audit_rules_dac_modification_chmodRecord Events that Modify the System's Discretionary Access Controls - chmod
audit_rules_dac_modification_chownRecord Events that Modify the System's Discretionary Access Controls - chown
audit_rules_dac_modification_fchmodRecord Events that Modify the System's Discretionary Access Controls - fchmod
audit_rules_dac_modification_fchmodatRecord Events that Modify the System's Discretionary Access Controls - fchmodat
audit_rules_dac_modification_fchownRecord Events that Modify the System's Discretionary Access Controls - fchown
audit_rules_dac_modification_fchownatRecord Events that Modify the System's Discretionary Access Controls - fchownat
audit_rules_dac_modification_fremovexattrRecord Events that Modify the System's Discretionary Access Controls - fremovexattr
audit_rules_dac_modification_fsetxattrRecord Events that Modify the System's Discretionary Access Controls - fsetxattr
audit_rules_dac_modification_lchownRecord Events that Modify the System's Discretionary Access Controls - lchown
audit_rules_dac_modification_lremovexattrRecord Events that Modify the System's Discretionary Access Controls - lremovexattr
audit_rules_dac_modification_lsetxattrRecord Events that Modify the System's Discretionary Access Controls - lsetxattr
audit_rules_dac_modification_removexattrRecord Events that Modify the System's Discretionary Access Controls - removexattr
audit_rules_dac_modification_setxattrRecord Events that Modify the System's Discretionary Access Controls - setxattr
audit_rules_etc_group_openRecord Events that Modify User/Group Information via open syscall - /etc/group
audit_rules_etc_group_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
audit_rules_etc_group_openatRecord Events that Modify User/Group Information via openat syscall - /etc/group
audit_rules_etc_gshadow_openRecord Events that Modify User/Group Information via open syscall - /etc/gshadow
audit_rules_etc_gshadow_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow
audit_rules_etc_gshadow_openatRecord Events that Modify User/Group Information via openat syscall - /etc/gshadow
audit_rules_etc_passwd_openRecord Events that Modify User/Group Information via open syscall - /etc/passwd
audit_rules_etc_passwd_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd
audit_rules_etc_passwd_openatRecord Events that Modify User/Group Information via openat syscall - /etc/passwd
audit_rules_etc_shadow_openRecord Events that Modify User/Group Information via open syscall - /etc/shadow
audit_rules_etc_shadow_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow
audit_rules_etc_shadow_openatRecord Events that Modify User/Group Information via openat syscall - /etc/shadow
audit_rules_execution_chconRecord Any Attempts to Run chcon
audit_rules_execution_restoreconRecord Any Attempts to Run restorecon
audit_rules_execution_semanageRecord Any Attempts to Run semanage
audit_rules_execution_setfilesRecord Any Attempts to Run setfiles
audit_rules_execution_setseboolRecord Any Attempts to Run setsebool
audit_rules_execution_seunshareRecord Any Attempts to Run seunshare
audit_rules_file_deletion_eventsEnsure auditd Collects File Deletion Events by User
audit_rules_file_deletion_events_renameEnsure auditd Collects File Deletion Events by User - rename
audit_rules_file_deletion_events_renameatEnsure auditd Collects File Deletion Events by User - renameat
audit_rules_file_deletion_events_rmdirEnsure auditd Collects File Deletion Events by User - rmdir
audit_rules_file_deletion_events_unlinkEnsure auditd Collects File Deletion Events by User - unlink
audit_rules_file_deletion_events_unlinkatEnsure auditd Collects File Deletion Events by User - unlinkat
audit_rules_kernel_module_loadingEnsure auditd Collects Information on Kernel Module Loading and Unloading
audit_rules_kernel_module_loading_deleteEnsure auditd Collects Information on Kernel Module Unloading - delete_module
audit_rules_kernel_module_loading_finitEnsure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
audit_rules_kernel_module_loading_initEnsure auditd Collects Information on Kernel Module Loading - init_module
audit_rules_login_eventsRecord Attempts to Alter Logon and Logout Events
audit_rules_login_events_faillockRecord Attempts to Alter Logon and Logout Events - faillock
audit_rules_login_events_lastlogRecord Attempts to Alter Logon and Logout Events - lastlog
audit_rules_login_events_tallylogRecord Attempts to Alter Logon and Logout Events - tallylog
audit_rules_mac_modificationRecord Events that Modify the System's Mandatory Access Controls
audit_rules_media_exportEnsure auditd Collects Information on Exporting to Media (successful)
audit_rules_networkconfig_modificationRecord Events that Modify the System's Network Environment
audit_rules_privileged_commandsEnsure auditd Collects Information on the Use of Privileged Commands
audit_rules_privileged_commands_atEnsure auditd Collects Information on the Use of Privileged Commands - at
audit_rules_privileged_commands_chageEnsure auditd Collects Information on the Use of Privileged Commands - chage
audit_rules_privileged_commands_chshEnsure auditd Collects Information on the Use of Privileged Commands - chsh
audit_rules_privileged_commands_crontabEnsure auditd Collects Information on the Use of Privileged Commands - crontab
audit_rules_privileged_commands_gpasswdEnsure auditd Collects Information on the Use of Privileged Commands - gpasswd
audit_rules_privileged_commands_mountEnsure auditd Collects Information on the Use of Privileged Commands - mount
audit_rules_privileged_commands_newgidmapEnsure auditd Collects Information on the Use of Privileged Commands - newgidmap
audit_rules_privileged_commands_newgrpEnsure auditd Collects Information on the Use of Privileged Commands - newgrp
audit_rules_privileged_commands_newuidmapEnsure auditd Collects Information on the Use of Privileged Commands - newuidmap
audit_rules_privileged_commands_pam_timestamp_checkEnsure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
audit_rules_privileged_commands_passwdEnsure auditd Collects Information on the Use of Privileged Commands - passwd
audit_rules_privileged_commands_postdropEnsure auditd Collects Information on the Use of Privileged Commands - postdrop
audit_rules_privileged_commands_postqueueEnsure auditd Collects Information on the Use of Privileged Commands - postqueue
audit_rules_privileged_commands_pt_chownEnsure auditd Collects Information on the Use of Privileged Commands - pt_chown
audit_rules_privileged_commands_ssh_keysignEnsure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
audit_rules_privileged_commands_suEnsure auditd Collects Information on the Use of Privileged Commands - su
audit_rules_privileged_commands_sudoEnsure auditd Collects Information on the Use of Privileged Commands - sudo
audit_rules_privileged_commands_sudoeditEnsure auditd Collects Information on the Use of Privileged Commands - sudoedit
audit_rules_privileged_commands_umountEnsure auditd Collects Information on the Use of Privileged Commands - umount
audit_rules_privileged_commands_unix_chkpwdEnsure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
audit_rules_privileged_commands_userhelperEnsure auditd Collects Information on the Use of Privileged Commands - userhelper
audit_rules_privileged_commands_usernetctlEnsure auditd Collects Information on the Use of Privileged Commands - usernetctl
audit_rules_session_eventsRecord Attempts to Alter Process and Session Initiation Information
audit_rules_sysadmin_actionsEnsure auditd Collects System Administrator Actions
audit_rules_time_adjtimexRecord attempts to alter time through adjtimex
audit_rules_time_clock_settimeRecord Attempts to Alter Time Through clock_settime
audit_rules_time_settimeofdayRecord attempts to alter time through settimeofday
audit_rules_time_stimeRecord Attempts to Alter Time Through stime
audit_rules_time_watch_localtimeRecord Attempts to Alter the localtime File
audit_rules_unsuccessful_file_modificationEnsure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
audit_rules_unsuccessful_file_modification_chmodRecord Unsuccessul Permission Changes to Files - chmod
audit_rules_unsuccessful_file_modification_chownRecord Unsuccessul Ownership Changes to Files - chown
audit_rules_unsuccessful_file_modification_creatRecord Unsuccessful Access Attempts to Files - creat
audit_rules_unsuccessful_file_modification_fchmodRecord Unsuccessul Permission Changes to Files - fchmod
audit_rules_unsuccessful_file_modification_fchmodatRecord Unsuccessul Permission Changes to Files - fchmodat
audit_rules_unsuccessful_file_modification_fchownRecord Unsuccessul Ownership Changes to Files - fchown
audit_rules_unsuccessful_file_modification_fchownatRecord Unsuccessul Ownership Changes to Files - fchownat
audit_rules_unsuccessful_file_modification_fremovexattrRecord Unsuccessul Permission Changes to Files - fremovexattr
audit_rules_unsuccessful_file_modification_fsetxattrRecord Unsuccessul Permission Changes to Files - fsetxattr
audit_rules_unsuccessful_file_modification_ftruncateRecord Unsuccessful Access Attempts to Files - ftruncate
audit_rules_unsuccessful_file_modification_lchownRecord Unsuccessul Ownership Changes to Files - lchown
audit_rules_unsuccessful_file_modification_lremovexattrRecord Unsuccessul Permission Changes to Files - lremovexattr
audit_rules_unsuccessful_file_modification_lsetxattrRecord Unsuccessul Permission Changes to Files - lsetxattr
audit_rules_unsuccessful_file_modification_openRecord Unsuccessful Access Attempts to Files - open
audit_rules_unsuccessful_file_modification_open_by_handle_atRecord Unsuccessful Access Attempts to Files - open_by_handle_at
audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creatRecord Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_orderEnsure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
audit_rules_unsuccessful_file_modification_open_o_creatRecord Unsuccessful Creation Attempts to Files - open O_CREAT
audit_rules_unsuccessful_file_modification_open_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_open_rule_orderEnsure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
audit_rules_unsuccessful_file_modification_openatRecord Unsuccessful Access Attempts to Files - openat
audit_rules_unsuccessful_file_modification_openat_o_creatRecord Unsuccessful Creation Attempts to Files - openat O_CREAT
audit_rules_unsuccessful_file_modification_openat_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_openat_rule_orderEnsure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
audit_rules_unsuccessful_file_modification_removexattrRecord Unsuccessul Permission Changes to Files - removexattr
audit_rules_unsuccessful_file_modification_renameRecord Unsuccessul Delete Attempts to Files - rename
audit_rules_unsuccessful_file_modification_renameatRecord Unsuccessul Delete Attempts to Files - renameat
audit_rules_unsuccessful_file_modification_setxattrRecord Unsuccessul Permission Changes to Files - setxattr
audit_rules_unsuccessful_file_modification_truncateRecord Unsuccessful Access Attempts to Files - truncate
audit_rules_unsuccessful_file_modification_unlinkRecord Unsuccessul Delete Attempts to Files - unlink
audit_rules_unsuccessful_file_modification_unlinkatRecord Unsuccessul Delete Attempts to Files - unlinkat
audit_rules_usergroup_modificationRecord Events that Modify User/Group Information
audit_rules_usergroup_modification_groupRecord Events that Modify User/Group Information - /etc/group
audit_rules_usergroup_modification_gshadowRecord Events that Modify User/Group Information - /etc/gshadow
audit_rules_usergroup_modification_opasswdRecord Events that Modify User/Group Information - /etc/security/opasswd
audit_rules_usergroup_modification_passwdRecord Events that Modify User/Group Information - /etc/passwd
audit_rules_usergroup_modification_shadowRecord Events that Modify User/Group Information - /etc/shadow
dhcp_server_configure_loggingConfigure Logging
directory_access_var_log_auditRecord Access Events to Audit Log Directory
service_auditd_enabledEnable auditd Service
audit_rules_dac_modification_chmodRecord Events that Modify the System's Discretionary Access Controls - chmod
audit_rules_dac_modification_chownRecord Events that Modify the System's Discretionary Access Controls - chown
audit_rules_dac_modification_fchmodRecord Events that Modify the System's Discretionary Access Controls - fchmod
audit_rules_dac_modification_fchmodatRecord Events that Modify the System's Discretionary Access Controls - fchmodat
audit_rules_dac_modification_fchownRecord Events that Modify the System's Discretionary Access Controls - fchown
audit_rules_dac_modification_fchownatRecord Events that Modify the System's Discretionary Access Controls - fchownat
audit_rules_dac_modification_fremovexattrRecord Events that Modify the System's Discretionary Access Controls - fremovexattr
audit_rules_dac_modification_fsetxattrRecord Events that Modify the System's Discretionary Access Controls - fsetxattr
audit_rules_dac_modification_lchownRecord Events that Modify the System's Discretionary Access Controls - lchown
audit_rules_dac_modification_lremovexattrRecord Events that Modify the System's Discretionary Access Controls - lremovexattr
audit_rules_dac_modification_lsetxattrRecord Events that Modify the System's Discretionary Access Controls - lsetxattr
audit_rules_dac_modification_removexattrRecord Events that Modify the System's Discretionary Access Controls - removexattr
audit_rules_dac_modification_setxattrRecord Events that Modify the System's Discretionary Access Controls - setxattr
audit_rules_etc_group_openRecord Events that Modify User/Group Information via open syscall - /etc/group
audit_rules_etc_group_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
audit_rules_etc_group_openatRecord Events that Modify User/Group Information via openat syscall - /etc/group
audit_rules_etc_gshadow_openRecord Events that Modify User/Group Information via open syscall - /etc/gshadow
audit_rules_etc_gshadow_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow
audit_rules_etc_gshadow_openatRecord Events that Modify User/Group Information via openat syscall - /etc/gshadow
audit_rules_etc_passwd_openRecord Events that Modify User/Group Information via open syscall - /etc/passwd
audit_rules_etc_passwd_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd
audit_rules_etc_passwd_openatRecord Events that Modify User/Group Information via openat syscall - /etc/passwd
audit_rules_etc_shadow_openRecord Events that Modify User/Group Information via open syscall - /etc/shadow
audit_rules_etc_shadow_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow
audit_rules_etc_shadow_openatRecord Events that Modify User/Group Information via openat syscall - /etc/shadow
audit_rules_execution_chconRecord Any Attempts to Run chcon
audit_rules_execution_restoreconRecord Any Attempts to Run restorecon
audit_rules_execution_semanageRecord Any Attempts to Run semanage
audit_rules_execution_setfilesRecord Any Attempts to Run setfiles
audit_rules_execution_setseboolRecord Any Attempts to Run setsebool
audit_rules_execution_seunshareRecord Any Attempts to Run seunshare
audit_rules_file_deletion_eventsEnsure auditd Collects File Deletion Events by User
audit_rules_file_deletion_events_renameEnsure auditd Collects File Deletion Events by User - rename
audit_rules_file_deletion_events_renameatEnsure auditd Collects File Deletion Events by User - renameat
audit_rules_file_deletion_events_rmdirEnsure auditd Collects File Deletion Events by User - rmdir
audit_rules_file_deletion_events_unlinkEnsure auditd Collects File Deletion Events by User - unlink
audit_rules_file_deletion_events_unlinkatEnsure auditd Collects File Deletion Events by User - unlinkat
audit_rules_kernel_module_loadingEnsure auditd Collects Information on Kernel Module Loading and Unloading
audit_rules_kernel_module_loading_deleteEnsure auditd Collects Information on Kernel Module Unloading - delete_module
audit_rules_kernel_module_loading_finitEnsure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
audit_rules_kernel_module_loading_initEnsure auditd Collects Information on Kernel Module Loading - init_module
audit_rules_login_eventsRecord Attempts to Alter Logon and Logout Events
audit_rules_login_events_faillockRecord Attempts to Alter Logon and Logout Events - faillock
audit_rules_login_events_lastlogRecord Attempts to Alter Logon and Logout Events - lastlog
audit_rules_login_events_tallylogRecord Attempts to Alter Logon and Logout Events - tallylog
audit_rules_mac_modificationRecord Events that Modify the System's Mandatory Access Controls
audit_rules_media_exportEnsure auditd Collects Information on Exporting to Media (successful)
audit_rules_networkconfig_modificationRecord Events that Modify the System's Network Environment
audit_rules_privileged_commandsEnsure auditd Collects Information on the Use of Privileged Commands
audit_rules_privileged_commands_atEnsure auditd Collects Information on the Use of Privileged Commands - at
audit_rules_privileged_commands_chageEnsure auditd Collects Information on the Use of Privileged Commands - chage
audit_rules_privileged_commands_chshEnsure auditd Collects Information on the Use of Privileged Commands - chsh
audit_rules_privileged_commands_crontabEnsure auditd Collects Information on the Use of Privileged Commands - crontab
audit_rules_privileged_commands_gpasswdEnsure auditd Collects Information on the Use of Privileged Commands - gpasswd
audit_rules_privileged_commands_mountEnsure auditd Collects Information on the Use of Privileged Commands - mount
audit_rules_privileged_commands_newgidmapEnsure auditd Collects Information on the Use of Privileged Commands - newgidmap
audit_rules_privileged_commands_newgrpEnsure auditd Collects Information on the Use of Privileged Commands - newgrp
audit_rules_privileged_commands_newuidmapEnsure auditd Collects Information on the Use of Privileged Commands - newuidmap
audit_rules_privileged_commands_pam_timestamp_checkEnsure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
audit_rules_privileged_commands_passwdEnsure auditd Collects Information on the Use of Privileged Commands - passwd
audit_rules_privileged_commands_postdropEnsure auditd Collects Information on the Use of Privileged Commands - postdrop
audit_rules_privileged_commands_postqueueEnsure auditd Collects Information on the Use of Privileged Commands - postqueue
audit_rules_privileged_commands_pt_chownEnsure auditd Collects Information on the Use of Privileged Commands - pt_chown
audit_rules_privileged_commands_ssh_keysignEnsure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
audit_rules_privileged_commands_suEnsure auditd Collects Information on the Use of Privileged Commands - su
audit_rules_privileged_commands_sudoEnsure auditd Collects Information on the Use of Privileged Commands - sudo
audit_rules_privileged_commands_sudoeditEnsure auditd Collects Information on the Use of Privileged Commands - sudoedit
audit_rules_privileged_commands_umountEnsure auditd Collects Information on the Use of Privileged Commands - umount
audit_rules_privileged_commands_unix_chkpwdEnsure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
audit_rules_privileged_commands_userhelperEnsure auditd Collects Information on the Use of Privileged Commands - userhelper
audit_rules_privileged_commands_usernetctlEnsure auditd Collects Information on the Use of Privileged Commands - usernetctl
audit_rules_session_eventsRecord Attempts to Alter Process and Session Initiation Information
audit_rules_sysadmin_actionsEnsure auditd Collects System Administrator Actions
audit_rules_time_adjtimexRecord attempts to alter time through adjtimex
audit_rules_time_clock_settimeRecord Attempts to Alter Time Through clock_settime
audit_rules_time_settimeofdayRecord attempts to alter time through settimeofday
audit_rules_time_stimeRecord Attempts to Alter Time Through stime
audit_rules_time_watch_localtimeRecord Attempts to Alter the localtime File
audit_rules_unsuccessful_file_modificationEnsure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
audit_rules_unsuccessful_file_modification_chmodRecord Unsuccessul Permission Changes to Files - chmod
audit_rules_unsuccessful_file_modification_chownRecord Unsuccessul Ownership Changes to Files - chown
audit_rules_unsuccessful_file_modification_creatRecord Unsuccessful Access Attempts to Files - creat
audit_rules_unsuccessful_file_modification_fchmodRecord Unsuccessul Permission Changes to Files - fchmod
audit_rules_unsuccessful_file_modification_fchmodatRecord Unsuccessul Permission Changes to Files - fchmodat
audit_rules_unsuccessful_file_modification_fchownRecord Unsuccessul Ownership Changes to Files - fchown
audit_rules_unsuccessful_file_modification_fchownatRecord Unsuccessul Ownership Changes to Files - fchownat
audit_rules_unsuccessful_file_modification_fremovexattrRecord Unsuccessul Permission Changes to Files - fremovexattr
audit_rules_unsuccessful_file_modification_fsetxattrRecord Unsuccessul Permission Changes to Files - fsetxattr
audit_rules_unsuccessful_file_modification_ftruncateRecord Unsuccessful Access Attempts to Files - ftruncate
audit_rules_unsuccessful_file_modification_lchownRecord Unsuccessul Ownership Changes to Files - lchown
audit_rules_unsuccessful_file_modification_lremovexattrRecord Unsuccessul Permission Changes to Files - lremovexattr
audit_rules_unsuccessful_file_modification_lsetxattrRecord Unsuccessul Permission Changes to Files - lsetxattr
audit_rules_unsuccessful_file_modification_openRecord Unsuccessful Access Attempts to Files - open
audit_rules_unsuccessful_file_modification_open_by_handle_atRecord Unsuccessful Access Attempts to Files - open_by_handle_at
audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creatRecord Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_orderEnsure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
audit_rules_unsuccessful_file_modification_open_o_creatRecord Unsuccessful Creation Attempts to Files - open O_CREAT
audit_rules_unsuccessful_file_modification_open_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_open_rule_orderEnsure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
audit_rules_unsuccessful_file_modification_openatRecord Unsuccessful Access Attempts to Files - openat
audit_rules_unsuccessful_file_modification_openat_o_creatRecord Unsuccessful Creation Attempts to Files - openat O_CREAT
audit_rules_unsuccessful_file_modification_openat_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_openat_rule_orderEnsure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
audit_rules_unsuccessful_file_modification_removexattrRecord Unsuccessul Permission Changes to Files - removexattr
audit_rules_unsuccessful_file_modification_renameRecord Unsuccessul Delete Attempts to Files - rename
audit_rules_unsuccessful_file_modification_renameatRecord Unsuccessul Delete Attempts to Files - renameat
audit_rules_unsuccessful_file_modification_setxattrRecord Unsuccessul Permission Changes to Files - setxattr
audit_rules_unsuccessful_file_modification_truncateRecord Unsuccessful Access Attempts to Files - truncate
audit_rules_unsuccessful_file_modification_unlinkRecord Unsuccessul Delete Attempts to Files - unlink
audit_rules_unsuccessful_file_modification_unlinkatRecord Unsuccessul Delete Attempts to Files - unlinkat
audit_rules_usergroup_modificationRecord Events that Modify User/Group Information
audit_rules_usergroup_modification_groupRecord Events that Modify User/Group Information - /etc/group
audit_rules_usergroup_modification_gshadowRecord Events that Modify User/Group Information - /etc/gshadow
audit_rules_usergroup_modification_opasswdRecord Events that Modify User/Group Information - /etc/security/opasswd
audit_rules_usergroup_modification_passwdRecord Events that Modify User/Group Information - /etc/passwd
audit_rules_usergroup_modification_shadowRecord Events that Modify User/Group Information - /etc/shadow
directory_access_var_log_auditRecord Access Events to Audit Log Directory
service_auditd_enabledEnable auditd Service
account_disable_post_pw_expirationSet Account Expiration Following Inactivity
account_emergency_expire_dateAssign Expiration Date to Emergency Accounts
account_temp_expire_dateAssign Expiration Date to Temporary Accounts
accounts_logon_fail_delayEnsure the Logon Failure Delay is Set Correctly in login.defs
accounts_max_concurrent_login_sessionsLimit the Number of Concurrent Login Sessions Allowed Per User
accounts_maximum_age_login_defsSet Password Maximum Age
accounts_minimum_age_login_defsSet Password Minimum Age
accounts_password_all_shadowedVerify All Account Password Hashes are Shadowed
accounts_password_minlen_login_defsSet Password Minimum Length in login.defs
accounts_password_pam_dcreditEnsure PAM Enforces Password Requirements - Minimum Digit Characters
accounts_password_pam_dictcheckEnsure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words
accounts_password_pam_difokEnsure PAM Enforces Password Requirements - Minimum Different Characters
accounts_password_pam_enforce_rootEnsure PAM Enforces Password Requirements - Enforce for root User
accounts_password_pam_lcreditEnsure PAM Enforces Password Requirements - Minimum Lowercase Characters
accounts_password_pam_maxclassrepeatEnsure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class
accounts_password_pam_maxrepeatSet Password Maximum Consecutive Repeating Characters
accounts_password_pam_minclassEnsure PAM Enforces Password Requirements - Minimum Different Categories
accounts_password_pam_minlenEnsure PAM Enforces Password Requirements - Minimum Length
accounts_password_pam_ocreditEnsure PAM Enforces Password Requirements - Minimum Special Characters
accounts_password_pam_retryEnsure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session
accounts_password_pam_ucreditEnsure PAM Enforces Password Requirements - Minimum Uppercase Characters
accounts_password_set_max_life_existingSet Existing Passwords Maximum Age
accounts_password_set_min_life_existingSet Existing Passwords Minimum Age
accounts_password_warn_age_login_defsSet Password Warning Age
accounts_passwords_pam_faillock_denyLock Accounts After Failed Password Attempts
accounts_passwords_pam_faillock_deny_rootConfigure the root Account for Failed Password Attempts
accounts_passwords_pam_faillock_intervalSet Interval For Counting Failed Password Attempts
accounts_passwords_pam_faillock_unlock_timeSet Lockout Time for Failed Password Attempts
accounts_root_path_dirs_no_writeEnsure that Root's Path Does Not Include World or Group-Writable Directories
accounts_tmoutSet Interactive Session Timeout
accounts_umask_etc_bashrcEnsure the Default Bash Umask is Set Correctly
accounts_umask_etc_csh_cshrcEnsure the Default C Shell Umask is Set Correctly
accounts_umask_etc_login_defsEnsure the Default Umask is Set Correctly in login.defs
accounts_umask_etc_profileEnsure the Default Umask is Set Correctly in /etc/profile
aide_build_databaseBuild and Test AIDE Database
aide_periodic_cron_checkingConfigure Periodic Execution of AIDE
aide_scan_notificationConfigure Notification of Post-AIDE Scan Details
aide_use_fips_hashesConfigure AIDE to Use FIPS 140-2 for Validating Hashes
aide_verify_aclsConfigure AIDE to Verify Access Control Lists (ACLs)
aide_verify_ext_attributesConfigure AIDE to Verify Extended Attributes
audit_rules_dac_modification_chmodRecord Events that Modify the System's Discretionary Access Controls - chmod
audit_rules_dac_modification_chownRecord Events that Modify the System's Discretionary Access Controls - chown
audit_rules_dac_modification_fchmodRecord Events that Modify the System's Discretionary Access Controls - fchmod
audit_rules_dac_modification_fchmodatRecord Events that Modify the System's Discretionary Access Controls - fchmodat
audit_rules_dac_modification_fchownRecord Events that Modify the System's Discretionary Access Controls - fchown
audit_rules_dac_modification_fchownatRecord Events that Modify the System's Discretionary Access Controls - fchownat
audit_rules_dac_modification_fremovexattrRecord Events that Modify the System's Discretionary Access Controls - fremovexattr
audit_rules_dac_modification_fsetxattrRecord Events that Modify the System's Discretionary Access Controls - fsetxattr
audit_rules_dac_modification_lchownRecord Events that Modify the System's Discretionary Access Controls - lchown
audit_rules_dac_modification_lremovexattrRecord Events that Modify the System's Discretionary Access Controls - lremovexattr
audit_rules_dac_modification_lsetxattrRecord Events that Modify the System's Discretionary Access Controls - lsetxattr
audit_rules_dac_modification_removexattrRecord Events that Modify the System's Discretionary Access Controls - removexattr
audit_rules_dac_modification_setxattrRecord Events that Modify the System's Discretionary Access Controls - setxattr
audit_rules_etc_group_openRecord Events that Modify User/Group Information via open syscall - /etc/group
audit_rules_etc_group_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
audit_rules_etc_group_openatRecord Events that Modify User/Group Information via openat syscall - /etc/group
audit_rules_etc_gshadow_openRecord Events that Modify User/Group Information via open syscall - /etc/gshadow
audit_rules_etc_gshadow_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow
audit_rules_etc_gshadow_openatRecord Events that Modify User/Group Information via openat syscall - /etc/gshadow
audit_rules_etc_passwd_openRecord Events that Modify User/Group Information via open syscall - /etc/passwd
audit_rules_etc_passwd_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd
audit_rules_etc_passwd_openatRecord Events that Modify User/Group Information via openat syscall - /etc/passwd
audit_rules_etc_shadow_openRecord Events that Modify User/Group Information via open syscall - /etc/shadow
audit_rules_etc_shadow_open_by_handle_atRecord Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow
audit_rules_etc_shadow_openatRecord Events that Modify User/Group Information via openat syscall - /etc/shadow
audit_rules_execution_chconRecord Any Attempts to Run chcon
audit_rules_execution_restoreconRecord Any Attempts to Run restorecon
audit_rules_execution_semanageRecord Any Attempts to Run semanage
audit_rules_execution_setfilesRecord Any Attempts to Run setfiles
audit_rules_execution_setseboolRecord Any Attempts to Run setsebool
audit_rules_execution_seunshareRecord Any Attempts to Run seunshare
audit_rules_file_deletion_eventsEnsure auditd Collects File Deletion Events by User
audit_rules_file_deletion_events_renameEnsure auditd Collects File Deletion Events by User - rename
audit_rules_file_deletion_events_renameatEnsure auditd Collects File Deletion Events by User - renameat
audit_rules_file_deletion_events_rmdirEnsure auditd Collects File Deletion Events by User - rmdir
audit_rules_file_deletion_events_unlinkEnsure auditd Collects File Deletion Events by User - unlink
audit_rules_file_deletion_events_unlinkatEnsure auditd Collects File Deletion Events by User - unlinkat
audit_rules_immutableMake the auditd Configuration Immutable
audit_rules_kernel_module_loadingEnsure auditd Collects Information on Kernel Module Loading and Unloading
audit_rules_kernel_module_loading_deleteEnsure auditd Collects Information on Kernel Module Unloading - delete_module
audit_rules_kernel_module_loading_finitEnsure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
audit_rules_kernel_module_loading_initEnsure auditd Collects Information on Kernel Module Loading - init_module
audit_rules_login_eventsRecord Attempts to Alter Logon and Logout Events
audit_rules_login_events_faillockRecord Attempts to Alter Logon and Logout Events - faillock
audit_rules_login_events_lastlogRecord Attempts to Alter Logon and Logout Events - lastlog
audit_rules_login_events_tallylogRecord Attempts to Alter Logon and Logout Events - tallylog
audit_rules_mac_modificationRecord Events that Modify the System's Mandatory Access Controls
audit_rules_media_exportEnsure auditd Collects Information on Exporting to Media (successful)
audit_rules_networkconfig_modificationRecord Events that Modify the System's Network Environment
audit_rules_privileged_commandsEnsure auditd Collects Information on the Use of Privileged Commands
audit_rules_privileged_commands_atEnsure auditd Collects Information on the Use of Privileged Commands - at
audit_rules_privileged_commands_chageEnsure auditd Collects Information on the Use of Privileged Commands - chage
audit_rules_privileged_commands_chshEnsure auditd Collects Information on the Use of Privileged Commands - chsh
audit_rules_privileged_commands_crontabEnsure auditd Collects Information on the Use of Privileged Commands - crontab
audit_rules_privileged_commands_gpasswdEnsure auditd Collects Information on the Use of Privileged Commands - gpasswd
audit_rules_privileged_commands_mountEnsure auditd Collects Information on the Use of Privileged Commands - mount
audit_rules_privileged_commands_newgidmapEnsure auditd Collects Information on the Use of Privileged Commands - newgidmap
audit_rules_privileged_commands_newgrpEnsure auditd Collects Information on the Use of Privileged Commands - newgrp
audit_rules_privileged_commands_newuidmapEnsure auditd Collects Information on the Use of Privileged Commands - newuidmap
audit_rules_privileged_commands_pam_timestamp_checkEnsure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
audit_rules_privileged_commands_passwdEnsure auditd Collects Information on the Use of Privileged Commands - passwd
audit_rules_privileged_commands_postdropEnsure auditd Collects Information on the Use of Privileged Commands - postdrop
audit_rules_privileged_commands_postqueueEnsure auditd Collects Information on the Use of Privileged Commands - postqueue
audit_rules_privileged_commands_pt_chownEnsure auditd Collects Information on the Use of Privileged Commands - pt_chown
audit_rules_privileged_commands_ssh_keysignEnsure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
audit_rules_privileged_commands_suEnsure auditd Collects Information on the Use of Privileged Commands - su
audit_rules_privileged_commands_sudoEnsure auditd Collects Information on the Use of Privileged Commands - sudo
audit_rules_privileged_commands_sudoeditEnsure auditd Collects Information on the Use of Privileged Commands - sudoedit
audit_rules_privileged_commands_umountEnsure auditd Collects Information on the Use of Privileged Commands - umount
audit_rules_privileged_commands_unix_chkpwdEnsure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
audit_rules_privileged_commands_userhelperEnsure auditd Collects Information on the Use of Privileged Commands - userhelper
audit_rules_privileged_commands_usernetctlEnsure auditd Collects Information on the Use of Privileged Commands - usernetctl
audit_rules_session_eventsRecord Attempts to Alter Process and Session Initiation Information
audit_rules_sysadmin_actionsEnsure auditd Collects System Administrator Actions
audit_rules_system_shutdownShutdown System When Auditing Failures Occur
audit_rules_time_adjtimexRecord attempts to alter time through adjtimex
audit_rules_time_clock_settimeRecord Attempts to Alter Time Through clock_settime
audit_rules_time_settimeofdayRecord attempts to alter time through settimeofday
audit_rules_time_stimeRecord Attempts to Alter Time Through stime
audit_rules_time_watch_localtimeRecord Attempts to Alter the localtime File
audit_rules_unsuccessful_file_modificationEnsure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
audit_rules_unsuccessful_file_modification_chmodRecord Unsuccessul Permission Changes to Files - chmod
audit_rules_unsuccessful_file_modification_chownRecord Unsuccessul Ownership Changes to Files - chown
audit_rules_unsuccessful_file_modification_creatRecord Unsuccessful Access Attempts to Files - creat
audit_rules_unsuccessful_file_modification_fchmodRecord Unsuccessul Permission Changes to Files - fchmod
audit_rules_unsuccessful_file_modification_fchmodatRecord Unsuccessul Permission Changes to Files - fchmodat
audit_rules_unsuccessful_file_modification_fchownRecord Unsuccessul Ownership Changes to Files - fchown
audit_rules_unsuccessful_file_modification_fchownatRecord Unsuccessul Ownership Changes to Files - fchownat
audit_rules_unsuccessful_file_modification_fremovexattrRecord Unsuccessul Permission Changes to Files - fremovexattr
audit_rules_unsuccessful_file_modification_fsetxattrRecord Unsuccessul Permission Changes to Files - fsetxattr
audit_rules_unsuccessful_file_modification_ftruncateRecord Unsuccessful Access Attempts to Files - ftruncate
audit_rules_unsuccessful_file_modification_lchownRecord Unsuccessul Ownership Changes to Files - lchown
audit_rules_unsuccessful_file_modification_lremovexattrRecord Unsuccessul Permission Changes to Files - lremovexattr
audit_rules_unsuccessful_file_modification_lsetxattrRecord Unsuccessul Permission Changes to Files - lsetxattr
audit_rules_unsuccessful_file_modification_openRecord Unsuccessful Access Attempts to Files - open
audit_rules_unsuccessful_file_modification_open_by_handle_atRecord Unsuccessful Access Attempts to Files - open_by_handle_at
audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creatRecord Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_orderEnsure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
audit_rules_unsuccessful_file_modification_open_o_creatRecord Unsuccessful Creation Attempts to Files - open O_CREAT
audit_rules_unsuccessful_file_modification_open_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_open_rule_orderEnsure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
audit_rules_unsuccessful_file_modification_openatRecord Unsuccessful Access Attempts to Files - openat
audit_rules_unsuccessful_file_modification_openat_o_creatRecord Unsuccessful Creation Attempts to Files - openat O_CREAT
audit_rules_unsuccessful_file_modification_openat_o_trunc_writeRecord Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
audit_rules_unsuccessful_file_modification_openat_rule_orderEnsure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
audit_rules_unsuccessful_file_modification_removexattrRecord Unsuccessul Permission Changes to Files - removexattr
audit_rules_unsuccessful_file_modification_renameRecord Unsuccessul Delete Attempts to Files - rename
audit_rules_unsuccessful_file_modification_renameatRecord Unsuccessul Delete Attempts to Files - renameat
audit_rules_unsuccessful_file_modification_setxattrRecord Unsuccessul Permission Changes to Files - setxattr
audit_rules_unsuccessful_file_modification_truncateRecord Unsuccessful Access Attempts to Files - truncate
audit_rules_unsuccessful_file_modification_unlinkRecord Unsuccessul Delete Attempts to Files - unlink
audit_rules_unsuccessful_file_modification_unlinkatRecord Unsuccessul Delete Attempts to Files - unlinkat
audit_rules_usergroup_modificationRecord Events that Modify User/Group Information
audit_rules_usergroup_modification_groupRecord Events that Modify User/Group Information - /etc/group
audit_rules_usergroup_modification_gshadowRecord Events that Modify User/Group Information - /etc/gshadow
audit_rules_usergroup_modification_opasswdRecord Events that Modify User/Group Information - /etc/security/opasswd
audit_rules_usergroup_modification_passwdRecord Events that Modify User/Group Information - /etc/passwd
audit_rules_usergroup_modification_shadowRecord Events that Modify User/Group Information - /etc/shadow
auditd_audispd_disk_full_actionConfigure audispd's Plugin disk_full_action When Disk Is Full
auditd_audispd_encrypt_sent_recordsEncrypt Audit Records Sent With audispd Plugin
auditd_audispd_network_failure_actionConfigure audispd's Plugin network_failure_action On Network Failure
auditd_audispd_syslog_plugin_activatedConfigure auditd to use audispd's syslog plugin
auditd_data_disk_error_actionConfigure auditd Disk Error Action on Disk Error
auditd_data_disk_full_actionConfigure auditd Disk Full Action when Disk Space Is Full
auditd_data_retention_action_mail_acctConfigure auditd mail_acct Action on Low Disk Space
auditd_data_retention_admin_space_left_actionConfigure auditd admin_space_left Action on Low Disk Space
auditd_data_retention_flushConfigure auditd flush priority
auditd_data_retention_max_log_fileConfigure auditd Max Log File Size
auditd_data_retention_max_log_file_actionConfigure auditd max_log_file_action Upon Reaching Maximum Log Size
auditd_data_retention_num_logsConfigure auditd Number of Logs Retained
auditd_data_retention_space_leftConfigure auditd space_left on Low Disk Space
auditd_data_retention_space_left_actionConfigure auditd space_left Action on Low Disk Space
auditd_data_retention_space_left_percentageConfigure auditd space_left on Low Disk Space
avahi_check_ttlCheck Avahi Responses' TTL Field
avahi_disable_publishingDisable Avahi Publishing
avahi_ip_onlyServe Avahi Only via Required Protocol
avahi_prevent_port_sharingPrevent Other Programs from Using Avahi's Port
avahi_restrict_published_informationRestrict Information Published by Avahi
bios_disable_usb_bootDisable Booting from USB Devices in Boot Firmware
bios_enable_execution_restrictionsEnable NX or XD Support in the BIOS
chronyd_or_ntpd_set_maxpollConfigure Time Service Maxpoll Interval
chronyd_or_ntpd_specify_multiple_serversSpecify Additional Remote NTP Servers
chronyd_or_ntpd_specify_remote_serverSpecify a Remote NTP Server
chronyd_specify_remote_serverA remote time server for Chrony is configured
clean_components_post_updatingEnsure yum Removes Previous Package Versions
configure_crypto_policyConfigure System Cryptography Policy
configure_firewalld_portsConfigure the Firewalld Ports
configure_libreswan_crypto_policyConfigure Libreswan to use System Crypto Policy
configure_opensc_card_driversConfigure opensc Smart Card Drivers
configure_openssl_crypto_policyConfigure OpenSSL library to use System Crypto Policy
configure_ssh_crypto_policyConfigure SSH to use System Crypto Policy
configure_tmux_lock_commandConfigure the tmux Lock Command
cups_disable_browsingDisable Printer Browsing Entirely if Possible
cups_disable_printserverDisable Print Server Capabilities
dconf_gnome_disable_automountDisable GNOME3 Automounting
dconf_gnome_disable_automount_openDisable GNOME3 Automount Opening
dconf_gnome_disable_autorunDisable GNOME3 Automount running
dconf_gnome_disable_ctrlaltdel_rebootDisable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
dconf_gnome_disable_restart_shutdownDisable the GNOME3 Login Restart and Shutdown Buttons
dconf_gnome_disable_thumbnailersDisable All GNOME3 Thumbnailers
dconf_gnome_disable_user_listDisable the GNOME3 Login User List
dconf_gnome_remote_access_encryptionRequire Encryption for Remote Access in GNOME3
dconf_gnome_screensaver_idle_activation_enabledEnable GNOME3 Screensaver Idle Activation
dconf_gnome_screensaver_idle_activation_lockedEnsure Users Cannot Change GNOME3 Screensaver Idle Activation
dconf_gnome_screensaver_idle_delaySet GNOME3 Screensaver Inactivity Timeout
dconf_gnome_screensaver_lock_delaySet GNOME3 Screensaver Lock Delay After Activation Period
dconf_gnome_screensaver_lock_enabledEnable GNOME3 Screensaver Lock After Idle Period
dconf_gnome_screensaver_lock_lockedEnsure Users Cannot Change GNOME3 Screensaver Lock After Idle Period
dconf_gnome_screensaver_mode_blankImplement Blank Screensaver
dconf_gnome_screensaver_user_locksEnsure Users Cannot Change GNOME3 Screensaver Settings
dconf_gnome_session_idle_user_locksEnsure Users Cannot Change GNOME3 Session Idle Settings
dhcp_server_configure_loggingConfigure Logging
dhcp_server_deny_bootpDeny BOOTP Queries
dhcp_server_deny_declineDeny Decline Messages
dhcp_server_disable_ddnsDo Not Use Dynamic DNS
dhcp_server_minimize_served_infoMinimize Served Information
dir_perms_var_log_httpdSet Permissions on the /var/log/httpd/ Directory
dir_perms_world_writable_sticky_bitsVerify that All World-Writable Directories Have Sticky Bits Set
dir_perms_world_writable_system_ownedEnsure All World-Writable Directories Are Owned by a System Account
dir_perms_world_writable_system_owned_groupEnsure All World-Writable Directories Are Group Owned by a System Account
directory_access_var_log_auditRecord Access Events to Audit Log Directory
directory_group_ownership_var_log_auditSystem Audit Directories Must Be Group Owned By Root
directory_ownership_var_log_auditSystem Audit Directories Must Be Owned By Root
directory_permissions_var_log_auditSystem Audit Logs Must Have Mode 0750 or Less Permissive
disable_anacronDisable anacron Service
disable_ctrlaltdel_burstactionDisable Ctrl-Alt-Del Burst Action
disable_ctrlaltdel_rebootDisable Ctrl-Alt-Del Reboot Activation
disable_host_authDisable Host-Based Authentication
display_login_attemptsEnsure PAM Displays Last Logon/Access Notification
dnf-automatic_apply_updatesConfigure dnf-automatic to Install Available Updates Automatically
dnf-automatic_security_updates_onlyConfigure dnf-automatic to Install Only Security Updates
dns_server_authenticate_zone_transfersAuthenticate Zone Transfers
enable_dracut_fips_moduleEnable Dracut FIPS Module
enable_fips_modeEnable FIPS Mode
enable_ldap_clientEnable the LDAP Client For Use in Authconfig
encrypt_partitionsEncrypt Partitions
ensure_gpgcheck_globally_activatedEnsure gpgcheck Enabled In Main yum Configuration
ensure_gpgcheck_local_packagesEnsure gpgcheck Enabled for Local Packages
ensure_gpgcheck_never_disabledEnsure gpgcheck Enabled for All yum Package Repositories
ensure_gpgcheck_repo_metadataEnsure gpgcheck Enabled for Repository Metadata
ensure_logrotate_activatedEnsure Logrotate Runs Periodically
ensure_redhat_gpgkey_installedEnsure Red Hat GPG Key Installed
etc_system_fips_existsEnsure '/etc/system-fips' exists
file_group_ownership_var_log_auditSystem Audit Logs Must Be Group Owned By Root
file_groupowner_cron_allowVerify Group Who Owns /etc/cron.allow file
file_groupowner_cron_dVerify Group Who Owns cron.d
file_groupowner_cron_dailyVerify Group Who Owns cron.daily
file_groupowner_cron_hourlyVerify Group Who Owns cron.hourly
file_groupowner_cron_monthlyVerify Group Who Owns cron.monthly
file_groupowner_cron_weeklyVerify Group Who Owns cron.weekly
file_groupowner_crontabVerify Group Who Owns Crontab
file_groupowner_efi_grub2_cfgVerify the UEFI Boot Loader grub.cfg Group Ownership
file_groupowner_etc_groupVerify Group Who Owns group File
file_groupowner_etc_gshadowVerify Group Who Owns gshadow File
file_groupowner_etc_passwdVerify Group Who Owns passwd File
file_groupowner_etc_shadowVerify Group Who Owns shadow File
file_groupowner_grub2_cfgVerify /boot/grub2/grub.cfg Group Ownership
file_groupowner_sshd_configVerify Group Who Owns SSH Server config file
file_owner_cron_allowVerify User Who Owns /etc/cron.allow file
file_owner_cron_dVerify Owner on cron.d
file_owner_cron_dailyVerify Owner on cron.daily
file_owner_cron_hourlyVerify Owner on cron.hourly
file_owner_cron_monthlyVerify Owner on cron.monthly
file_owner_cron_weeklyVerify Owner on cron.weekly
file_owner_crontabVerify Owner on crontab
file_owner_efi_grub2_cfgVerify the UEFI Boot Loader grub.cfg User Ownership
file_owner_etc_groupVerify User Who Owns group File
file_owner_etc_gshadowVerify User Who Owns gshadow File
file_owner_etc_passwdVerify User Who Owns passwd File
file_owner_etc_shadowVerify User Who Owns shadow File
file_owner_grub2_cfgVerify /boot/grub2/grub.cfg User Ownership
file_owner_sshd_configVerify Owner on SSH Server config file
file_ownership_binary_dirsVerify that System Executables Have Root Ownership
file_ownership_library_dirsVerify that Shared Library Files Have Root Ownership
file_ownership_var_log_auditSystem Audit Logs Must Be Owned By Root
file_ownership_var_log_audit_stigSystem Audit Logs Must Be Owned By Root
file_permissions_binary_dirsVerify that System Executables Have Restrictive Permissions
file_permissions_cron_dVerify Permissions on cron.d
file_permissions_cron_dailyVerify Permissions on cron.daily
file_permissions_cron_hourlyVerify Permissions on cron.hourly
file_permissions_cron_monthlyVerify Permissions on cron.monthly
file_permissions_cron_weeklyVerify Permissions on cron.weekly
file_permissions_crontabVerify Permissions on crontab
file_permissions_efi_grub2_cfgVerify the UEFI Boot Loader grub.cfg Permissions
file_permissions_etc_groupVerify Permissions on group File
file_permissions_etc_gshadowVerify Permissions on gshadow File
file_permissions_etc_passwdVerify Permissions on passwd File
file_permissions_etc_shadowVerify Permissions on shadow File
file_permissions_grub2_cfgVerify /boot/grub2/grub.cfg Permissions
file_permissions_home_dirsEnsure that User Home Directories are not Group-Writable or World-Readable
file_permissions_httpd_server_conf_d_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf.d/
file_permissions_httpd_server_conf_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf/
file_permissions_httpd_server_modules_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/
file_permissions_library_dirsVerify that Shared Library Files Have Restrictive Permissions
file_permissions_sshd_configVerify Permissions on SSH Server config file
file_permissions_sshd_private_keyVerify Permissions on SSH Server Private *_key Key Files
file_permissions_sshd_pub_keyVerify Permissions on SSH Server Public *.pub Key Files
file_permissions_unauthorized_sgidEnsure All SGID Executables Are Authorized
file_permissions_unauthorized_suidEnsure All SUID Executables Are Authorized
file_permissions_unauthorized_world_writableEnsure No World-Writable Files Exist
file_permissions_ungroupownedEnsure All Files Are Owned by a Group
file_permissions_var_log_auditSystem Audit Logs Must Have Mode 0640 or Less Permissive
force_opensc_card_driversForce opensc To Use Defined Smart Card Driver
ftp_restrict_to_anonRestrict Access to Anonymous Users if Possible
gid_passwd_group_sameAll GIDs referenced in /etc/passwd must be defined in /etc/group
gnome_gdm_disable_automatic_loginDisable GDM Automatic Login
gnome_gdm_disable_guest_loginDisable GDM Guest Login
grub2_admin_usernameSet the Boot Loader Admin Username to a Non-Default Value
grub2_audit_argumentEnable Auditing for Processes Which Start Prior to the Audit Daemon
grub2_audit_backlog_limit_argumentExtend Audit Backlog Limit for the Audit Daemon
grub2_disable_interactive_bootVerify that Interactive Boot is Disabled
grub2_nousb_argumentDisable Kernel Support for USB via Bootloader Configuration
grub2_page_poison_argumentEnable page allocator poisoning
grub2_passwordSet Boot Loader Password in grub2
grub2_slub_debug_argumentEnable SLUB/SLAB allocator poisoning
grub2_uefi_admin_usernameSet the UEFI Boot Loader Admin Username to a Non-Default Value
grub2_uefi_passwordSet the UEFI Boot Loader Password
harden_ssh_client_crypto_policyHarden SSH client Crypto Policy
harden_sshd_crypto_policyHarden SSHD Crypto Policy
httpd_serversignature_offSet httpd ServerSignature Directive to Off
httpd_servertokens_prodSet httpd ServerTokens Directive to Prod
install_PAE_kernel_on_x86-32Install PAE Kernel on Supported 32-bit x86 Systems
install_antivirusInstall Virus Scanning Software
install_hidsInstall Intrusion Detection Software
install_mcafee_antivirusInstall McAfee Virus Scanning Software
install_mcafee_hbss_accmInstall the Asset Configuration Compliance Module (ACCM)
install_mcafee_hbss_paInstall the Policy Auditor (PA) Module
install_smartcard_packagesInstall Smart Card Packages For Multifactor Authentication
installed_OS_is_FIPS_certifiedThe Installed Operating System Is FIPS 140-2 Certified
installed_OS_is_vendor_supportedThe Installed Operating System Is Vendor Supported
kernel_module_bluetooth_disabledDisable Bluetooth Kernel Module
kernel_module_cramfs_disabledDisable Mounting of cramfs
kernel_module_dccp_disabledDisable DCCP Support
kernel_module_freevxfs_disabledDisable Mounting of freevxfs
kernel_module_hfs_disabledDisable Mounting of hfs
kernel_module_hfsplus_disabledDisable Mounting of hfsplus
kernel_module_ipv6_option_disabledDisable IPv6 Networking Support Automatic Loading
kernel_module_jffs2_disabledDisable Mounting of jffs2
kernel_module_rds_disabledDisable RDS Support
kernel_module_sctp_disabledDisable SCTP Support
kernel_module_squashfs_disabledDisable Mounting of squashfs
kernel_module_tipc_disabledDisable TIPC Support
kernel_module_udf_disabledDisable Mounting of udf
kernel_module_usb-storage_disabledDisable Modprobe Loading of USB Storage Driver
kernel_module_vfat_disabledDisable Mounting of vFAT filesystems
ldap_client_start_tlsConfigure LDAP Client to Use TLS For All Transactions
ldap_client_tls_cacertpathConfigure Certificate Directives for LDAP Use of TLS
libreswan_approved_tunnelsVerify Any Configured IPSec Tunnel Connections
mcafee_antivirus_definitions_updatedVirus Scanning Software Definitions Are Updated
mount_option_boot_nodevAdd nodev Option to /boot
mount_option_boot_nosuidAdd nosuid Option to /boot
mount_option_dev_shm_nodevAdd nodev Option to /dev/shm
mount_option_dev_shm_noexecAdd noexec Option to /dev/shm
mount_option_dev_shm_nosuidAdd nosuid Option to /dev/shm
mount_option_home_nosuidAdd nosuid Option to /home
mount_option_krb_sec_remote_filesystemsMount Remote Filesystems with Kerberos Security
mount_option_nodev_nonroot_local_partitionsAdd nodev Option to Non-Root Local Partitions
mount_option_nodev_remote_filesystemsMount Remote Filesystems with nodev
mount_option_nodev_removable_partitionsAdd nodev Option to Removable Media Partitions
mount_option_noexec_remote_filesystemsMount Remote Filesystems with noexec
mount_option_noexec_removable_partitionsAdd noexec Option to Removable Media Partitions
mount_option_nosuid_removable_partitionsAdd nosuid Option to Removable Media Partitions
mount_option_tmp_nodevAdd nodev Option to /tmp
mount_option_tmp_noexecAdd noexec Option to /tmp
mount_option_tmp_nosuidAdd nosuid Option to /tmp
mount_option_var_log_audit_nodevAdd nodev Option to /var/log/audit
mount_option_var_log_audit_noexecAdd noexec Option to /var/log/audit
mount_option_var_log_audit_nosuidAdd nosuid Option to /var/log/audit
mount_option_var_log_nodevAdd nodev Option to /var/log
mount_option_var_log_noexecAdd noexec Option to /var/log
mount_option_var_log_nosuidAdd nosuid Option to /var/log
mount_option_var_nodevAdd nodev Option to /var
mount_option_var_tmp_bindBind Mount /var/tmp To /tmp
network_configure_name_resolutionConfigure Multiple DNS Servers in /etc/resolv.conf
network_disable_ddns_interfacesDisable Client Dynamic DNS Updates
network_disable_zeroconfDisable Zeroconf Networking
network_ipv6_disable_rpcDisable Support for RPC IPv6
network_nmcli_permissionsPrevent non-Privileged Users from Modifying Network Interfaces using nmcli
network_sniffer_disabledEnsure System is Not Acting as a Network Sniffer
no_direct_root_loginsDirect root Logins Not Allowed
no_empty_passwordsPrevent Login to Accounts With Empty Password
no_files_unowned_by_userEnsure All Files Are Owned by a User
no_netrc_filesVerify No netrc Files Exist
no_password_auth_for_systemaccountsEnsure that System Accounts Are Locked
no_rsh_trust_filesRemove Rsh Trust Files
no_shelllogin_for_systemaccountsEnsure that System Accounts Do Not Run a Shell Upon Login
ntpd_specify_multiple_serversSpecify Additional Remote NTP Servers
ntpd_specify_remote_serverSpecify a Remote NTP Server
package_MFEhiplsm_installedInstall the Host Intrusion Prevention System (HIPS) Module
package_aide_installedInstall AIDE
package_audit_installedEnsure the audit Subsystem is Installed
package_bind_removedUninstall bind Package
package_cron_installedInstall the cron service
package_dhcp_removedUninstall DHCP Server Package
package_fapolicyd_installedInstall fapolicyd Package
package_firewalld_installedInstall firewalld Package
package_gdm_removedRemove the GDM Package Group
package_httpd_removedUninstall httpd Package
package_inetutils-telnetd_removedUninstall the inet-based telnet server
package_iptables_installedInstall iptables Package
package_libreswan_installedInstall libreswan Package
package_ntp_installedInstall the ntp service
package_openldap-servers_removedUninstall openldap-servers Package
package_opensc_installedInstall the opensc Package For Multifactor Authentication
package_openssh-server_installedInstall the OpenSSH Server Package
package_pcsc-lite_installedInstall the pcsc-lite package
package_psacct_installedInstall the psacct package
package_quagga_removedUninstall quagga Package
package_rsh-server_removedUninstall rsh-server Package
package_rsyslog_installedEnsure rsyslog is Installed
package_sendmail_removedUninstall Sendmail Package
package_sssd_installedInstall the SSSD Package
package_sudo_installedInstall sudo Package
package_syslogng_installedEnsure syslog-ng is Installed
package_telnet-server_removedUninstall telnet-server Package
package_telnetd-ssl_removedUninstall the ssl compliant telnet server
package_telnetd_removedUninstall the telnet server
package_tftp-server_removedUninstall tftp-server Package
package_tmux_installedInstall the tmux Package
package_vsftpd_installedInstall vsftpd Package
package_vsftpd_removedUninstall vsftpd Package
package_xinetd_removedUninstall xinetd Package
package_xorg-x11-server-common_removedRemove the X Windows Package Group
package_ypserv_removedUninstall ypserv Package
partition_for_homeEnsure /home Located On Separate Partition
partition_for_tmpEnsure /tmp Located On Separate Partition
partition_for_varEnsure /var Located On Separate Partition
partition_for_var_logEnsure /var/log Located On Separate Partition
partition_for_var_log_auditEnsure /var/log/audit Located On Separate Partition
postfix_client_configure_mail_aliasConfigure System to Forward All Mail For The Root Account
postfix_network_listening_disabledDisable Postfix Network Listening
require_emergency_target_authRequire Authentication for Emergency Systemd Target
require_singleuser_authRequire Authentication for Single User Mode
restrict_nfs_clients_to_privileged_portsRestrict NFS Clients to Privileged Ports
restrict_serial_port_loginsRestrict Serial Port Root Logins
root_path_defaultRoot Path Must Be Vendor Default
root_path_no_dotEnsure that Root's Path Does Not Include Relative Paths or Null Directories
rpm_verify_permissionsVerify and Correct File Permissions with RPM
rsyslog_accept_remote_messages_tcpEnable rsyslog to Accept Messages via TCP, if Acting As Log Server
rsyslog_accept_remote_messages_udpEnable rsyslog to Accept Messages via UDP, if Acting As Log Server
rsyslog_cron_loggingEnsure cron Is Logging To Rsyslog
rsyslog_files_groupownershipEnsure Log Files Are Owned By Appropriate Group
rsyslog_files_ownershipEnsure Log Files Are Owned By Appropriate User
rsyslog_files_permissionsEnsure System Log Files Have Correct Permissions
rsyslog_nolistenEnsure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
rsyslog_remote_loghostEnsure Logs Sent To Remote Host
rsyslog_remote_tlsConfigure TLS for rsyslog remote logging
sebool_fips_modeEnable the fips_mode SELinux Boolean
securetty_root_login_console_onlyRestrict Virtual Console Root Logins
security_patches_up_to_dateEnsure Software Patches Installed
selinux_all_devicefiles_labeledEnsure No Device Files are Unlabeled by SELinux
selinux_confinement_of_daemonsEnsure No Daemons are Unconfined by SELinux
service_abrtd_disabledDisable Automatic Bug Reporting Tool (abrtd)
service_acpid_disabledDisable Advanced Configuration and Power Interface (acpid)
service_atd_disabledDisable At Service (atd)
service_auditd_enabledEnable auditd Service
service_autofs_disabledDisable the Automounter
service_avahi-daemon_disabledDisable Avahi Server Software
service_bluetooth_disabledDisable Bluetooth Service
service_certmonger_disabledDisable Certmonger Service (certmonger)
service_chronyd_or_ntpd_enabledEnable the NTP Daemon
service_cpupower_disabledDisable CPU Speed (cpupower)
service_cron_enabledEnable cron Service
service_crond_enabledEnable cron Service
service_cups_disabledDisable the CUPS Service
service_dhcpd_disabledDisable DHCP Service
service_fapolicyd_enabledEnable the File Access Policy Service
service_firewalld_enabledVerify firewalld Enabled
service_httpd_disabledDisable httpd Service
service_ip6tables_enabledVerify ip6tables Enabled if Using IPv6
service_iptables_enabledVerify iptables Enabled
service_kdump_disabledDisable KDump Kernel Crash Analyzer (kdump)
service_mdmonitor_disabledDisable Software RAID Monitor (mdmonitor)
service_nails_enabledEnable nails Service
service_named_disabledDisable named Service
service_netconsole_disabledDisable Network Console (netconsole)
service_nfs_disabledDisable Network File System (nfs)
service_ntp_enabledEnable the NTP Daemon
service_ntpd_enabledEnable the NTP Daemon
service_ntpdate_disabledDisable ntpdate Service (ntpdate)
service_oddjobd_disabledDisable Odd Job Daemon (oddjobd)
service_pcscd_enabledEnable the pcscd Service
service_portreserve_disabledDisable Portreserve (portreserve)
service_psacct_enabledEnable Process Accounting (psacct)
service_qpidd_disabledDisable Apache Qpid (qpidd)
service_quota_nld_disabledDisable Quota Netlink (quota_nld)
service_rdisc_disabledDisable Network Router Discovery Daemon (rdisc)
service_rexec_disabledDisable rexec Service
service_rhnsd_disabledDisable Red Hat Network Service (rhnsd)
service_rhsmcertd_disabledDisable Red Hat Subscription Manager Daemon (rhsmcertd)
service_rlogin_disabledDisable rlogin Service
service_rsh_disabledDisable rsh Service
service_rsyslog_enabledEnable rsyslog Service
service_saslauthd_disabledDisable Cyrus SASL Authentication Daemon (saslauthd)
service_sshd_enabledEnable the OpenSSH Service
service_sssd_enabledEnable the SSSD Service
service_syslogng_enabledEnable syslog-ng Service
service_sysstat_disabledDisable System Statistics Reset Service (sysstat)
service_telnet_disabledDisable telnet Service
service_tftp_disabledDisable tftp Service
service_vsftpd_disabledDisable vsftpd Service
service_xinetd_disabledDisable xinetd Service
service_ypbind_disabledDisable ypbind Service
service_zebra_disabledDisable Quagga Service
set_firewalld_default_zoneSet Default firewalld Zone for Incoming Packets
set_ip6tables_default_ruleSet Default ip6tables Policy for Incoming Packets
set_iptables_default_ruleSet Default iptables Policy for Incoming Packets
set_iptables_default_rule_forwardSet Default iptables Policy for Forwarded Packets
set_password_hashing_algorithm_libuserconfSet Password Hashing Algorithm in /etc/libuser.conf
set_password_hashing_algorithm_logindefsSet Password Hashing Algorithm in /etc/login.defs
set_password_hashing_algorithm_systemauthSet PAM's Password Hashing Algorithm
sshd_allow_only_protocol2Allow Only SSH Protocol 2
sshd_disable_compressionDisable Compression Or Set Compression to delayed
sshd_disable_empty_passwordsDisable SSH Access via Empty Passwords
sshd_disable_gssapi_authDisable GSSAPI Authentication
sshd_disable_kerb_authDisable Kerberos Authentication
sshd_disable_rhostsDisable SSH Support for .rhosts Files
sshd_disable_rhosts_rsaDisable SSH Support for Rhosts RSA Authentication
sshd_disable_root_loginDisable SSH Root Login
sshd_disable_user_known_hostsDisable SSH Support for User Known Hosts
sshd_do_not_permit_user_envDo Not Allow SSH Environment Options
sshd_enable_strictmodesEnable Use of Strict Mode Checking
sshd_enable_warning_bannerEnable SSH Warning Banner
sshd_enable_warning_banner_netEnable SSH Warning Banner
sshd_enable_x11_forwardingEnable Encrypted X11 Forwarding
sshd_limit_user_accessLimit Users' SSH Access
sshd_print_last_logEnable SSH Print Last Log
sshd_set_idle_timeoutSet SSH Idle Timeout Interval
sshd_set_keepaliveSet SSH Client Alive Count Max
sshd_set_keepalive_0Set SSH Client Alive Count Max to zero
sshd_set_loglevel_infoSet LogLevel to INFO
sshd_set_loglevel_verboseSet SSH Daemon LogLevel to VERBOSE
sshd_use_approved_ciphersUse Only FIPS 140-2 Validated Ciphers
sshd_use_approved_macsUse Only FIPS 140-2 Validated MACs
sshd_use_priv_separationEnable Use of Privilege Separation
sssd_enable_pam_servicesConfigure PAM in SSSD Services
sssd_ldap_configure_tls_caConfigure SSSD LDAP Backend Client CA Certificate
sssd_ldap_configure_tls_ca_dirConfigure SSSD LDAP Backend Client CA Certificate Location
sssd_ldap_configure_tls_reqcertConfigure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server
sssd_ldap_start_tlsConfigure SSSD LDAP Backend to Use TLS For All Transactions
sssd_memcache_timeoutConfigure SSSD's Memory Cache to Expire
sssd_offline_cred_expirationConfigure SSSD to Expire Offline Credentials
sssd_ssh_known_hosts_timeoutConfigure SSSD to Expire SSH Known Hosts
sudo_remove_no_authenticateEnsure Users Re-Authenticate for Privilege Escalation - sudo !authenticate
sudo_remove_nopasswdEnsure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD
sudo_require_authenticationEnsure Users Re-Authenticate for Privilege Escalation - sudo
sysconfig_networking_bootproto_ifcfgDisable DHCP Client in ifcfg
sysctl_crypto_fips_enabledSet kernel parameter 'crypto.fips_enabled' to 1
sysctl_fs_protected_hardlinksEnable Kernel Parameter to Enforce DAC on Hardlinks
sysctl_fs_protected_symlinksEnable Kernel Parameter to Enforce DAC on Symlinks
sysctl_kernel_exec_shieldEnable ExecShield via sysctl
sysctl_kernel_kptr_restrictRestrict Exposed Kernel Pointer Addresses Access
sysctl_kernel_randomize_va_spaceEnable Randomized Layout of Virtual Address Space
sysctl_net_ipv4_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv4 Interfaces
sysctl_net_ipv4_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_secure_redirectsDisable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
sysctl_net_ipv4_conf_default_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
sysctl_net_ipv4_ip_forwardDisable Kernel Parameter for IP Forwarding on IPv4 Interfaces
sysctl_net_ipv4_tcp_syncookiesEnable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces
sysctl_net_ipv6_conf_all_accept_raConfigure Accepting Router Advertisements on All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces
sysctl_net_ipv6_conf_all_disable_ipv6Disable IPv6 Addressing on All IPv6 Interfaces
sysctl_net_ipv6_conf_all_forwardingDisable Kernel Parameter for IPv6 Forwarding
sysctl_net_ipv6_conf_default_accept_raDisable Accepting Router Advertisements on all IPv6 Interfaces by Default
sysctl_net_ipv6_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
sysctl_net_ipv6_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
sysctl_net_ipv6_conf_default_disable_ipv6Disable IPv6 Addressing on IPv6 Interfaces by Default
sysctl_user_max_user_namespacesDisable the use of user namespaces
timer_dnf-automatic_enabledEnable dnf-automatic Timer
umask_for_daemonsSet Daemon Umask
use_kerberos_security_all_exportsUse Kerberos Security on All Exports
wireless_disable_in_biosDisable WiFi or Bluetooth in BIOS
wireless_disable_interfacesDeactivate Wireless Network Interfaces
xwindows_runlevel_targetDisable X Windows Startup By Setting Default Target
avahi_disable_publishingDisable Avahi Publishing
avahi_prevent_port_sharingPrevent Other Programs from Using Avahi's Port
avahi_restrict_published_informationRestrict Information Published by Avahi
cups_disable_browsingDisable Printer Browsing Entirely if Possible
cups_disable_printserverDisable Print Server Capabilities
dconf_gnome_disable_automountDisable GNOME3 Automounting
dconf_gnome_disable_automount_openDisable GNOME3 Automount Opening
dconf_gnome_disable_autorunDisable GNOME3 Automount running
dconf_gnome_disable_thumbnailersDisable All GNOME3 Thumbnailers
dhcp_server_deny_bootpDeny BOOTP Queries
dhcp_server_deny_declineDeny Decline Messages
dhcp_server_disable_ddnsDo Not Use Dynamic DNS
dhcp_server_minimize_served_infoMinimize Served Information
dir_perms_var_log_httpdSet Permissions on the /var/log/httpd/ Directory
disable_anacronDisable anacron Service
disable_host_authDisable Host-Based Authentication
dns_server_authenticate_zone_transfersAuthenticate Zone Transfers
file_permissions_httpd_server_conf_d_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf.d/
file_permissions_httpd_server_conf_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf/
file_permissions_httpd_server_modules_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/
firewalld_sshd_port_enabledEnable SSH Server firewalld Firewall Exception
ftp_restrict_to_anonRestrict Access to Anonymous Users if Possible
gnome_gdm_disable_guest_loginDisable GDM Guest Login
grub2_vsyscall_argumentDisable vsyscalls
httpd_serversignature_offSet httpd ServerSignature Directive to Off
httpd_servertokens_prodSet httpd ServerTokens Directive to Prod
kernel_module_bluetooth_disabledDisable Bluetooth Kernel Module
kernel_module_cramfs_disabledDisable Mounting of cramfs
kernel_module_dccp_disabledDisable DCCP Support
kernel_module_freevxfs_disabledDisable Mounting of freevxfs
kernel_module_hfs_disabledDisable Mounting of hfs
kernel_module_hfsplus_disabledDisable Mounting of hfsplus
kernel_module_ipv6_option_disabledDisable IPv6 Networking Support Automatic Loading
kernel_module_jffs2_disabledDisable Mounting of jffs2
kernel_module_rds_disabledDisable RDS Support
kernel_module_sctp_disabledDisable SCTP Support
kernel_module_squashfs_disabledDisable Mounting of squashfs
kernel_module_tipc_disabledDisable TIPC Support
kernel_module_udf_disabledDisable Mounting of udf
kernel_module_usb-storage_disabledDisable Modprobe Loading of USB Storage Driver
kernel_module_vfat_disabledDisable Mounting of vFAT filesystems
mount_option_boot_nodevAdd nodev Option to /boot
mount_option_boot_nosuidAdd nosuid Option to /boot
mount_option_dev_shm_nodevAdd nodev Option to /dev/shm
mount_option_dev_shm_noexecAdd noexec Option to /dev/shm
mount_option_dev_shm_nosuidAdd nosuid Option to /dev/shm
mount_option_home_nosuidAdd nosuid Option to /home
mount_option_krb_sec_remote_filesystemsMount Remote Filesystems with Kerberos Security
mount_option_nodev_nonroot_local_partitionsAdd nodev Option to Non-Root Local Partitions
mount_option_nodev_removable_partitionsAdd nodev Option to Removable Media Partitions
mount_option_noexec_removable_partitionsAdd noexec Option to Removable Media Partitions
mount_option_nosuid_removable_partitionsAdd nosuid Option to Removable Media Partitions
mount_option_tmp_nodevAdd nodev Option to /tmp
mount_option_tmp_noexecAdd noexec Option to /tmp
mount_option_tmp_nosuidAdd nosuid Option to /tmp
mount_option_var_log_audit_nodevAdd nodev Option to /var/log/audit
mount_option_var_log_audit_noexecAdd noexec Option to /var/log/audit
mount_option_var_log_audit_nosuidAdd nosuid Option to /var/log/audit
mount_option_var_log_nodevAdd nodev Option to /var/log
mount_option_var_log_noexecAdd noexec Option to /var/log
mount_option_var_log_nosuidAdd nosuid Option to /var/log
mount_option_var_nodevAdd nodev Option to /var
mount_option_var_tmp_bindBind Mount /var/tmp To /tmp
network_disable_ddns_interfacesDisable Client Dynamic DNS Updates
network_disable_zeroconfDisable Zeroconf Networking
network_ipv6_disable_rpcDisable Support for RPC IPv6
network_sniffer_disabledEnsure System is Not Acting as a Network Sniffer
no_rsh_trust_filesRemove Rsh Trust Files
package_bind_removedUninstall bind Package
package_dhcp_removedUninstall DHCP Server Package
package_gdm_removedRemove the GDM Package Group
package_httpd_removedUninstall httpd Package
package_inetutils-telnetd_removedUninstall the inet-based telnet server
package_openldap-servers_removedUninstall openldap-servers Package
package_quagga_removedUninstall quagga Package
package_rsh-server_removedUninstall rsh-server Package
package_sendmail_removedUninstall Sendmail Package
package_telnet-server_removedUninstall telnet-server Package
package_telnetd-ssl_removedUninstall the ssl compliant telnet server
package_telnetd_removedUninstall the telnet server
package_tftp-server_removedUninstall tftp-server Package
package_vsftpd_removedUninstall vsftpd Package
package_xinetd_removedUninstall xinetd Package
package_xorg-x11-server-common_removedRemove the X Windows Package Group
package_ypserv_removedUninstall ypserv Package
postfix_network_listening_disabledDisable Postfix Network Listening
restrict_nfs_clients_to_privileged_portsRestrict NFS Clients to Privileged Ports
rsyslog_nolistenEnsure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
selinux_all_devicefiles_labeledEnsure No Device Files are Unlabeled by SELinux
selinux_confinement_of_daemonsEnsure No Daemons are Unconfined by SELinux
service_abrtd_disabledDisable Automatic Bug Reporting Tool (abrtd)
service_acpid_disabledDisable Advanced Configuration and Power Interface (acpid)
service_atd_disabledDisable At Service (atd)
service_autofs_disabledDisable the Automounter
service_avahi-daemon_disabledDisable Avahi Server Software
service_bluetooth_disabledDisable Bluetooth Service
service_certmonger_disabledDisable Certmonger Service (certmonger)
service_cpupower_disabledDisable CPU Speed (cpupower)
service_cups_disabledDisable the CUPS Service
service_dhcpd_disabledDisable DHCP Service
service_httpd_disabledDisable httpd Service
service_kdump_disabledDisable KDump Kernel Crash Analyzer (kdump)
service_mdmonitor_disabledDisable Software RAID Monitor (mdmonitor)
service_named_disabledDisable named Service
service_netconsole_disabledDisable Network Console (netconsole)
service_nfs_disabledDisable Network File System (nfs)
service_ntpdate_disabledDisable ntpdate Service (ntpdate)
service_oddjobd_disabledDisable Odd Job Daemon (oddjobd)
service_portreserve_disabledDisable Portreserve (portreserve)
service_qpidd_disabledDisable Apache Qpid (qpidd)
service_quota_nld_disabledDisable Quota Netlink (quota_nld)
service_rdisc_disabledDisable Network Router Discovery Daemon (rdisc)
service_rexec_disabledDisable rexec Service
service_rhnsd_disabledDisable Red Hat Network Service (rhnsd)
service_rhsmcertd_disabledDisable Red Hat Subscription Manager Daemon (rhsmcertd)
service_rlogin_disabledDisable rlogin Service
service_rsh_disabledDisable rsh Service
service_saslauthd_disabledDisable Cyrus SASL Authentication Daemon (saslauthd)
service_sysstat_disabledDisable System Statistics Reset Service (sysstat)
service_telnet_disabledDisable telnet Service
service_tftp_disabledDisable tftp Service
service_vsftpd_disabledDisable vsftpd Service
service_xinetd_disabledDisable xinetd Service
service_ypbind_disabledDisable ypbind Service
service_zebra_disabledDisable Quagga Service
sshd_disable_compressionDisable Compression Or Set Compression to delayed
sshd_disable_empty_passwordsDisable SSH Access via Empty Passwords
sshd_disable_gssapi_authDisable GSSAPI Authentication
sshd_disable_kerb_authDisable Kerberos Authentication
sshd_disable_rhostsDisable SSH Support for .rhosts Files
sshd_disable_rhosts_rsaDisable SSH Support for Rhosts RSA Authentication
sshd_disable_root_loginDisable SSH Root Login
sshd_disable_user_known_hostsDisable SSH Support for User Known Hosts
sshd_do_not_permit_user_envDo Not Allow SSH Environment Options
sssd_ldap_start_tlsConfigure SSSD LDAP Backend to Use TLS For All Transactions
sysctl_net_ipv4_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv4 Interfaces
sysctl_net_ipv4_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_log_martiansEnable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_secure_redirectsDisable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_log_martiansEnable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_secure_redirectsConfigure Kernel Parameter for Accepting Secure Redirects By Default
sysctl_net_ipv4_conf_default_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
sysctl_net_ipv4_icmp_echo_ignore_broadcastsEnable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces
sysctl_net_ipv4_icmp_ignore_bogus_error_responsesEnable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces
sysctl_net_ipv4_ip_forwardDisable Kernel Parameter for IP Forwarding on IPv4 Interfaces
sysctl_net_ipv4_tcp_syncookiesEnable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces
sysctl_net_ipv6_conf_all_accept_raConfigure Accepting Router Advertisements on All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces
sysctl_net_ipv6_conf_all_disable_ipv6Disable IPv6 Addressing on All IPv6 Interfaces
sysctl_net_ipv6_conf_all_forwardingDisable Kernel Parameter for IPv6 Forwarding
sysctl_net_ipv6_conf_default_accept_raDisable Accepting Router Advertisements on all IPv6 Interfaces by Default
sysctl_net_ipv6_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
sysctl_net_ipv6_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
sysctl_net_ipv6_conf_default_disable_ipv6Disable IPv6 Addressing on IPv6 Interfaces by Default
tftpd_uses_secure_modeEnsure tftp Daemon Uses Secure Mode
use_kerberos_security_all_exportsUse Kerberos Security on All Exports
wireless_disable_in_biosDisable WiFi or Bluetooth in BIOS
wireless_disable_interfacesDeactivate Wireless Network Interfaces
xwindows_runlevel_targetDisable X Windows Startup By Setting Default Target
avahi_disable_publishingDisable Avahi Publishing
avahi_prevent_port_sharingPrevent Other Programs from Using Avahi's Port
avahi_restrict_published_informationRestrict Information Published by Avahi
bios_disable_usb_bootDisable Booting from USB Devices in Boot Firmware
configure_firewalld_portsConfigure the Firewalld Ports
cups_disable_browsingDisable Printer Browsing Entirely if Possible
cups_disable_printserverDisable Print Server Capabilities
dconf_gnome_disable_automountDisable GNOME3 Automounting
dconf_gnome_disable_automount_openDisable GNOME3 Automount Opening
dconf_gnome_disable_autorunDisable GNOME3 Automount running
dconf_gnome_disable_ctrlaltdel_rebootDisable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
dconf_gnome_disable_restart_shutdownDisable the GNOME3 Login Restart and Shutdown Buttons
dconf_gnome_disable_thumbnailersDisable All GNOME3 Thumbnailers
dhcp_server_deny_bootpDeny BOOTP Queries
dhcp_server_deny_declineDeny Decline Messages
dhcp_server_disable_ddnsDo Not Use Dynamic DNS
dhcp_server_minimize_served_infoMinimize Served Information
dir_perms_var_log_httpdSet Permissions on the /var/log/httpd/ Directory
disable_anacronDisable anacron Service
disable_host_authDisable Host-Based Authentication
dns_server_authenticate_zone_transfersAuthenticate Zone Transfers
file_permissions_httpd_server_conf_d_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf.d/
file_permissions_httpd_server_conf_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf/
file_permissions_httpd_server_modules_filesSet Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/
firewalld_sshd_port_enabledEnable SSH Server firewalld Firewall Exception
ftp_restrict_to_anonRestrict Access to Anonymous Users if Possible
gnome_gdm_disable_automatic_loginDisable GDM Automatic Login
gnome_gdm_disable_guest_loginDisable GDM Guest Login
httpd_serversignature_offSet httpd ServerSignature Directive to Off
httpd_servertokens_prodSet httpd ServerTokens Directive to Prod
kernel_module_bluetooth_disabledDisable Bluetooth Kernel Module
kernel_module_cramfs_disabledDisable Mounting of cramfs
kernel_module_dccp_disabledDisable DCCP Support
kernel_module_freevxfs_disabledDisable Mounting of freevxfs
kernel_module_hfs_disabledDisable Mounting of hfs
kernel_module_hfsplus_disabledDisable Mounting of hfsplus
kernel_module_ipv6_option_disabledDisable IPv6 Networking Support Automatic Loading
kernel_module_jffs2_disabledDisable Mounting of jffs2
kernel_module_rds_disabledDisable RDS Support
kernel_module_sctp_disabledDisable SCTP Support
kernel_module_squashfs_disabledDisable Mounting of squashfs
kernel_module_tipc_disabledDisable TIPC Support
kernel_module_udf_disabledDisable Mounting of udf
kernel_module_usb-storage_disabledDisable Modprobe Loading of USB Storage Driver
kernel_module_vfat_disabledDisable Mounting of vFAT filesystems
mount_option_boot_nodevAdd nodev Option to /boot
mount_option_boot_nosuidAdd nosuid Option to /boot
mount_option_dev_shm_nodevAdd nodev Option to /dev/shm
mount_option_dev_shm_noexecAdd noexec Option to /dev/shm
mount_option_dev_shm_nosuidAdd nosuid Option to /dev/shm
mount_option_home_nosuidAdd nosuid Option to /home
mount_option_krb_sec_remote_filesystemsMount Remote Filesystems with Kerberos Security
mount_option_nodev_nonroot_local_partitionsAdd nodev Option to Non-Root Local Partitions
mount_option_nodev_removable_partitionsAdd nodev Option to Removable Media Partitions
mount_option_noexec_removable_partitionsAdd noexec Option to Removable Media Partitions
mount_option_nosuid_removable_partitionsAdd nosuid Option to Removable Media Partitions
mount_option_tmp_nodevAdd nodev Option to /tmp
mount_option_tmp_noexecAdd noexec Option to /tmp
mount_option_tmp_nosuidAdd nosuid Option to /tmp
mount_option_var_log_audit_nodevAdd nodev Option to /var/log/audit
mount_option_var_log_audit_noexecAdd noexec Option to /var/log/audit
mount_option_var_log_audit_nosuidAdd nosuid Option to /var/log/audit
mount_option_var_log_nodevAdd nodev Option to /var/log
mount_option_var_log_noexecAdd noexec Option to /var/log
mount_option_var_log_nosuidAdd nosuid Option to /var/log
mount_option_var_nodevAdd nodev Option to /var
mount_option_var_tmp_bindBind Mount /var/tmp To /tmp
network_disable_ddns_interfacesDisable Client Dynamic DNS Updates
network_disable_zeroconfDisable Zeroconf Networking
network_ipv6_disable_rpcDisable Support for RPC IPv6
network_sniffer_disabledEnsure System is Not Acting as a Network Sniffer
no_rsh_trust_filesRemove Rsh Trust Files
package_bind_removedUninstall bind Package
package_dhcp_removedUninstall DHCP Server Package
package_gdm_removedRemove the GDM Package Group
package_httpd_removedUninstall httpd Package
package_inetutils-telnetd_removedUninstall the inet-based telnet server
package_openldap-servers_removedUninstall openldap-servers Package
package_quagga_removedUninstall quagga Package
package_rsh-server_removedUninstall rsh-server Package
package_sendmail_removedUninstall Sendmail Package
package_telnet-server_removedUninstall telnet-server Package
package_telnetd-ssl_removedUninstall the ssl compliant telnet server
package_telnetd_removedUninstall the telnet server
package_tftp-server_removedUninstall tftp-server Package
package_vsftpd_removedUninstall vsftpd Package
package_xinetd_removedUninstall xinetd Package
package_xorg-x11-server-common_removedRemove the X Windows Package Group
package_ypserv_removedUninstall ypserv Package
postfix_network_listening_disabledDisable Postfix Network Listening
restrict_nfs_clients_to_privileged_portsRestrict NFS Clients to Privileged Ports
rsyslog_nolistenEnsure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
selinux_all_devicefiles_labeledEnsure No Device Files are Unlabeled by SELinux
selinux_confinement_of_daemonsEnsure No Daemons are Unconfined by SELinux
service_acpid_disabledDisable Advanced Configuration and Power Interface (acpid)
service_atd_disabledDisable At Service (atd)
service_autofs_disabledDisable the Automounter
service_avahi-daemon_disabledDisable Avahi Server Software
service_bluetooth_disabledDisable Bluetooth Service
service_certmonger_disabledDisable Certmonger Service (certmonger)
service_cpupower_disabledDisable CPU Speed (cpupower)
service_cups_disabledDisable the CUPS Service
service_dhcpd_disabledDisable DHCP Service
service_firewalld_enabledVerify firewalld Enabled
service_httpd_disabledDisable httpd Service
service_ip6tables_enabledVerify ip6tables Enabled if Using IPv6
service_iptables_enabledVerify iptables Enabled
service_kdump_disabledDisable KDump Kernel Crash Analyzer (kdump)
service_mdmonitor_disabledDisable Software RAID Monitor (mdmonitor)
service_named_disabledDisable named Service
service_netconsole_disabledDisable Network Console (netconsole)
service_nfs_disabledDisable Network File System (nfs)
service_ntpdate_disabledDisable ntpdate Service (ntpdate)
service_oddjobd_disabledDisable Odd Job Daemon (oddjobd)
service_portreserve_disabledDisable Portreserve (portreserve)
service_qpidd_disabledDisable Apache Qpid (qpidd)
service_quota_nld_disabledDisable Quota Netlink (quota_nld)
service_rdisc_disabledDisable Network Router Discovery Daemon (rdisc)
service_rexec_disabledDisable rexec Service
service_rhnsd_disabledDisable Red Hat Network Service (rhnsd)
service_rhsmcertd_disabledDisable Red Hat Subscription Manager Daemon (rhsmcertd)
service_rlogin_disabledDisable rlogin Service
service_rsh_disabledDisable rsh Service
service_saslauthd_disabledDisable Cyrus SASL Authentication Daemon (saslauthd)
service_sysstat_disabledDisable System Statistics Reset Service (sysstat)
service_telnet_disabledDisable telnet Service
service_tftp_disabledDisable tftp Service
service_vsftpd_disabledDisable vsftpd Service
service_xinetd_disabledDisable xinetd Service
service_ypbind_disabledDisable ypbind Service
service_zebra_disabledDisable Quagga Service
set_firewalld_default_zoneSet Default firewalld Zone for Incoming Packets
set_ip6tables_default_ruleSet Default ip6tables Policy for Incoming Packets
set_iptables_default_ruleSet Default iptables Policy for Incoming Packets
set_iptables_default_rule_forwardSet Default iptables Policy for Forwarded Packets
sshd_disable_compressionDisable Compression Or Set Compression to delayed
sshd_disable_empty_passwordsDisable SSH Access via Empty Passwords
sshd_disable_gssapi_authDisable GSSAPI Authentication
sshd_disable_kerb_authDisable Kerberos Authentication
sshd_disable_rhostsDisable SSH Support for .rhosts Files
sshd_disable_rhosts_rsaDisable SSH Support for Rhosts RSA Authentication
sshd_disable_root_loginDisable SSH Root Login
sshd_disable_user_known_hostsDisable SSH Support for User Known Hosts
sshd_do_not_permit_user_envDo Not Allow SSH Environment Options
sssd_ldap_start_tlsConfigure SSSD LDAP Backend to Use TLS For All Transactions
sysctl_net_ipv4_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv4 Interfaces
sysctl_net_ipv4_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_log_martiansEnable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_secure_redirectsDisable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_all_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
sysctl_net_ipv4_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_log_martiansEnable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_rp_filterEnable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default
sysctl_net_ipv4_conf_default_secure_redirectsConfigure Kernel Parameter for Accepting Secure Redirects By Default
sysctl_net_ipv4_conf_default_send_redirectsDisable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
sysctl_net_ipv4_icmp_echo_ignore_broadcastsEnable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces
sysctl_net_ipv4_icmp_ignore_bogus_error_responsesEnable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces
sysctl_net_ipv4_ip_forwardDisable Kernel Parameter for IP Forwarding on IPv4 Interfaces
sysctl_net_ipv4_tcp_syncookiesEnable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces
sysctl_net_ipv6_conf_all_accept_raConfigure Accepting Router Advertisements on All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_redirectsDisable Accepting ICMP Redirects for All IPv6 Interfaces
sysctl_net_ipv6_conf_all_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces
sysctl_net_ipv6_conf_all_disable_ipv6Disable IPv6 Addressing on All IPv6 Interfaces
sysctl_net_ipv6_conf_all_forwardingDisable Kernel Parameter for IPv6 Forwarding
sysctl_net_ipv6_conf_default_accept_raDisable Accepting Router Advertisements on all IPv6 Interfaces by Default
sysctl_net_ipv6_conf_default_accept_redirectsDisable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces
sysctl_net_ipv6_conf_default_accept_source_routeDisable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default
sysctl_net_ipv6_conf_default_disable_ipv6Disable IPv6 Addressing on IPv6 Interfaces by Default
use_kerberos_security_all_exportsUse Kerberos Security on All Exports
wireless_disable_in_biosDisable WiFi or Bluetooth in BIOS
wireless_disable_interfacesDeactivate Wireless Network Interfaces
xwindows_runlevel_targetDisable X Windows Startup By Setting Default Target