Definition of Standard Benchmark for openEuler for openeuler2203

based on https://gitee.com/openeuler/security-committee/blob/master/secure-configuration-benchmark/release/

1.1.1: Ensure All Files Have Owner And Group

Description: None

Levels:

Automated: yes

Selections:

1.1.2: Ensure No Empty Symlink

Description: None

Levels:

Automated: no

No rules selected

1.1.3: Ensure No Hidden Executable Files

Description: None

Levels:

Automated: no

No rules selected

1.1.4: Ensure Sticky Set On Global Writable Folder

Description: None

Levels:

Automated: yes

Selections:

1.1.5: Ensure UMASK Correct

Description: None

Levels:

Automated: yes

Selections:

1.1.6: Ensure No Global Writable File

Description: None

Levels:

Automated: yes

Selections:

1.1.7: Umount Unnecessary File System

Description: None

Levels:

Automated: no

No rules selected

1.1.8: Ensure Mount As Readonly If No Need To Write

Description: None

Levels:

Automated: no

No rules selected

1.1.9: Ensure Mount As Nodev

Description: None

Levels:

Automated: no

No rules selected

1.1.10: Ensure Mount As Noexec

Description: None

Levels:

Automated: no

No rules selected

1.1.11: Ensure Mount As Noexec And Nodev For Removable Device

Description: None

Levels:

Automated: yes

Selections:

1.1.12: Ensure Mount As Nosuid

Description: None

Levels:

Automated: no

No rules selected

1.1.13: Ensure Remove Unnecessary SUID And SGID

Description: None

Levels:

Automated: yes

Selections:

1.1.14: Ensure File Permission Minimize

Description: None

Levels:

Automated: no

No rules selected

1.1.15: Ensure Ulinmit Correctly

Description: None

Levels:

Automated: no

No rules selected

1.1.16: Ensure Symlinks And Hardlinks Protected

Description: None

Levels:

Automated: yes

Selections:

1.1.17: Ensure USB Disabled

Description: None

Levels:

Automated: yes

Selections:

1.1.18: Ensure Different Data Store In Different Partitions

Description: None

Levels:

Automated: no

No rules selected

1.1.19: Ensure LD_LIBRARY_PATH Correct

Description: None

Levels:

Automated: no

No rules selected

1.1.20: Ensure User PATH Correct

Description: None

Levels:

Automated: no

No rules selected

1.2.1: Ensure FTP Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.2: Ensure TFTP Server Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.3: Ensure Telnet Server Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.4: Ensure SNMP Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.5: Ensure Python2 Not Installed

Description: None

Levels:

Automated: no

No rules selected

1.2.6: Ensure GPG Check Configured

Description: None

Levels:

Automated: yes

Selections:

1.2.7: Ensure Debug-Shell Disabled

Description: None

Levels:

Automated: yes

Selections:

1.2.8: Ensure Rsync Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.9: Ensure Avahi Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.10: Ensure LDAP Server Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.11: Ensure CUPS Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.12: Ensure NIS Server Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.13: Ensure NIS Client Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.14: Ensure LDAP Client Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.15: Ensure Network Sniffing Software Removed

Description: None

Levels:

Automated: no

No rules selected

1.2.16: Ensure Debug Tools Removed

Description: None

Levels:

Automated: no

No rules selected

1.2.17: Ensure Compiler Tools Removed

Description: None

Levels:

Automated: no

No rules selected

1.2.18: Ensure X Window Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.19: Ensure Http Service Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.20: Ensure Samba Service Not Installed

Description: None

Levels:

Automated: yes

Selections:

1.2.21: Ensure DNS Service Disabled

Description: None

Levels:

Automated: yes

Selections:

1.2.22: Ensure NFS Service Disabled

Description: None

Levels:

Automated: yes

Selections:

1.2.23: Ensure RPC Service Disabled

Description: None

Levels:

Automated: yes

Selections:

1.2.24: Ensure DHCP Service Disabled

Description: None

Levels:

Automated: yes

Selections:

2.1.1: Ensure All Login Accounts Are Necessary

Description: None

Levels:

Automated: no

No rules selected

2.1.2: Ensure No Unused Accounts

Description: None

Levels:

Automated: no

No rules selected

2.1.3: Ensure Different Accounts Have Different GroupID

Description: None

Levels:

Automated: no

No rules selected

2.1.4: Ensure Only Root's UID Is 0

Description: None

Levels:

Automated: yes

Selections:

2.1.5: Ensure Account Related Files Have Correct Permission

Description: None

Levels:

Automated: yes

Selections:

2.1.6: Ensure All Accounts Have Own Home Folder

Description: None

Levels:

Automated: yes

Selections:

2.1.7: Ensure All Groups Existed

Description: None

Levels:

Automated: yes

Selections:

2.1.8: Ensure UID Unique

Description: None

Levels:

Automated: yes

Selections:

2.1.9: Ensure Account Name Unique

Description: None

Levels:

Automated: yes

Selections:

2.1.10: Ensure Group Unique ID

Description: None

Levels:

Automated: yes

Selections:

2.1.11: Ensure Group Unique Name

Description: None

Levels:

Automated: yes

Selections:

2.1.12: Ensure Account Expire Date Correct

Description: None

Levels:

Automated: no

Selections:

2.1.13: Ensure No .forward Files In Home Folder

Description: None

Levels:

Automated: yes

Selections:

2.1.14: Ensure No .netrc Files In Home Folder

Description: None

Levels:

Automated: yes

Selections:

2.2.1: Ensure Set Correct Password Complexity

Description: None

Levels:

Automated: yes

Selections:

2.2.2: Ensure No History Password Used

Description: None

Levels:

Automated: yes

Selections:

2.2.3: Ensure Old Password Verified

Description: None

Levels:

Automated: no

No rules selected

2.2.4: Ensure Password Not Contain User Name

Description: None

Levels:

Automated: no

No rules selected

2.2.5: Ensure Using Strong Hash Algorithm To Encipher Password

Description: None

Levels:

Automated: yes

Selections:

2.2.6: Ensure Password Dictionary Correct

Description: None

Levels:

Automated: yes

Selections:

2.2.7: Ensure Password Expire Correct

Description: None

Levels:

Automated: yes

Selections:

2.2.8: Ensure No Empty Password

Description: None

Levels:

Automated: yes

Selections:

2.2.9: Ensure Grub Password Set

Description: None

Levels:

Automated: yes

Selections:

2.2.10: Ensure Password Set In Single User Mode

Description: None

Levels:

Automated: yes

Selections:

2.2.11: Ensure Password Changed At First Login

Description: None

Levels:

Automated: no

No rules selected

2.3.1: Ensure Account Locked After Accessing Fail

Description: None

Levels:

Automated: yes

Selections:

2.3.2: Ensure TIMOUT Set Correct

Description: None

Levels:

Automated: yes

Selections:

2.3.3: Ensure Warning Banners Correct

Description: None

Levels:

Automated: yes

Selections:

2.3.4: Ensure Warning Path Correct

Description: None

Levels:

Automated: yes

Selections:

2.4.1: Ensure HISTSIZE Limited

Description: None

Levels:

Automated: no

No rules selected

2.4.2: Ensure SELinux Enforce

Description: None

Levels:

Automated: yes

Selections:

2.4.3: Ensure SELinux Configurate Correct

Description: None

Levels:

Automated: yes

Selections:

2.4.4: Ensure SU Usage Limited

Description: None

Levels:

Automated: yes

Selections:

2.4.5: Ensure Use Sudo To Run

Description: None

Levels:

Automated: yes

Selections:

2.4.6: Ensure No Files In /etc/sudoers Can Be Write By Low-privilege User

Description: None

Levels:

Automated: no

No rules selected

2.4.7: Ensure Low-privilege User Cannot Escalate By Pkexec

Description: None

Levels:

Automated: no

No rules selected

2.4.8: Ensure ALWAYS_SET_PATH Configurated

Description: None

Levels:

Automated: no

No rules selected

2.4.9: Ensure Root Can Not Login Local

Description: None

Levels:

Automated: no

No rules selected

2.4.10: Ensure Not Run Files wiht unconfined_service_t Flag

Description: None

Levels:

Automated: yes

Selections:

2.5.1: Ensure IMA Enabled

Description: None

Levels:

Automated: no

No rules selected

2.5.2: Ensure AIDE Enabled

Description: None

Levels:

Automated: yes

Selections:

2.6.1: Ensure Haveged Enabled

Description: None

Levels:

Automated: no

No rules selected

2.6.2: Global Crypto Setting Correct

Description: None

Levels:

Automated: yes

Selections:

3.1.1: Ensure No Unusual Network Service

Description: None

Levels:

Automated: yes

Selections:

3.1.2: Ensure No WIFI

Description: None

Levels:

Automated: yes

Selections:

3.2.1: Ensure Firewalld Enabled

Description: None

Levels:

Automated: yes

Selections:

3.2.2: Ensure Firewalld Set Default Zone Correctly

Description: None

Levels:

Automated: no

No rules selected

3.2.3: Ensure Firewalld Set Correct Interface Zone

Description: None

Levels:

Automated: no

Selections:

3.2.4: Ensure Unnecessary Service And Port Disabled

Description: None

Levels:

Automated: no

Selections:

3.2.5: Ensure Iptables Enabled

Description: None

Levels:

Automated: yes

Selections:

3.2.6: Ensure Iptables Default Refuse Rules Set

Description: None

Levels:

Automated: no

Selections:

3.2.7: Ensure Iptables Loopback Rules Set

Description: None

Levels:

Automated: yes

Selections:

3.2.8: Ensure Iptables Input Rules Set

Description: None

Levels:

Automated: no

No rules selected

3.2.9: Ensure Iptables Output Rules Set

Description: None

Levels:

Automated: no

No rules selected

3.2.10: Ensure Iptables Input Output Connection Rules Set

Description: None

Levels:

Automated: no

Selections:

3.2.11: Ensure Nftables Enabled

Description: None

Levels:

Automated: yes

Selections:

3.2.12: Ensure Nftables Default Refuse Rules Set

Description: None

Levels:

Automated: no

Selections:

3.2.13: Ensure Nftables Loopback Rules Set

Description: None

Levels:

Automated: no

Selections:

3.2.14: Ensure Nftables Input Rules Set

Description: None

Levels:

Automated: no

No rules selected

3.2.15: Ensure Nftables Output Rules Set

Description: None

Levels:

Automated: no

No rules selected

3.2.16: Ensure Nftables Input Output Connection Rules Set

Description: None

Levels:

Automated: no

Selections:

3.3.1: Ensure SSHd Protocol Version Is 2

Description: None

Levels:

Automated: yes

Selections:

3.3.2: Ensure SSHd Authentication Setting Correct

Description: None

Levels:

Automated: yes

Selections:

3.3.3: Ensure SSHd Key Exchange Algorithm Correct

Description: None

Levels:

Automated: yes

Selections:

3.3.4: Ensure SSHd Pubkey Algorithm Correct

Description: None

Levels:

Automated: no

No rules selected

3.3.5: Ensure SSHd PAM Enabled

Description: None

Levels:

Automated: yes

Selections:

3.3.6: Ensure SSHd MACs Algorithm Correct

Description: None

Levels:

Automated: yes

Selections:

3.3.7: Ensure SSHd Ciphers Algorithm Correct

Description: None

Levels:

Automated: yes

Selections:

3.3.8: Ensure SSHd Ciphers Algorithm Not Overwritten

Description: None

Levels:

Automated: no

No rules selected

3.3.9: Ensure SSHd Forbid Root Login From Remote

Description: None

Levels:

Automated: yes

Selections:

3.3.10: Ensure SSHd Log Level Correct

Description: None

Levels:

Automated: yes

Selections:

3.3.11: Ensure SSHd Listen Address Set Correct

Description: None

Levels:

Automated: no

No rules selected

3.3.12: Ensure SSHd MaxStartups Correct

Description: None

Levels:

Automated: yes

Selections:

3.3.13: Ensure SSHd Maxsessions Correct

Description: None

Levels:

Automated: yes

Selections:

3.3.14: Ensure SSHd X11 Forwarding Forbidden

Description: None

Levels:

Automated: yes

Selections:

3.3.15: Ensure SSHd MaxAuthTries Correct

Description: None

Levels:

Automated: yes

Selections:

3.3.16: Ensure SSHd PermitUserEnvironment Forbidden

Description: None

Levels:

Automated: yes

Selections:

3.3.17: Ensure SSHd LoginGraceTime Correct

Description: None

Levels:

Automated: yes

Selections:

3.3.18: Ensure SSHd Authorized Keys Not Set

Description: None

Levels:

Automated: no

No rules selected

3.3.19: Ensure SSHd Known Hosts Not Set

Description: None

Levels:

Automated: yes

Selections:

3.3.20: Ensure SSHd Has No Obsolete Configurations

Description: None

Levels:

Automated: no

No rules selected

3.3.21: Ensure SSHd TCP Forward Disabled

Description: None

Levels:

Automated: yes

Selections:

3.3.22: Ensure SSHd Has Correct White and Black Access List

Description: None

Levels:

Automated: no

No rules selected

3.4.1: Ensure Cron Not Run Low Privilege User Writable Bash

Description: None

Levels:

Automated: no

No rules selected

3.4.2: Ensure Cron Deamon Running

Description: None

Levels:

Automated: yes

Selections:

3.4.3: Ensure AT And Cron Set Correct

Description: None

Levels:

Automated: yes

Selections:

3.5.1: Ensure KASLR Enabled

Description: None

Levels:

Automated: yes

Selections:

3.5.2: Ensure Dmesg Access Permission Correct

Description: None

Levels:

Automated: yes

Selections:

3.5.3: Ensure Kptr_restrict Correct

Description: None

Levels:

Automated: yes

Selections:

3.5.4: Ensure Kernel SMAP Enabled

Description: None

Levels:

Automated: yes

Selections:

3.5.5: Ensure Kernel SMEP Enabled

Description: None

Levels:

Automated: yes

Selections:

3.5.6: Ensure ICMP Broadcast Package Not Responsed

Description: None

Levels:

Automated: yes

Selections:

3.5.7: Ensure ICMP Redirect Package Not Received

Description: None

Levels:

Automated: yes

Selections:

3.5.8: Ensure No ICMP Redirect Package Forwarded

Description: None

Levels:

Automated: yes

Selections:

3.5.9: Ensure Ignore All ICMP Request

Description: None

Levels:

Automated: no

No rules selected

3.5.10: Ensure Ignore Bogus Error ICMP Package

Description: None

Levels:

Automated: yes

Selections:

3.5.11: Ensure Reverse Proxy Filter Enabled

Description: None

Levels:

Automated: yes

Selections:

3.5.12: Ensure IP Forwarding Disabled

Description: None

Levels:

Automated: yes

Selections:

3.5.13: Ensure Source Route Disabled

Description: None

Levels:

Automated: yes

Selections:

3.5.14: Ensure TCP-SYN Cookie Enabled

Description: None

Levels:

Automated: yes

Selections:

3.5.15: Ensure Source Route And Redirectly Logged

Description: None

Levels:

Automated: yes

Selections:

3.5.16: Ensure tcp_timestamps Disabled

Description: None

Levels:

Automated: no

No rules selected

3.5.17: Ensure TCP Time Wait Correct

Description: None

Levels:

Automated: no

No rules selected

3.5.18: Ensure SYN Recv Set Correct

Description: None

Levels:

Automated: no

No rules selected

3.5.19: Ensure No ARP Proxy

Description: None

Levels:

Automated: no

No rules selected

3.5.20: Ensure Core Dump Set Correct

Description: None

Levels:

Automated: no

No rules selected

3.5.21: Ensure SysRq Key Disabled

Description: None

Levels:

Automated: yes

Selections:

3.5.22: Ensure ptrace_scope Set Correct

Description: None

Levels:

Automated: yes

Selections:

3.5.23: Ensure Seccomp Enabled

Description: None

Levels:

Automated: yes

Selections:

3.6.1: Ensure Ntpd Configuration Correct

Description: None

Levels:

Automated: yes

Selections:

3.6.2: Ensure Chrony Configuration Correct

Description: None

Levels:

Automated: yes

Selections:

4.1.1: Ensure Auditd Enabled

Description: None

Levels:

Automated: yes

Selections:

4.1.2: Ensure Auditd Rotate Enabled

Description: None

Levels:

Automated: yes

Selections:

4.1.3: Ensure Lastlog Recorded

Description: None

Levels:

Automated: yes

Selections:

4.1.4: Ensure Account Info Changing Audited

Description: None

Levels:

Automated: yes

Selections:

4.1.5: Ensure Escalation Audited

Description: None

Levels:

Automated: no

No rules selected

4.1.6: Ensure Module Changes Audited

Description: None

Levels:

Automated: yes

Selections:

4.1.7: Ensure Sudo Operation Audited

Description: None

Levels:

Automated: yes

Selections:

4.1.8: Ensure Auditd Enabled During Boot

Description: None

Levels:

Automated: yes

Selections:

4.1.9: Ensure Audit Backlog Limit Correct

Description: None

Levels:

Automated: yes

Selections:

4.1.10: Ensure Auditctl Not Used

Description: None

Levels:

Automated: yes

Selections:

4.1.11: Ensure Audit Log Size Set Correct

Description: None

Levels:

Automated: yes

Selections:

4.1.12: Ensure Audit Disk Space Set Correct

Description: None

Levels:

Automated: yes

Selections:

4.1.13: Ensure Sudoers Audited

Description: None

Levels:

Automated: yes

Selections:

4.1.14: Ensure Session Audited

Description: None

Levels:

Automated: yes

Selections:

4.1.15: Ensure Time Changing Audited

Description: None

Levels:

Automated: yes

Selections:

4.1.16: Ensure SELinux Audited

Description: None

Levels:

Automated: yes

Selections:

4.1.17: Ensure Network Audited

Description: None

Levels:

Automated: yes

Selections:

4.1.18: Ensure Successful File Access Audited

Description: None

Levels:

Automated: no

Selections:

4.1.19: Ensure Unsuccessful File Access Audited

Description: None

Levels:

Automated: yes

Selections:

4.1.20: Ensure File Delete Audited

Description: None

Levels:

Automated: no

Selections:

4.1.21: Ensure Mount Audited

Description: None

Levels:

Automated: no

No rules selected

4.2.1: Ensure Rsyslog Enabled

Description: None

Levels:

Automated: yes

Selections:

4.2.2: Ensure Authentication Logged

Description: None

Levels:

Automated: yes

Selections:

4.2.3: Ensure Cron Logged

Description: None

Levels:

Automated: yes

Selections:

4.2.4: Ensure Rsyslog's Files Permission Correct

Description: None

Levels:

Automated: yes

Selections:

4.2.5: Ensure Important Services Logged

Description: None

Levels:

Automated: yes

Selections:

4.2.6: Ensure Journald Transfer Set Correct

Description: None

Levels:

Automated: no

No rules selected

4.2.7: Ensure Rotate Setting In Rsyslog

Description: None

Levels:

Automated: no

No rules selected

4.2.8: Ensure Remote Log Server Correct

Description: None

Levels:

Automated: no

No rules selected

4.2.9: Ensure Only Specified Server Can Receive Logs

Description: None

Levels:

Automated: yes

Selections: