" />
>>           <title>The /etc/shadow file must have mode 0000.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"userowner_gshadow_file" =

>> ownerid=3D"RHEL-06-000036" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38443" SVKey=3D"50243" VRelease=3D"1" />
>>           <title>The /etc/gshadow file must be owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"groupowner_gshadow_file" =

>> ownerid=3D"RHEL-06-000037" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38448" SVKey=3D"50248" VRelease=3D"1" />
>>           <title>The /etc/gshadow file must be group-owned by =

>> root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"perms_gshadow_file" =

>> ownerid=3D"RHEL-06-000038" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38449" SVKey=3D"50249" VRelease=3D"1" />
>>           <title>The /etc/gshadow file must have mode 0000.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"userowner_passwd_file" =

>> ownerid=3D"RHEL-06-000039" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38450" SVKey=3D"50250" VRelease=3D"1" />
>>           <title>The /etc/passwd file must be owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"groupowner_passwd_file" =

>> ownerid=3D"RHEL-06-000040" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38451" SVKey=3D"50251" VRelease=3D"1" />
>>           <title>The /etc/passwd file must be group-owned by =

>> root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"file_permissions_etc_passwd" =

>> ownerid=3D"RHEL-06-000041" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38457" SVKey=3D"50257" VRelease=3D"1" />
>>           <title>The /etc/passwd file must have mode 0644 or less =

>> permissive.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"userowner_group_file" =

>> ownerid=3D"RHEL-06-000042" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38458" SVKey=3D"50258" VRelease=3D"1" />
>>           <title>The /etc/group file must be owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"groupowner_group_file" =

>> ownerid=3D"RHEL-06-000043" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38459" SVKey=3D"50259" VRelease=3D"1" />
>>           <title>The /etc/group file must be group-owned by =

>> root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"perms_group_file" =

>> ownerid=3D"RHEL-06-000044" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38461" SVKey=3D"50261" VRelease=3D"1" />
>>           <title>The /etc/group file must have mode 0644 or less =

>> permissive.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"file_permissions_library_dirs" ownerid=3D"RHEL-06-000045" =

>> disa=3D"1499" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38465" SVKey=3D"50265" VRelease=3D"1" />
>>           <title>Library files must have mode 0755 or less =

>> permissive.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"file_ownership_library_dirs" =

>> ownerid=3D"RHEL-06-000046" disa=3D"1499" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38466" SVKey=3D"50266" VRelease=3D"1" />
>>           <title>Library files must be owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"file_permissions_binary_dirs=
" =

>> ownerid=3D"RHEL-06-000047" disa=3D"1499" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38469" SVKey=3D"50269" VRelease=3D"1" />
>>           <title>All system command files must have mode 0755 or less =

>> permissive.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"file_ownership_binary_dirs" =

>> ownerid=3D"RHEL-06-000048" disa=3D"1499" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38472" SVKey=3D"50272" VRelease=3D"1" />
>>           <title>All system command files must be owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"accounts_password_minlen_login_defs" ownerid=3D"RHEL-06-000050=
" =

>> disa=3D"205" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38475" SVKey=3D"50275" VRelease=3D"1" />
>>           <title>The system must require passwords to contain a =

>> minimum of 14 characters.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"accounts_minimum_age_login_defs" ownerid=3D"RHEL-06-000051" =

>> disa=3D"198" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38477" SVKey=3D"50277" VRelease=3D"1" />
>>           <title>Users must not be able to change passwords more than =

>> once every 24 hours.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"accounts_maximum_age_login_defs" ownerid=3D"RHEL-06-000053" =

>> disa=3D"199" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38479" SVKey=3D"50279" VRelease=3D"1" />
>>           <title>User passwords must be changed at least every 60 =

>> days.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"accounts_password_warn_age_login_defs" =

>> ownerid=3D"RHEL-06-000054" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38480" SVKey=3D"50280" VRelease=3D"1" />
>>           <title>Users must be warned 7 days in advance of password =

>> expiration.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"accounts_password_pam_cracklib_dcredit" =

>> ownerid=3D"RHEL-06-000056" disa=3D"194" severity=3D"low">
>> +        <VMSinfo VKey=3D"38482" SVKey=3D"50282" VRelease=3D"1" />
>>           <title>The system must require passwords to contain at =

>> least one numeric character.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"password_require_uppercases" =

>> ownerid=3D"RHEL-06-000057" disa=3D"192" severity=3D"low">
>> +        <VMSinfo VKey=3D"38569" SVKey=3D"50370" VRelease=3D"1" />
>>           <title>The system must require passwords to contain at =

>> least one uppercase alphabetic character.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"password_require_specials" =

>> ownerid=3D"RHEL-06-000058" disa=3D"1619" severity=3D"low">
>> +        <VMSinfo VKey=3D"38570" SVKey=3D"50371" VRelease=3D"1" />
>>           <title>The system must require passwords to contain at =

>> least one special character.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"password_require_lowercases" =

>> ownerid=3D"RHEL-06-000059" disa=3D"193" severity=3D"low">
>> +        <VMSinfo VKey=3D"38571" SVKey=3D"50372" VRelease=3D"1" />
>>           <title>The system must require passwords to contain at =

>> least one lowercase alphabetic character.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"password_require_diffchars" =

>> ownerid=3D"RHEL-06-000060" disa=3D"195" severity=3D"low">
>> +        <VMSinfo VKey=3D"38572" SVKey=3D"50373" VRelease=3D"1" />
>>           <title>The system must require at least four characters be =

>> changed between the old and new passwords during a password =

>> change.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"deny_password_attempts" =

>> ownerid=3D"RHEL-06-000061" disa=3D"44" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38573" SVKey=3D"50374" VRelease=3D"1" />
>>           <title>The system must disable accounts after three =

>> consecutive unsuccessful login attempts.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"set_password_hashing_algorithm_systemauth" =

>> ownerid=3D"RHEL-06-000062" disa=3D"803" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38574" SVKey=3D"50375" VRelease=3D"1" />
>>           <title>The system must use a FIPS 140-2 approved =

>> cryptographic hashing algorithm for generating account password =

>> hashes (system-auth).</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"set_password_hashing_algorithm_logindefs" =

>> ownerid=3D"RHEL-06-000063" disa=3D"803" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38576" SVKey=3D"50377" VRelease=3D"1" />
>>           <title>The system must use a FIPS 140-2 approved =

>> cryptographic hashing algorithm for generating account password =

>> hashes (login.defs).</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"set_password_hashing_algorithm_libuserconf" =

>> ownerid=3D"RHEL-06-000064" disa=3D"803" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38577" SVKey=3D"50378" VRelease=3D"1" />
>>           <title>The system must use a FIPS 140-2 approved =

>> cryptographic hashing algorithm for generating account password =

>> hashes (libuser.conf).</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"user_owner_grub_conf" =

>> ownerid=3D"RHEL-06-000065" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38579" SVKey=3D"50380" VRelease=3D"1" />
>>           <title>The system boot loader configuration file(s) must be =

>> owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"group_owner_grub_conf" =

>> ownerid=3D"RHEL-06-000066" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38581" SVKey=3D"50382" VRelease=3D"1" />
>>           <title>The system boot loader configuration file(s) must be =

>> group-owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"permissions_grub_conf" =

>> ownerid=3D"RHEL-06-000067" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38583" SVKey=3D"50384" VRelease=3D"1" />
>>           <title>The system boot loader configuration file(s) must =

>> have mode 0600 or less permissive.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"bootloader_password" =

>> ownerid=3D"RHEL-06-000068" disa=3D"213" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38585" SVKey=3D"50386" VRelease=3D"1" />
>>           <title>The system boot loader must require =

>> authentication.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"require_singleuser_auth" =

>> ownerid=3D"RHEL-06-000069" disa=3D"213" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38586" SVKey=3D"50387" VRelease=3D"1" />
>>           <title>The system must require authentication upon booting =

>> into single-user and maintenance modes.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_interactive_boot" =

>> ownerid=3D"RHEL-06-000070" disa=3D"213" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38588" SVKey=3D"50389" VRelease=3D"1" />
>>           <title>The system must not permit interactive boot.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"package_screen_installed" =

>> ownerid=3D"RHEL-06-000071" disa=3D"58" severity=3D"low">
>> +        <VMSinfo VKey=3D"38590" SVKey=3D"50391" VRelease=3D"1" />
>>           <title>The system must allow locking of the console =

>> screen.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"set_system_login_banner" =

>> ownerid=3D"RHEL-06-000073" disa=3D"1384, 1385, 1386, 1387, 1388" =

>> severity=3D"medium">
>> +        <VMSinfo VKey=3D"38593" SVKey=3D"50394" VRelease=3D"1" />
>>           <title>The Department of Defense (DoD) login banner must be =

>> displayed immediately prior to, or as part of, console login =

>> prompts.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"enable_randomize_va_space" =

>> ownerid=3D"RHEL-06-000078" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38596" SVKey=3D"50397" VRelease=3D"1" />
>>           <title>The system must implement virtual address space =

>> randomization.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"enable_execshield" =

>> ownerid=3D"RHEL-06-000079" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38597" SVKey=3D"50398" VRelease=3D"1" />
>>           <title>The system must limit the ability of processes to =

>> have simultaneous write and execute access to memory.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_default_send_redirects" =

>> ownerid=3D"RHEL-06-000080" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38600" SVKey=3D"50401" VRelease=3D"1" />
>>           <title>The system must not send ICMPv4 redirects by =

>> default.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_ipv4_all_send_redirects" ownerid=3D"RHEL-06-000081" =

>> disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38601" SVKey=3D"50402" VRelease=3D"1" />
>>           <title>The system must not send ICMPv4 redirects from any =

>> interface.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sysctl_ipv4_ip_forward" =

>> ownerid=3D"RHEL-06-000082" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38511" SVKey=3D"50312" VRelease=3D"1" />
>>           <title>IP forwarding for IPv4 must not be enabled, unless =

>> the system is a router.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_all_accept_source_route" =

>> ownerid=3D"RHEL-06-000083" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38523" SVKey=3D"50324" VRelease=3D"1" />
>>           <title>The system must not accept IPv4 source-routed =

>> packets on any interface.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_all_accept_redirects" =

>> ownerid=3D"RHEL-06-000084" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38524" SVKey=3D"50325" VRelease=3D"1" />
>>           <title>The system must not accept ICMPv4 redirect packets =

>> on any interface.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_all_secure_redirects" =

>> ownerid=3D"RHEL-06-000086" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38526" SVKey=3D"50327" VRelease=3D"1" />
>>           <title>The system must not accept ICMPv4 secure redirect =

>> packets on any interface.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_all_log_martians" =

>> ownerid=3D"RHEL-06-000088" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38528" SVKey=3D"50329" VRelease=3D"1" />
>>           <title>The system must log Martian packets.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_default_accept_source_route" =

>> ownerid=3D"RHEL-06-000089" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38529" SVKey=3D"50330" VRelease=3D"1" />
>>           <title>The system must not accept IPv4 source-routed =

>> packets by default.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_default_secure_redirects" =

>> ownerid=3D"RHEL-06-000090" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38532" SVKey=3D"50333" VRelease=3D"1" />
>>           <title>The system must not accept ICMPv4 secure redirect =

>> packets by default.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_default_accept_redirects" =

>> ownerid=3D"RHEL-06-000091" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38533" SVKey=3D"50334" VRelease=3D"1" />
>>           <title>The system must ignore IPv4 ICMP redirect =

>> messages.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_icmp_echo_ignore_broadcasts" =

>> ownerid=3D"RHEL-06-000092" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38535" SVKey=3D"50336" VRelease=3D"1" />
>>           <title>The system must not respond to ICMPv4 sent to a =

>> broadcast address.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_icmp_ignore_bogus_error_responses" =

>> ownerid=3D"RHEL-06-000093" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38537" SVKey=3D"50338" VRelease=3D"1" />
>>           <title>The system must ignore ICMPv4 bogus error =

>> responses.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_tcp_syncookies" ownerid=3D"RHEL-06-000095" =

>> disa=3D"1095" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38539" SVKey=3D"50340" VRelease=3D"1" />
>>           <title>The system must be configured to use TCP syncookies =

>> when experiencing a TCP SYN flood.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_all_rp_filter" ownerid=3D"RHEL-06-000096" =

>> disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38542" SVKey=3D"50343" VRelease=3D"1" />
>>           <title>The system must use a reverse-path filter for IPv4 =

>> network traffic when possible on all interfaces.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_net_ipv4_conf_default_rp_filter" =

>> ownerid=3D"RHEL-06-000097" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38544" SVKey=3D"50345" VRelease=3D"1" />
>>           <title>The system must use a reverse-path filter for IPv4 =

>> network traffic when possible by default.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"kernel_module_ipv6_option_disabled" ownerid=3D"RHEL-06-000098" =

>> disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38546" SVKey=3D"50347" VRelease=3D"1" />
>>           <title>The IPv6 protocol handler must not be bound to the =

>> network stack unless needed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"sysctl_ipv6_default_accept_redirects" =

>> ownerid=3D"RHEL-06-000099" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38548" SVKey=3D"50349" VRelease=3D"1" />
>>           <title>The system must ignore ICMPv6 redirects by =

>> default.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_ip6tables_enabled" =

>> ownerid=3D"RHEL-06-000103" disa=3D"1118" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38549" SVKey=3D"50350" VRelease=3D"2" />
>>           <title>The system must employ a local IPv6 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_ip6tables_enabled" =

>> ownerid=3D"RHEL-06-000105" disa=3D"1117" severity=3D"medium">
>>           <title>The system must employ a local IPv6 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_ip6tables_enabled" =

>> ownerid=3D"RHEL-06-000106" disa=3D"1098" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38551" SVKey=3D"50352" VRelease=3D"2" />
>>           <title>The system must employ a local IPv6 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_ip6tables_enabled" =

>> ownerid=3D"RHEL-06-000107" disa=3D"1100" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38553" SVKey=3D"50354" VRelease=3D"2" />
>>           <title>The system must employ a local IPv6 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_ip6tables_enabled" =

>> ownerid=3D"RHEL-06-000108" disa=3D"1097" severity=3D"medium">
>> @@ -256,15 +334,18 @@
>>           <title>The system must employ a local IPv6 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_iptables_enabled" =

>> ownerid=3D"RHEL-06-000113" disa=3D"1118" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38555" SVKey=3D"50356" VRelease=3D"2" />
>>           <title>The system must employ a local IPv4 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_iptables_enabled" =

>> ownerid=3D"RHEL-06-000115" disa=3D"1117" severity=3D"medium">
>>           <title>The system must employ a local IPv4 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_iptables_enabled" =

>> ownerid=3D"RHEL-06-000116" disa=3D"1098" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38560" SVKey=3D"50361" VRelease=3D"2" />
>>           <title>The system must employ a local IPv4 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_iptables_enabled" =

>> ownerid=3D"RHEL-06-000117" disa=3D"1100" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38512" SVKey=3D"50313" VRelease=3D"2" />
>>           <title>The system must employ a local IPv4 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_iptables_enabled" =

>> ownerid=3D"RHEL-06-000118" disa=3D"1097" severity=3D"medium">
>> @@ -274,6 +355,7 @@
>>           <title>The system must employ a local IPv4 firewall.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"set_iptables_default_rule" =

>> ownerid=3D"RHEL-06-000120" disa=3D"66" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38513" SVKey=3D"50314" VRelease=3D"1" />
>>           <title>The system's local IPv4 firewall must implement a =

>> deny-all, allow-by-exception policy for inbound packets.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"set_iptables_default_rule" =

>> ownerid=3D"RHEL-06-000121" disa=3D"1115" severity=3D"medium">
>> @@ -283,33 +365,43 @@
>>           <title>The system's local firewall must implement a =

>> deny-all, allow-by-exception policy for inbound packets.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"kernel_module_dccp_disabled" =

>> ownerid=3D"RHEL-06-000124" disa=3D"382" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38514" SVKey=3D"50315" VRelease=3D"1" />
>>           <title>The Datagram Congestion Control Protocol (DCCP) must =

>> be disabled unless required.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"kernel_module_sctp_disabled" =

>> ownerid=3D"RHEL-06-000125" disa=3D"382" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38515" SVKey=3D"50316" VRelease=3D"1" />
>>           <title>The Stream Control Transmission Protocol (SCTP) must =

>> be disabled unless required.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"kernel_module_rds_disabled" =

>> ownerid=3D"RHEL-06-000126" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38516" SVKey=3D"50317" VRelease=3D"1" />
>>           <title>The Reliable Datagram Sockets (RDS) protocol must be =

>> disabled unless required.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"kernel_module_tipc_disabled" =

>> ownerid=3D"RHEL-06-000127" disa=3D"382" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38517" SVKey=3D"50318" VRelease=3D"1" />
>>           <title>The Transparent Inter-Process Communication (TIPC) =

>> protocol must be disabled unless required.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"userowner_rsyslog_files" =

>> ownerid=3D"RHEL-06-000133" disa=3D"1314" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38518" SVKey=3D"50319" VRelease=3D"1" />
>>           <title>All rsyslog-generated log files must be owned by =

>> root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"groupowner_rsyslog_files" =

>> ownerid=3D"RHEL-06-000134" disa=3D"1314" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38519" SVKey=3D"50320" VRelease=3D"1" />
>>           <title>All rsyslog-generated log files must be group-owned =

>> by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"rsyslog_file_permissions" =

>> ownerid=3D"RHEL-06-000135" disa=3D"1314" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38623" SVKey=3D"50424" VRelease=3D"1" />
>>           <title>All rsyslog-generated log files must have mode 0600 =

>> or less permissive.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"rsyslog_send_messages_to_logserver" ownerid=3D"RHEL-06-000136" =

>> disa=3D"1348" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38520" SVKey=3D"50321" VRelease=3D"1" />
>>           <title>The operating system must back up audit records on =

>> an organization defined frequency onto a different system or media =

>> than the system being audited. </title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"rsyslog_send_messages_to_logserver" ownerid=3D"RHEL-06-000137" =

>> disa=3D"136" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38521" SVKey=3D"50322" VRelease=3D"1" />
>>           <title>The operating system must support the requirement to =

>> centrally manage the content of audit records generated by =

>> organization defined information system components.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"ensure_logrotate_activated" =

>> ownerid=3D"RHEL-06-000138" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38624" SVKey=3D"50425" VRelease=3D"1" />
>>           <title>System logs must be rotated daily.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_auditd_enabled" =

>> ownerid=3D"RHEL-06-000139" disa=3D"347" severity=3D"medium">
>> @@ -325,9 +417,11 @@
>>           <title>The operating system must produce a system-wide =

>> (logical or physical) audit trail composed of audit records in a =

>> standardized format. </title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_auditd_enabled" =

>> ownerid=3D"RHEL-06-000145" disa=3D"1487" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38628" SVKey=3D"50429" VRelease=3D"2" />
>>           <title>The operating system must produce audit records =

>> containing sufficient information to establish the identity of any =

>> user/subject associated with the event.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_auditd_enabled" =

>> ownerid=3D"RHEL-06-000148" disa=3D"67" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38631" SVKey=3D"50432" VRelease=3D"2" />
>>           <title>The operating system must employ automated =

>> mechanisms to facilitate the monitoring and control of remote access =

>> methods.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_auditd_enabled" =

>> ownerid=3D"RHEL-06-000149" disa=3D"158" severity=3D"medium">
>> @@ -337,183 +431,240 @@
>>           <title>The operating system must fail to an organization =

>> defined known state for organization defined types of failures. </title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_auditd_enabled" =

>> ownerid=3D"RHEL-06-000154" disa=3D"130" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38632" SVKey=3D"50433" VRelease=3D"2" />
>>           <title>The operating system must produce audit records =

>> containing sufficient information to establish what type of events =

>> occurred.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"enable_auditd_bootloader" =

>> ownerid=3D"RHEL-06-000157" disa=3D"1464" severity=3D"low">
>>           <title>Auditing must be enabled at boot by setting a kernel =

>> parameter.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"configure_auditd_num_logs" =

>> ownerid=3D"RHEL-06-000159" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38636" SVKey=3D"50437" VRelease=3D"1" />
>>           <title>The system must retain enough rotated audit logs to =

>> cover the required log retention period.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"configure_auditd_max_log_file" ownerid=3D"RHEL-06-000160" =

>> disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38633" SVKey=3D"50434" VRelease=3D"1" />
>>           <title>The system must set a maximum audit log file =

>> size.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"configure_auditd_max_log_file_action" =

>> ownerid=3D"RHEL-06-000161" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38634" SVKey=3D"50435" VRelease=3D"1" />
>>           <title>The system must rotate audit log files that reach =

>> the maximum file size.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"configure_auditd_admin_space_left_action" =

>> ownerid=3D"RHEL-06-000163" disa=3D"1343" severity=3D"medium">
>>           <title>The audit system must switch the system to =

>> single-user mode when available audit storage volume becomes =

>> dangerously low.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_rules_time_adjtimex" =

>> ownerid=3D"RHEL-06-000165" disa=3D"169" severity=3D"low">
>> +        <VMSinfo VKey=3D"38635" SVKey=3D"50436" VRelease=3D"1" />
>>           <title>The audit system must be configured to audit all =

>> attempts to alter system time through adjtimex.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_time_settimeofday" ownerid=3D"RHEL-06-000167" =

>> disa=3D"169" severity=3D"low">
>> +        <VMSinfo VKey=3D"38522" SVKey=3D"50323" VRelease=3D"1" />
>>           <title>The audit system must be configured to audit all =

>> attempts to alter system time through settimeofday.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_rules_time_stime" =

>> ownerid=3D"RHEL-06-000169" disa=3D"169" severity=3D"low">
>> +        <VMSinfo VKey=3D"38525" SVKey=3D"50326" VRelease=3D"1" />
>>           <title>The audit system must be configured to audit all =

>> attempts to alter system time through stime.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_time_clock_settime" ownerid=3D"RHEL-06-000171" =

>> disa=3D"169" severity=3D"low">
>> +        <VMSinfo VKey=3D"38527" SVKey=3D"50328" VRelease=3D"1" />
>>           <title>The audit system must be configured to audit all =

>> attempts to alter system time through clock_settime.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_time_watch_localtime" ownerid=3D"RHEL-06-000173" =

>> disa=3D"169" severity=3D"low">
>> +        <VMSinfo VKey=3D"38530" SVKey=3D"50331" VRelease=3D"1" />
>>           <title>The audit system must be configured to audit all =

>> attempts to alter system time through /etc/localtime.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_account_changes" =

>> ownerid=3D"RHEL-06-000174" disa=3D"18" severity=3D"low">
>> +        <VMSinfo VKey=3D"38531" SVKey=3D"50332" VRelease=3D"1" />
>>           <title>The operating system must automatically audit =

>> account creation.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_account_changes" =

>> ownerid=3D"RHEL-06-000175" disa=3D"1403" severity=3D"low">
>> +        <VMSinfo VKey=3D"38534" SVKey=3D"50335" VRelease=3D"1" />
>>           <title>The operating system must automatically audit =

>> account modification.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_account_changes" =

>> ownerid=3D"RHEL-06-000176" disa=3D"1404" severity=3D"low">
>> +        <VMSinfo VKey=3D"38536" SVKey=3D"50337" VRelease=3D"1" />
>>           <title>The operating system must automatically audit =

>> account disabling actions.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_account_changes" =

>> ownerid=3D"RHEL-06-000177" disa=3D"1405" severity=3D"low">
>> +        <VMSinfo VKey=3D"38538" SVKey=3D"50339" VRelease=3D"1" />
>>           <title>The operating system must automatically audit =

>> account termination.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_network_modifications" =

>> ownerid=3D"RHEL-06-000182" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38540" SVKey=3D"50341" VRelease=3D"1" />
>>           <title>The audit system must be configured to audit =

>> modifications to the systems network configuration.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_mac_changes" =

>> ownerid=3D"RHEL-06-000183" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38541" SVKey=3D"50342" VRelease=3D"1" />
>>           <title>The audit system must be configured to audit =

>> modifications to the system's Mandatory Access Control (MAC) =

>> configuration (SELinux).</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_chmod" ownerid=3D"RHEL-06-000184" =

>> disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38543" SVKey=3D"50344" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> chmod.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_chown" ownerid=3D"RHEL-06-000185" =

>> disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38545" SVKey=3D"50346" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> chown.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_fchmod" ownerid=3D"RHEL-06-000186=
" =

>> disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38547" SVKey=3D"50348" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> fchmod.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_fchmodat" =

>> ownerid=3D"RHEL-06-000187" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38550" SVKey=3D"50351" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> fchmodat.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_fchown" ownerid=3D"RHEL-06-000188=
" =

>> disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38552" SVKey=3D"50353" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> fchown.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_fchownat" =

>> ownerid=3D"RHEL-06-000189" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38554" SVKey=3D"50355" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> fchownat.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_fremovexattr" =

>> ownerid=3D"RHEL-06-000190" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38556" SVKey=3D"50357" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> fremovexattr.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_fsetxattr" =

>> ownerid=3D"RHEL-06-000191" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38557" SVKey=3D"50358" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> fsetxattr.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_lchown" ownerid=3D"RHEL-06-000192=
" =

>> disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38558" SVKey=3D"50359" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> lchown.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_lremovexattr" =

>> ownerid=3D"RHEL-06-000193" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38559" SVKey=3D"50360" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> lremovexattr.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_lsetxattr" =

>> ownerid=3D"RHEL-06-000194" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38561" SVKey=3D"50362" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> lsetxattr.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_removexattr" =

>> ownerid=3D"RHEL-06-000195" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38563" SVKey=3D"50364" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> removexattr.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"audit_rules_dac_modification_setxattr" =

>> ownerid=3D"RHEL-06-000196" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38565" SVKey=3D"50366" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all =

>> discretionary access control permission modifications using =

>> setxattr.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_file_access" =

>> ownerid=3D"RHEL-06-000197" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38566" SVKey=3D"50367" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit failed =

>> attempts to access files and programs.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_privileged_commands" =

>> ownerid=3D"RHEL-06-000198" disa=3D"40" severity=3D"low">
>> +        <VMSinfo VKey=3D"38567" SVKey=3D"50368" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit all use =

>> of setuid programs.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_media_exports" =

>> ownerid=3D"RHEL-06-000199" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38568" SVKey=3D"50369" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit =

>> successful file system mounts.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_file_deletions" =

>> ownerid=3D"RHEL-06-000200" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38575" SVKey=3D"50376" VRelease=3D"2" />
>>           <title>The audit system must be configured to audit user =

>> deletions of files and programs.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_sysadmin_actions" =

>> ownerid=3D"RHEL-06-000201" disa=3D"172" severity=3D"low">
>> +        <VMSinfo VKey=3D"38578" SVKey=3D"50379" VRelease=3D"1" />
>>           <title>The audit system must be configured to audit changes =

>> to the "/etc/sudoers" file.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_kernel_module_loading" =

>> ownerid=3D"RHEL-06-000202" disa=3D"172" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38580" SVKey=3D"50381" VRelease=3D"1" />
>>           <title>The audit system must be configured to audit the =

>> loading and unloading of dynamic kernel modules.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_xinetd" =

>> ownerid=3D"RHEL-06-000203" disa=3D"382" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38582" SVKey=3D"50383" VRelease=3D"2" />
>>           <title>The xinetd service must be disabled if no network =

>> services utilizing it are enabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"uninstall_xinetd" =

>> ownerid=3D"RHEL-06-000204" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38584" SVKey=3D"50385" VRelease=3D"1" />
>>           <title>The xinetd service must be uninstalled if no network =

>> services utilizing it are enabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"uninstall_telnet_server" =

>> ownerid=3D"RHEL-06-000206" disa=3D"381" severity=3D"high">
>> +        <VMSinfo VKey=3D"38587" SVKey=3D"50388" VRelease=3D"1" />
>>           <title>The telnet-server package must not be =

>> installed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_telnet_service" =

>> ownerid=3D"RHEL-06-000211" disa=3D"888" severity=3D"high">
>> +        <VMSinfo VKey=3D"38589" SVKey=3D"50390" VRelease=3D"2" />
>>           <title>The telnet daemon must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"uninstall_rsh-server" =

>> ownerid=3D"RHEL-06-000213" disa=3D"381" severity=3D"high">
>> +        <VMSinfo VKey=3D"38591" SVKey=3D"50392" VRelease=3D"1" />
>>           <title>The rsh-server package must not be installed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_rsh" =

>> ownerid=3D"RHEL-06-000214" disa=3D"68" severity=3D"high">
>> +        <VMSinfo VKey=3D"38594" SVKey=3D"50395" VRelease=3D"2" />
>>           <title>The rshd service must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_rexec" =

>> ownerid=3D"RHEL-06-000216" disa=3D"68" severity=3D"high">
>> +        <VMSinfo VKey=3D"38598" SVKey=3D"50399" VRelease=3D"2" />
>>           <title>The rexecd service must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_rlogin" =

>> ownerid=3D"RHEL-06-000218" disa=3D"1436" severity=3D"high">
>> +        <VMSinfo VKey=3D"38602" SVKey=3D"50403" VRelease=3D"2" />
>>           <title>The rlogind service must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"uninstall_ypserv" =

>> ownerid=3D"RHEL-06-000220" disa=3D"381" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38603" SVKey=3D"50404" VRelease=3D"1" />
>>           <title>The ypserv package must not be installed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_ypbind" =

>> ownerid=3D"RHEL-06-000221" disa=3D"382" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38604" SVKey=3D"50405" VRelease=3D"2" />
>>           <title>The ypbind service must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"uninstall_tftp-server" =

>> ownerid=3D"RHEL-06-000222" disa=3D"381" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38606" SVKey=3D"50407" VRelease=3D"1" />
>>           <title>The tftp-server package must not be installed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_tftp" =

>> ownerid=3D"RHEL-06-000223" disa=3D"1436" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38609" SVKey=3D"50410" VRelease=3D"2" />
>>           <title>The TFTP service must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_crond_enabled" =

>> ownerid=3D"RHEL-06-000224" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38605" SVKey=3D"50406" VRelease=3D"2" />
>>           <title>The cron service must be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_allow_only_protocol2" =

>> ownerid=3D"RHEL-06-000227" disa=3D"774" severity=3D"high">
>> +        <VMSinfo VKey=3D"38607" SVKey=3D"50408" VRelease=3D"1" />
>>           <title>The SSH daemon must be configured to use only the =

>> SSHv2 protocol.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_set_idle_timeout" =

>> ownerid=3D"RHEL-06-000230" disa=3D"1133" severity=3D"low">
>> +        <VMSinfo VKey=3D"38608" SVKey=3D"50409" VRelease=3D"1" />
>>           <title>The SSH daemon must set a timeout interval on idle =

>> sessions.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_set_keepalive" =

>> ownerid=3D"RHEL-06-000231" disa=3D"879" severity=3D"low">
>> +        <VMSinfo VKey=3D"38610" SVKey=3D"50411" VRelease=3D"1" />
>>           <title>The SSH daemon must set a timeout count on idle =

>> sessions.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_disable_rhosts" =

>> ownerid=3D"RHEL-06-000234" disa=3D"766" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38611" SVKey=3D"50412" VRelease=3D"1" />
>>           <title>The SSH daemon must ignore .rhosts files.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_host_auth" =

>> ownerid=3D"RHEL-06-000235" disa=3D"765" severity=3D"medium">
>>           <title>The SSH daemon must not allow host-based =

>> authentication.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_host_auth" =

>> ownerid=3D"RHEL-06-000236" disa=3D"766" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38612" SVKey=3D"50413" VRelease=3D"1" />
>>           <title>The SSH daemon must not allow host-based =

>> authentication.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_disable_root_login" =

>> ownerid=3D"RHEL-06-000237" disa=3D"770" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38613" SVKey=3D"50414" VRelease=3D"1" />
>>           <title>The system must not permit root logins using remote =

>> access programs such as ssh.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_disable_empty_passwords=
" =

>> ownerid=3D"RHEL-06-000239" disa=3D"766" severity=3D"high">
>> +        <VMSinfo VKey=3D"38614" SVKey=3D"50415" VRelease=3D"1" />
>>           <title>The SSH daemon must not allow authentication using =

>> an empty password.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_enable_warning_banner" =

>> ownerid=3D"RHEL-06-000240" disa=3D"48" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38615" SVKey=3D"50416" VRelease=3D"1" />
>>           <title>The SSH daemon must be configured with the =

>> Department of Defense (DoD) login banner.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_do_not_permit_user_env" =

>> ownerid=3D"RHEL-06-000241" disa=3D"1414" severity=3D"low">
>> +        <VMSinfo VKey=3D"38616" SVKey=3D"50417" VRelease=3D"1" />
>>           <title>The SSH daemon must not permit user environment =

>> settings.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_use_approved_ciphers" =

>> ownerid=3D"RHEL-06-000243" disa=3D"1144" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38617" SVKey=3D"50418" VRelease=3D"1" />
>>           <title>The SSH daemon must be configured to use only FIPS =

>> 140-2 approved ciphers.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sshd_use_approved_ciphers" =

>> ownerid=3D"RHEL-06-000244" disa=3D"1145" severity=3D"medium">
>> @@ -523,144 +674,189 @@
>>           <title>The operating system must employ NSA-approved =

>> cryptography to protect classified information.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_avahi" =

>> ownerid=3D"RHEL-06-000246" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38618" SVKey=3D"50419" VRelease=3D"2" />
>>           <title>The avahi service must be disabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_ntpd_enabled" =

>> ownerid=3D"RHEL-06-000247" disa=3D"160" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38620" SVKey=3D"50421" VRelease=3D"1" />
>>           <title>The system clock must be synchronized continuously, =

>> or at least daily.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"ntpd_specify_remote_server" =

>> ownerid=3D"RHEL-06-000248" disa=3D"160" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38621" SVKey=3D"50422" VRelease=3D"1" />
>>           <title>The system clock must be synchronized to an =

>> authoritative DoD time source.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"postfix_network_listening" =

>> ownerid=3D"RHEL-06-000249" disa=3D"382" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38622" SVKey=3D"50423" VRelease=3D"1" />
>>           <title>Mail relaying must be restricted.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000251" disa=3D"778" severity=3D"medium">
>>           <title>The operating system must uniquely identify and =

>> authenticate an organization defined list of specific devices and/or =

>> types of devices before establishing a connection.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"ldap_client_start_tls" =

>> ownerid=3D"RHEL-06-000252" disa=3D"1453" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38625" SVKey=3D"50426" VRelease=3D"1" />
>>           <title>If the system is using LDAP for authentication or =

>> account information, the system must use a TLS connection using FIPS =

>> 140-2 approved cryptographic algorithms.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"ldap_client_tls_cacertpath" =

>> ownerid=3D"RHEL-06-000253" disa=3D"776" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38626" SVKey=3D"50427" VRelease=3D"1" />
>>           <title>The LDAP client must use a TLS connection using =

>> trust certificates signed by the site CA.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"package_openldap-servers_removed" ownerid=3D"RHEL-06-000256" =

>> disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38627" SVKey=3D"50428" VRelease=3D"1" />
>>           <title>The openldap-servers package must not be installed =

>> unless required.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"set_screensaver_inactivity_timeout" ownerid=3D"RHEL-06-000257" =

>> disa=3D"57" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38629" SVKey=3D"50430" VRelease=3D"2" />
>>           <title>The graphical desktop environment must set the idle =

>> timeout to no more than 15 minutes.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"enable_screensaver_after_idle" ownerid=3D"RHEL-06-000258" =

>> disa=3D"57" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38630" SVKey=3D"50431" VRelease=3D"2" />
>>           <title>The graphical desktop environment must automatically =

>> lock after 15 minutes of inactivity and the system must require user =

>> to re-authenticate to unlock the environment.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"enable_screensaver_password_lock" ownerid=3D"RHEL-06-000259" =

>> disa=3D"57" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38638" SVKey=3D"50439" VRelease=3D"2" />
>>           <title>The graphical desktop environment must have =

>> automatic lock enabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"set_blank_screensaver" =

>> ownerid=3D"RHEL-06-000260" disa=3D"60" severity=3D"low">
>> +        <VMSinfo VKey=3D"38639" SVKey=3D"50440" VRelease=3D"2" />
>>           <title>The system must display a publicly-viewable pattern =

>> during a graphical desktop environment session lock.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_abrtd_disabled" =

>> ownerid=3D"RHEL-06-000261" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38640" SVKey=3D"50441" VRelease=3D"2" />
>>           <title>The Automatic Bug Reporting Tool (abrtd) service =

>> must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_atd_disabled" =

>> ownerid=3D"RHEL-06-000262" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38641" SVKey=3D"50442" VRelease=3D"2" />
>>           <title>The atd service must be disabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_autofs_disabled" =

>> ownerid=3D"RHEL-06-000263" disa=3D"1250" severity=3D"low">
>>           <title>Automated file system mounting tools must not be =

>> enabled unless needed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_ntpdate_disabled" =

>> ownerid=3D"RHEL-06-000265" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38644" SVKey=3D"50445" VRelease=3D"2" />
>>           <title>The ntpdate service must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_oddjobd_disabled" =

>> ownerid=3D"RHEL-06-000266" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38646" SVKey=3D"50447" VRelease=3D"2" />
>>           <title>The oddjobd service must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_qpidd_disabled" =

>> ownerid=3D"RHEL-06-000267" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38648" SVKey=3D"50449" VRelease=3D"2" />
>>           <title>The qpidd service must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_rdisc_disabled" =

>> ownerid=3D"RHEL-06-000268" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38650" SVKey=3D"50451" VRelease=3D"2" />
>>           <title>The rdisc service must not be running.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"use_nodev_option_on_nfs_mounts" ownerid=3D"RHEL-06-000269" =

>> disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38652" SVKey=3D"50453" VRelease=3D"1" />
>>           <title>Remote file systems must be mounted with the "nodev" =

>> option.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"use_nosuid_option_on_nfs_mounts" ownerid=3D"RHEL-06-000270" =

>> disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38654" SVKey=3D"50455" VRelease=3D"1" />
>>           <title>Remote file systems must be mounted with the =

>> "nosuid" option.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"mountopt_noexec_on_removable_partitions" =

>> ownerid=3D"RHEL-06-000271" disa=3D"87" severity=3D"low">
>> +        <VMSinfo VKey=3D"38655" SVKey=3D"50456" VRelease=3D"1" />
>>           <title>The noexec option must be added to removable media =

>> partitions.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"require_smb_client_signing" =

>> ownerid=3D"RHEL-06-000272" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38656" SVKey=3D"50457" VRelease=3D"1" />
>>           <title>The system must use SMB client signing for =

>> connecting to samba servers using smbclient.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"require_smb_client_signing_mount.cifs" =

>> ownerid=3D"RHEL-06-000273" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38657" SVKey=3D"50458" VRelease=3D"1" />
>>           <title>The system must use SMB client signing for =

>> connecting to samba servers using mount.cifs.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"accounts_password_reuse_limit" ownerid=3D"RHEL-06-000274" =

>> disa=3D"200" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38658" SVKey=3D"50459" VRelease=3D"1" />
>>           <title>The system must prohibit the reuse of passwords =

>> within twenty-four iterations.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"encrypt_partitions" =

>> ownerid=3D"RHEL-06-000275" disa=3D"1019" severity=3D"low">
>> +        <VMSinfo VKey=3D"38659" SVKey=3D"50460" VRelease=3D"1" />
>>           <title>The operating system must employ cryptographic =

>> mechanisms to protect information in storage.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"encrypt_partitions" =

>> ownerid=3D"RHEL-06-000276" disa=3D"1199" severity=3D"low">
>> +        <VMSinfo VKey=3D"38661" SVKey=3D"50462" VRelease=3D"1" />
>>           <title>The operating system must protect the =

>> confidentiality and integrity of data at rest. </title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"encrypt_partitions" =

>> ownerid=3D"RHEL-06-000277" disa=3D"1200" severity=3D"low">
>> +        <VMSinfo VKey=3D"38662" SVKey=3D"50463" VRelease=3D"1" />
>>           <title>The operating system must employ cryptographic =

>> mechanisms to prevent unauthorized disclosure of data at rest unless =

>> otherwise protected by alternative physical measures.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000278" disa=3D"1493" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38663" SVKey=3D"50464" VRelease=3D"1" />
>>           <title>The system package management tool must verify =

>> permissions on all files and directories associated with the "audit" =

>> package.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000279" disa=3D"1494" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38664" SVKey=3D"50465" VRelease=3D"1" />
>>           <title>The system package management tool must verify =

>> ownership on all files and directories associated with the "audit" =

>> package.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000280" disa=3D"1495" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38665" SVKey=3D"50466" VRelease=3D"1" />
>>           <title>The system package management tool must verify =

>> group-ownership on all files and directories associated with the =

>> "audit" package.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000281" disa=3D"1496" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38637" SVKey=3D"50438" VRelease=3D"2" />
>>           <title>The system package management tool must verify =

>> contents of all files associated with the audit package.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"world_writeable_files" =

>> ownerid=3D"RHEL-06-000282" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38643" SVKey=3D"50444" VRelease=3D"2" />
>>           <title>There must be no world-writable files on the =

>> system.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"install_antivirus" =

>> ownerid=3D"RHEL-06-000284" disa=3D"1668" severity=3D"high">
>> +        <VMSinfo VKey=3D"38666" SVKey=3D"50467" VRelease=3D"1" />
>>           <title>The system must use and update a DoD-approved virus =

>> scan program.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"install_hids" =

>> ownerid=3D"RHEL-06-000285" disa=3D"1263" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38667" SVKey=3D"50468" VRelease=3D"1" />
>>           <title>The system must have a host-based intrusion =

>> detection tool installed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_ctrlaltdel_reboot" =

>> ownerid=3D"RHEL-06-000286" disa=3D"366" severity=3D"high">
>> +        <VMSinfo VKey=3D"38668" SVKey=3D"50469" VRelease=3D"1" />
>>           <title>The x86 Ctrl-Alt-Delete key sequence must be =

>> disabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_postfix_enabled" =

>> ownerid=3D"RHEL-06-000287" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38669" SVKey=3D"50470" VRelease=3D"1" />
>>           <title>The postfix service must be enabled for mail =

>> delivery.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"package_sendmail_removed" =

>> ownerid=3D"RHEL-06-000288" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38671" SVKey=3D"50472" VRelease=3D"1" />
>>           <title>The sendmail package must be removed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_netconsole_disabled" =

>> ownerid=3D"RHEL-06-000289" disa=3D"382" severity=3D"low">
>> +        <VMSinfo VKey=3D"38672" SVKey=3D"50473" VRelease=3D"2" />
>>           <title>The netconsole service must be disabled unless =

>> required.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"disable_xwindows_with_runlevel" ownerid=3D"RHEL-06-000290" =

>> disa=3D"1436" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38674" SVKey=3D"50475" VRelease=3D"1" />
>>           <title>X Windows must not be enabled unless required.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"packagegroup_xwindows_remove=
" =

>> ownerid=3D"RHEL-06-000291" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38676" SVKey=3D"50477" VRelease=3D"1" />
>>           <title>The xorg-x11-server-common (X Windows) package must =

>> not be installed, unless required.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_dhcp_client" =

>> ownerid=3D"RHEL-06-000292" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38679" SVKey=3D"50480" VRelease=3D"1" />
>>           <title>The DHCP client must be disabled if not needed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"gid_passwd_group_same" =

>> ownerid=3D"RHEL-06-000294" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38681" SVKey=3D"50482" VRelease=3D"1" />
>>           <title>All GIDs referenced in /etc/passwd must be defined =

>> in /etc/group</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"account_unique_name" =

>> ownerid=3D"RHEL-06-000296" disa=3D"804" severity=3D"low">
>> +        <VMSinfo VKey=3D"38683" SVKey=3D"50484" VRelease=3D"1" />
>>           <title>All accounts on the system must have unique user or =

>> account names</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000297" disa=3D"16" severity=3D"low">
>> +        <VMSinfo VKey=3D"38685" SVKey=3D"50486" VRelease=3D"1" />
>>           <title>Temporary accounts must be provisioned with an =

>> expiration date.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000298" disa=3D"1682" severity=3D"low">
>> +        <VMSinfo VKey=3D"38690" SVKey=3D"50491" VRelease=3D"1" />
>>           <title>Emergency accounts must be provisioned with an =

>> expiration date.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"password_require_consecrepeat" ownerid=3D"RHEL-06-000299" =

>> disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38693" SVKey=3D"50494" VRelease=3D"1" />
>>           <title>The system must require passwords to contain no more =

>> than three consecutive repeating characters.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"no_files_unowned_by_user" =

>> ownerid=3D"RHEL-06-000300" disa=3D"224" severity=3D"low">
>> @@ -670,111 +866,146 @@
>>           <title>All files must be owned by a group.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"aide_periodic_cron_checking" =

>> ownerid=3D"RHEL-06-000302" disa=3D"374" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38695" SVKey=3D"50496" VRelease=3D"1" />
>>           <title>A file integrity tool must be used at least weekly =

>> to check for unauthorized file changes, particularly the addition of =

>> unauthorized system libraries or binaries, or for unauthorized =

>> modification to authorized system libraries or binaries.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"aide_periodic_cron_checking" =

>> ownerid=3D"RHEL-06-000303" disa=3D"416" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38696" SVKey=3D"50497" VRelease=3D"1" />
>>           <title>The operating system must employ automated =

>> mechanisms, per organization defined frequency, to detect the =

>> addition of unauthorized components/devices into the operating =

>> system.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"aide_periodic_cron_checking" =

>> ownerid=3D"RHEL-06-000304" disa=3D"1069" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38698" SVKey=3D"50499" VRelease=3D"1" />
>>           <title>The operating system must employ automated =

>> mechanisms to detect the presence of unauthorized software on =

>> organizational information systems and notify designated =

>> organizational officials in accordance with the organization defined =

>> frequency.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"aide_periodic_cron_checking" =

>> ownerid=3D"RHEL-06-000305" disa=3D"1263" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38700" SVKey=3D"50501" VRelease=3D"1" />
>>           <title>The operating system must provide a near real-time =

>> alert when any of the organization defined list of compromise or =

>> potential compromise indicators occurs. </title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"aide_periodic_cron_checking" =

>> ownerid=3D"RHEL-06-000306" disa=3D"1297" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38670" SVKey=3D"50471" VRelease=3D"1" />
>>           <title>The operating system must detect unauthorized =

>> changes to software and information. </title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"aide_periodic_cron_checking" =

>> ownerid=3D"RHEL-06-000307" disa=3D"1589" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38673" SVKey=3D"50474" VRelease=3D"1" />
>>           <title>The operating system must ensure unauthorized, =

>> security-relevant configuration changes detected are tracked.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"disable_users_coredumps" =

>> ownerid=3D"RHEL-06-000308" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38675" SVKey=3D"50476" VRelease=3D"1" />
>>           <title>Process core dumps must be disabled unless =

>> needed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"no_insecure_locks_exports" =

>> ownerid=3D"RHEL-06-000309" disa=3D"764" severity=3D"high">
>> +        <VMSinfo VKey=3D"38677" SVKey=3D"50478" VRelease=3D"1" />
>>           <title>The NFS server must not have the insecure file =

>> locking option enabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"auditd_data_retention_space_left_action" =

>> ownerid=3D"RHEL-06-000311" disa=3D"143" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38678" SVKey=3D"50479" VRelease=3D"1" />
>>           <title>The audit system must provide a warning when =

>> allocated audit record storage volume reaches a documented percentage =

>> of maximum audit record storage capacity.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"auditd_data_retention_action_mail_acct" =

>> ownerid=3D"RHEL-06-000313" disa=3D"139" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38680" SVKey=3D"50481" VRelease=3D"1" />
>>           <title>The audit system must identify staff members to =

>> receive notifications of audit log storage volume capacity =

>> issues.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"kernel_module_bluetooth_disabled" ownerid=3D"RHEL-06-000315" =

>> disa=3D"85" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38682" SVKey=3D"50483" VRelease=3D"1" />
>>           <title>The Bluetooth kernel module must be disabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"kernel_module_usb-storage_disabled" ownerid=3D"RHEL-06-000317" =

>> disa=3D"1250" severity=3D"medium">
>>           <title>The system must have USB Mass Storage disabled =

>> unless needed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"accounts_max_concurrent_login_sessions" =

>> ownerid=3D"RHEL-06-000319" disa=3D"54" severity=3D"low">
>> +        <VMSinfo VKey=3D"38684" SVKey=3D"50485" VRelease=3D"1" />
>>           <title>The system must limit users to 10 simultaneous =

>> system logins, or a site-defined number, in accordance with =

>> operational requirements.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"set_iptables_default_rule_forward" ownerid=3D"RHEL-06-000320" =

>> disa=3D"1109" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38686" SVKey=3D"50487" VRelease=3D"1" />
>>           <title>The system's local firewall must implement a =

>> deny-all, allow-by-exception policy for forwarded packets.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"install_openswan" =

>> ownerid=3D"RHEL-06-000321" disa=3D"1130" severity=3D"low">
>> +        <VMSinfo VKey=3D"38687" SVKey=3D"50488" VRelease=3D"1" />
>>           <title>The system must provide VPN connectivity for =

>> communications over untrusted networks.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"enable_gdm_login_banner" =

>> ownerid=3D"RHEL-06-000324" disa=3D"50" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38688" SVKey=3D"50489" VRelease=3D"2" />
>>           <title>A login banner must be displayed immediately prior =

>> to, or as part of, graphical desktop environment login prompts.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"set_gdm_login_banner_text" =

>> ownerid=3D"RHEL-06-000326" disa=3D"1384, 1385, 1386, 1387, 1388" =

>> severity=3D"medium">
>> +        <VMSinfo VKey=3D"38689" SVKey=3D"50490" VRelease=3D"2" />
>>           <title>The Department of Defense (DoD) login banner must be =

>> displayed immediately prior to, or as part of, graphical desktop =

>> environment login prompts.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_bluetooth_disabled" =

>> ownerid=3D"RHEL-06-000331" disa=3D"85" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38691" SVKey=3D"50492" VRelease=3D"1" />
>>           <title>The Bluetooth service must be disabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"account_disable_post_pw_expiration" ownerid=3D"RHEL-06-000334" =

>> disa=3D"17" severity=3D"low">
>> +        <VMSinfo VKey=3D"38692" SVKey=3D"50493" VRelease=3D"1" />
>>           <title>Accounts must be locked upon 35 days of =

>> inactivity.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"account_disable_post_pw_expiration" ownerid=3D"RHEL-06-000335" =

>> disa=3D"795" severity=3D"low">
>> +        <VMSinfo VKey=3D"38694" SVKey=3D"50495" VRelease=3D"1" />
>>           <title>The operating system must manage information system =

>> identifiers for users and devices by disabling the user identifier =

>> after an organization defined time period of inactivity.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"sticky_world_writable_dirs" =

>> ownerid=3D"RHEL-06-000336" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38697" SVKey=3D"50498" VRelease=3D"2" />
>>           <title>The sticky bit must be set on all public =

>> directories.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"world_writable_files_system_ownership" =

>> ownerid=3D"RHEL-06-000337" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38699" SVKey=3D"50500" VRelease=3D"2" />
>>           <title>All public directories must be owned by a system =

>> account.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"tftpd_uses_secure_mode" =

>> ownerid=3D"RHEL-06-000338" disa=3D"366" severity=3D"high">
>> +        <VMSinfo VKey=3D"38701" SVKey=3D"50502" VRelease=3D"1" />
>>           <title>The TFTP daemon must operate in "secure mode" which =

>> provides access only to a single directory on the host file =

>> system.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"ftp_log_transactions" =

>> ownerid=3D"RHEL-06-000339" disa=3D"130" severity=3D"low">
>> +        <VMSinfo VKey=3D"38702" SVKey=3D"50503" VRelease=3D"1" />
>>           <title>The FTP daemon must be configured for logging or =

>> verbose mode.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"snmpd_use_newer_protocol" =

>> ownerid=3D"RHEL-06-000340" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38660" SVKey=3D"50461" VRelease=3D"1" />
>>           <title>The snmpd service must use only SNMP protocol =

>> version 3 or newer.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"snmpd_not_default_password" =

>> ownerid=3D"RHEL-06-000341" disa=3D"366" severity=3D"high">
>> +        <VMSinfo VKey=3D"38653" SVKey=3D"50454" VRelease=3D"1" />
>>           <title>The snmpd service must not use a default =

>> password.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"accounts_umask_bashrc" =

>> ownerid=3D"RHEL-06-000342" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38651" SVKey=3D"50452" VRelease=3D"1" />
>>           <title>The system default umask for the bash shell must be =

>> 077.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"accounts_umask_cshrc" =

>> ownerid=3D"RHEL-06-000343" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38649" SVKey=3D"50450" VRelease=3D"1" />
>>           <title>The system default umask for the csh shell must be =

>> 077.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"accounts_umask_etc_profile" =

>> ownerid=3D"RHEL-06-000344" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38647" SVKey=3D"50448" VRelease=3D"1" />
>>           <title>The system default umask in /etc/profile must be =

>> 077.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"accounts_umask_login_defs" =

>> ownerid=3D"RHEL-06-000345" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38645" SVKey=3D"50446" VRelease=3D"1" />
>>           <title>The system default umask in /etc/login.defs must be =

>> 077.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"umask_for_daemons" =

>> ownerid=3D"RHEL-06-000346" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38642" SVKey=3D"50443" VRelease=3D"1" />
>>           <title>The system default umask for daemons must be 027 or =

>> 022.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"no_netrc_files" =

>> ownerid=3D"RHEL-06-000347" disa=3D"196" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38619" SVKey=3D"50420" VRelease=3D"1" />
>>           <title>There must be no .netrc files on the system.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"ftp_present_banner" =

>> ownerid=3D"RHEL-06-000348" disa=3D"48" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38599" SVKey=3D"50400" VRelease=3D"1" />
>>           <title>The FTPS/FTP service on the system must be =

>> configured with the Department of Defense (DoD) login banner.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"smartcard_auth" =

>> ownerid=3D"RHEL-06-000349" disa=3D"765" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38595" SVKey=3D"50396" VRelease=3D"1" />
>>           <title>The system must be configured to require the use of =

>> a CAC, PIV compliant hardware token, or Alternate Logon Token (ALT) =

>> for authentication.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"deny_password_attempts_unlock_time" ownerid=3D"RHEL-06-000356" =

>> disa=3D"47" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38592" SVKey=3D"50393" VRelease=3D"1" />
>>           <title>The system must require administrator action to =

>> unlock an account locked by excessive failed login attempts.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"accounts_passwords_pam_fail_interval" =

>> ownerid=3D"RHEL-06-000357" disa=3D"1452" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38501" SVKey=3D"50302" VRelease=3D"2" />
>>           <title>The system must disable accounts after excessive =

>> login failures within a 15-minute interval.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"unselected" =

>> ownerid=3D"RHEL-06-000359" disa=3D"20" severity=3D"medium">
>> @@ -823,12 +1054,15 @@
>>           <title>The operating system must use internal system clocks =

>> to generate time stamps for audit records.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_logs_permissions" =

>> ownerid=3D"RHEL-06-000383" disa=3D"163" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38498" SVKey=3D"50299" VRelease=3D"1" />
>>           <title>Audit log files must have mode 0640 or less =

>> permissive.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"audit_logs_rootowner" =

>> ownerid=3D"RHEL-06-000384" disa=3D"162" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38495" SVKey=3D"50296" VRelease=3D"1" />
>>           <title>Audit log files must be owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000385" disa=3D"164" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38493" SVKey=3D"50294" VRelease=3D"1" />
>>           <title>Audit log directories must have mode 0755 or less =

>> permissive.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"met_inherently_generic" =

>> ownerid=3D"RHEL-06-000387" disa=3D"171" severity=3D"medium">
>> @@ -994,30 +1228,39 @@
>>           <title>The operating system must respond to security =

>> function anomalies in accordance with organization defined responses =

>> and alternative action(s).</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" =

>> ruleid=3D"kernel_module_usb-storage_disabled" ownerid=3D"RHEL-06-000503" =

>> disa=3D"86" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38490" SVKey=3D"50291" VRelease=3D"1" />
>>           <title>The system must have USB Mass Storage disabled =

>> unless needed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000504" disa=3D"535" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38488" SVKey=3D"50289" VRelease=3D"1" />
>>           <title>The operating system must conduct backups of =

>> user-level information contained in the operating system per =

>> organization defined frequency to conduct backups consistent with =

>> recovery time and recovery point objectives.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000505" disa=3D"537" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38486" SVKey=3D"50287" VRelease=3D"1" />
>>           <title>The operating system must conduct backups of =

>> system-level information contained in the information system per =

>> organization defined frequency to conduct backups that are consistent =

>> with recovery time and recovery point objectives.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000506" disa=3D"52" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38485" SVKey=3D"50286" VRelease=3D"1" />
>>           <title>The operating system, upon successful logon, must =

>> display to the user the date and time of the last logon or access via =

>> a local console or tty.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000507" disa=3D"52" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38484" SVKey=3D"50285" VRelease=3D"1" />
>>           <title>The operating system, upon successful logon, must =

>> display to the user the date and time of the last logon or access via =

>> ssh.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000508" disa=3D"58" severity=3D"low">
>> +        <VMSinfo VKey=3D"38474" SVKey=3D"50274" VRelease=3D"1" />
>>           <title>The system must allow locking of graphical desktop =

>> sessions.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"configure_auditd_audispd" =

>> ownerid=3D"RHEL-06-000509" disa=3D"136" severity=3D"low">
>> +        <VMSinfo VKey=3D"38471" SVKey=3D"50271" VRelease=3D"1" />
>>           <title>The system must forward audit records to the syslog =

>> service.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000510" disa=3D"140" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38468" SVKey=3D"50268" VRelease=3D"1" />
>>           <title>The audit system must take appropriate action when =

>> the audit storage volume is full.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000511" disa=3D"140" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38464" SVKey=3D"50264" VRelease=3D"1" />
>>           <title>The audit system must take appropriate action when =

>> there are disk errors on the audit storage volume.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"unmet_finding_nonselected" =

>> ownerid=3D"RHEL-06-000512" disa=3D"144" severity=3D"medium">
>> @@ -1027,39 +1270,51 @@
>>           <title>The audit system must alert designated staff members =

>> when audit storage volume is generating disk errors.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000514" disa=3D"352" severity=3D"high">
>> +        <VMSinfo VKey=3D"38462" SVKey=3D"50262" VRelease=3D"1" />
>>           <title>The RPM package management tool must =

>> cryptographically verify the authenticity of all software packages =

>> during installation.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000515" disa=3D"764" severity=3D"low">
>> +        <VMSinfo VKey=3D"38460" SVKey=3D"50260" VRelease=3D"1" />
>>           <title>The NFS server must not have the all_squash option =

>> enabled.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000516" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38454" SVKey=3D"50254" VRelease=3D"1" />
>>           <title>The system package management tool must verify =

>> ownership on all files and directories associated with packages.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000517" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38453" SVKey=3D"50253" VRelease=3D"1" />
>>           <title>The system package management tool must verify =

>> group-ownership on all files and directories associated with =

>> packages.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"rpm_verify_permissions" =

>> ownerid=3D"RHEL-06-000518" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38452" SVKey=3D"50252" VRelease=3D"1" />
>>           <title>The system package management tool must verify =

>> permissions on all files and directories associated with =

>> packages.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"rpm_verify_hashes" =

>> ownerid=3D"RHEL-06-000519" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38447" SVKey=3D"50247" VRelease=3D"2" />
>>           <title>The system package management tool must verify =

>> contents of all files associated with packages.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000521" disa=3D"366" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38446" SVKey=3D"50246" VRelease=3D"1" />
>>           <title>The mail system must forward all mail for root to =

>> one or more system administrators.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000522" disa=3D"162" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38445" SVKey=3D"50245" VRelease=3D"1" />
>>           <title>Audit log files must be group-owned by root.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000523" disa=3D"66" severity=3D"medium">
>> +        <VMSinfo VKey=3D"38444" SVKey=3D"50244" VRelease=3D"1" />
>>           <title>The system's local IPv6 firewall must implement a =

>> deny-all, allow-by-exception policy for inbound packets.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"XXXX" =

>> ownerid=3D"RHEL-06-000524" disa=3D"15" severity=3D"low">
>> +        <VMSinfo VKey=3D"38439" SVKey=3D"50239" VRelease=3D"1" />
>>           <title>The system must provide automated support for =

>> account management functions.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"enable_auditd_bootloader" =

>> ownerid=3D"RHEL-06-000525" disa=3D"169" severity=3D"low">
>> +        <VMSinfo VKey=3D"38438" SVKey=3D"50238" VRelease=3D"1" />
>>           <title>Auditing must be enabled at boot by setting a kernel =

>> parameter.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"service_autofs_disabled" =

>> ownerid=3D"RHEL-06-000526" disa=3D"366" severity=3D"low">
>> +        <VMSinfo VKey=3D"38437" SVKey=3D"50237" VRelease=3D"1" />
>>           <title>Automated file system mounting tools must not be =

>> enabled unless needed.</title>
>>       </overlay>
>>       <overlay owner=3D"disastig" ruleid=3D"unmet_nonfinding_scope" =

>> ownerid=3D"SRG-OS-000006-NA" disa=3D"21" severity=3D"medium">
>
> oh wow. hopefully you found a way to script this =3D/ Incredibly useful!
>
> We'll have to update the transforms to reflect these, akin to the =

> <ref> tags.... I'm at SC13 this week. Perhaps someone is feeling =

> ambitious?

+ack


--===============2081371154702086732==--