Skip to content

Instantly share code, notes, and snippets.

@goffinet

goffinet/ssg-rhel7-ds-1.2.xml

Created December 2, 2021 15:04
Show Gist options
  • Save goffinet/0e05bd4d6cce202b5acc6f088c0a31fd to your computer and use it in GitHub Desktop.
Save goffinet/0e05bd4d6cce202b5acc6f088c0a31fd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssg-rhel7-ds-1.2.xml
This file has been truncated, but you can view the full file.
<?xml version="1.0"?>
<ds:data-stream-collection xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" xmlns:cpe-dict="http://cpe.mitre.org/dictionary/2.0" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:html="http://www.w3.org/1999/xhtml" xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:linux="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:ocil="http://scap.nist.gov/schema/ocil/2.0" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_org.open-scap_collection_from_xccdf_ssg-rhel7-xccdf-1.2.xml" schematron-version="1.2">
<ds:data-stream id="scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml" scap-version="1.2" use-case="OTHER">
<ds:dictionaries>
<ds:component-ref id="scap_org.open-scap_cref_--home--wsato--git--content--build--ssg-rhel7-cpe-dictionary.xml" xlink:href="#scap_org.open-scap_comp_--home--wsato--git--content--build--ssg-rhel7-cpe-dictionary.xml">
<cat:catalog>
<cat:uri name="ssg-rhel7-cpe-oval.xml" uri="#scap_org.open-scap_cref_--home--wsato--git--content--build--ssg-rhel7-cpe-oval.xml"/>
</cat:catalog>
</ds:component-ref>
</ds:dictionaries>
<ds:checklists>
<ds:component-ref id="scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml" xlink:href="#scap_org.open-scap_comp_ssg-rhel7-xccdf-1.2.xml">
<cat:catalog>
<cat:uri name="ssg-rhel7-oval.xml" uri="#scap_org.open-scap_cref_ssg-rhel7-oval.xml"/>
<cat:uri name="ssg-rhel7-ocil.xml" uri="#scap_org.open-scap_cref_ssg-rhel7-ocil.xml"/>
</cat:catalog>
</ds:component-ref>
<ds:component-ref id="scap_org.open-scap_cref_--home--wsato--git--content--build--ssg-rhel7-pcidss-xccdf-1.2.xml" xlink:href="#scap_org.open-scap_comp_--home--wsato--git--content--build--ssg-rhel7-pcidss-xccdf-1.2.xml">
<cat:catalog>
<cat:uri name="ssg-rhel7-oval.xml" uri="#scap_org.open-scap_cref_--home--wsato--git--content--build--ssg-rhel7-oval.xml"/>
<cat:uri name="ssg-rhel7-ocil.xml" uri="#scap_org.open-scap_cref_--home--wsato--git--content--build--ssg-rhel7-ocil.xml"/>
</cat:catalog>
</ds:component-ref>
</ds:checklists>
<ds:checks>
<ds:component-ref id="scap_org.open-scap_cref_ssg-rhel7-oval.xml" xlink:href="#scap_org.open-scap_comp_ssg-rhel7-oval.xml"/>
<ds:component-ref id="scap_org.open-scap_cref_ssg-rhel7-ocil.xml" xlink:href="#scap_org.open-scap_comp_ssg-rhel7-ocil.xml"/>
<ds:component-ref id="scap_org.open-scap_cref_--home--wsato--git--content--build--ssg-rhel7-cpe-oval.xml" xlink:href="#scap_org.open-scap_comp_--home--wsato--git--content--build--ssg-rhel7-cpe-oval.xml"/>
<ds:component-ref id="scap_org.open-scap_cref_--home--wsato--git--content--build--ssg-rhel7-oval.xml" xlink:href="#scap_org.open-scap_comp_--home--wsato--git--content--build--ssg-rhel7-oval.xml"/>
<ds:component-ref id="scap_org.open-scap_cref_--home--wsato--git--content--build--ssg-rhel7-ocil.xml" xlink:href="#scap_org.open-scap_comp_--home--wsato--git--content--build--ssg-rhel7-ocil.xml"/>
</ds:checks>
</ds:data-stream>
<ds:component id="scap_org.open-scap_comp_ssg-rhel7-oval.xml" timestamp="2021-11-26T23:47:30">
<oval-def:oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
<oval-def:generator>
<oval:product_name>combine_ovals.py from SCAP Security Guide</oval:product_name>
<oval:product_version>ssg: [0, 1, 59], python: 3.9.7</oval:product_version>
<oval:schema_version>5.10</oval:schema_version>
<oval:timestamp>2021-11-26T22:45:18</oval:timestamp>
</oval-def:generator>
<oval-def:definitions>
<oval-def:definition class="compliance" id="oval:ssg-sysconfig_networking_bootproto_ifcfg:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Disable DHCP Client in ifcfg</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>DHCP configuration should be static for all
interfaces.</oval-def:description>
<oval-def:reference ref_id="CCE-80337-9" source="CCE"/>
<oval-def:reference ref_id="sysconfig_networking_bootproto_ifcfg" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Test for BOOTPROTO=(static|none) across all interfaces">
<oval-def:criterion test_ref="oval:ssg-test_sysconfig_networking_bootproto_ifcfg:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ftp_log_transactions:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable Logging of All FTP Transactions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>To trace malicious activity facilitated by the FTP
service, it must be configured to ensure that all commands sent to
the FTP server are logged using the verbose vsftpd log format.
</oval-def:description>
<oval-def:reference ref_id="CCE-80247-0" source="CCE"/>
<oval-def:reference ref_id="ftp_log_transactions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="FTP is not being used or the conditions are met" operator="OR">
<oval-def:extend_definition comment="vsftp package is not installed" definition_ref="oval:ssg-package_vsftpd_installed:def:1" negate="true"/>
<oval-def:criteria comment="FTP configuration conditions are not set or are met" operator="AND">
<oval-def:criterion comment="log ftp transactions enable" test_ref="oval:ssg-test_ftp_log_transactions_enable:tst:1"/>
<oval-def:criterion comment="log ftp transactions format" test_ref="oval:ssg-test_ftp_log_transactions_format:tst:1"/>
<oval-def:criterion comment="log ftp transactions protocol" test_ref="oval:ssg-test_ftp_log_transactions_protocol:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ftp_present_banner:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Create Warning Banners for All FTP Users</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This setting will cause the system greeting banner to be
used for FTP connections as well.</oval-def:description>
<oval-def:reference ref_id="CCE-80248-8" source="CCE"/>
<oval-def:reference ref_id="ftp_present_banner" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="vsftpd package is not installed" definition_ref="oval:ssg-package_vsftpd_removed:def:1"/>
<oval-def:criterion comment="Banner for FTP Users" test_ref="oval:ssg-test_ftp_present_banner:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dir_perms_etc_httpd_conf:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Permissions on the /etc/httpd/conf/ Directory</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Directory permissions for /etc/httpd/conf/ should be set to 0750 (or stronger).</oval-def:description>
<oval-def:reference ref_id="CCE-80323-9" source="CCE"/>
<oval-def:reference ref_id="dir_perms_etc_httpd_conf" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="httpd not present or in use" definition_ref="oval:ssg-package_httpd_removed:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_dir_perms_etc_httpd_conf:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dir_perms_var_log_httpd:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Permissions on the /var/log/httpd/ Directory</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Directory permissions for /var/log/httpd should be set to 0700 (or stronger).</oval-def:description>
<oval-def:reference ref_id="CCE-80322-1" source="CCE"/>
<oval-def:reference ref_id="dir_perms_var_log_httpd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="httpd not present or in use" definition_ref="oval:ssg-package_httpd_removed:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_dir_perms_var_log_httpd:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_httpd_server_conf_d_files:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The /etc/httpd/conf.d/* files should have the appropriate permissions (0640 or stronger).</oval-def:description>
<oval-def:reference ref_id="CCE-80381-7" source="CCE"/>
<oval-def:reference ref_id="file_permissions_httpd_server_conf_d_files" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="httpd not present or in use" definition_ref="oval:ssg-package_httpd_removed:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_file_permissions_httpd_server_conf_d_files:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_httpd_server_conf_files:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Permissions on All Configuration Files Inside /etc/httpd/conf/</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The /etc/httpd/conf/* files should have the appropriate permissions (0640 or stronger).</oval-def:description>
<oval-def:reference ref_id="CCE-80324-7" source="CCE"/>
<oval-def:reference ref_id="file_permissions_httpd_server_conf_files" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="httpd not present or in use" definition_ref="oval:ssg-package_httpd_removed:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_file_permissions_httpd_server_conf_files:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_httpd_server_modules_files:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The /etc/httpd/conf.modules.d/* files should have the appropriate permissions (0640 or stronger).</oval-def:description>
<oval-def:reference ref_id="CCE-80382-5" source="CCE"/>
<oval-def:reference ref_id="file_permissions_httpd_server_modules_files" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="httpd not present or in use" definition_ref="oval:ssg-package_httpd_removed:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_file_permissions_httpd_server_modules_files:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kerberos_disable_no_keytab:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Kerberos by removing host keytab</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check that there is no Kerberos keytab file present in /etc</oval-def:description>
<oval-def:reference ref_id="kerberos_disable_no_keytab" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_kerberos_disable_no_keytab:tst:1" comment="Restrict Kerberos operation by removing keytab files"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-enable_ldap_client:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable the LDAP Client For Use in Authconfig</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Enable LDAP in authconfig.</oval-def:description>
<oval-def:reference ref_id="CCE-80448-4" source="CCE"/>
<oval-def:reference ref_id="enable_ldap_client" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="LDAP client is enabled" test_ref="oval:ssg-test_enable_ldap_client:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ldap_client_start_tls:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure LDAP Client to Use TLS For All Transactions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Require the use of TLS for LDAP clients.</oval-def:description>
<oval-def:reference ref_id="CCE-80291-8" source="CCE"/>
<oval-def:reference ref_id="ldap_client_start_tls" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="LDAP is in use" definition_ref="oval:ssg-enable_ldap_client:def:1"/>
<oval-def:criterion comment="look for ssl start_tls in /etc/nslcd.conf" test_ref="oval:ssg-test_ldap_client_start_tls_ssl:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ldap_client_tls_cacertpath:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure Certificate Directives for LDAP Use of TLS</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Require the use of TLS for LDAP clients.</oval-def:description>
<oval-def:reference ref_id="CCE-80292-6" source="CCE"/>
<oval-def:reference ref_id="ldap_client_tls_cacertpath" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="LDAP is in use" definition_ref="oval:ssg-enable_ldap_client:def:1"/>
<oval-def:criterion comment="look for tls_cacertdir in /etc/nslcd.conf" test_ref="oval:ssg-test_ldap_client_tls_cacertdir:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-postfix_client_configure_mail_alias:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure System to Forward All Mail For The Root Account</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check if root has the correct mail alias.</oval-def:description>
<oval-def:reference ref_id="CCE-82380-7" source="CCE"/>
<oval-def:reference ref_id="postfix_client_configure_mail_alias" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Check if root has the correct mail alias.">
<oval-def:criterion comment="Check if root has the correct mail alias." test_ref="oval:ssg-test_postfix_client_configure_mail_alias:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-postfix_server_banner:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure SMTP Greeting Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Protect against unnecessary release of information.</oval-def:description>
<oval-def:reference ref_id="CCE-80290-0" source="CCE"/>
<oval-def:reference ref_id="postfix_server_banner" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Limit release of information" test_ref="oval:ssg-test_postfix_server_banner:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-postfix_prevent_unrestricted_relay:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Prevent Unrestricted Mail Relaying</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'smtpd_client_restrictions' is configured with value 'permit_mynetworks,reject' in /etc/postfix/main.cf</oval-def:description>
<oval-def:reference ref_id="CCE-80512-7" source="CCE"/>
<oval-def:reference ref_id="postfix_prevent_unrestricted_relay" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="mail is configured correctly and configuration file exists" operator="AND">
<oval-def:criteria comment="mail is configured correctly" operator="OR">
<oval-def:criterion comment="Check the smtpd_client_restrictions in /etc/postfix/main.cf" test_ref="oval:ssg-test_postfix_prevent_unrestricted_relay:tst:1"/>
</oval-def:criteria>
<oval-def:criterion comment="test if configuration file /etc/postfix/main.cf exists for postfix_prevent_unrestricted_relay" test_ref="oval:ssg-test_postfix_prevent_unrestricted_relay_config_file_exists:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_insecure_locks_exports:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Insecure File Locking is Not Allowed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Allowing insecure file locking could allow for sensitive
data to be viewed or edited by an unauthorized user.</oval-def:description>
<oval-def:reference ref_id="CCE-80243-9" source="CCE"/>
<oval-def:reference ref_id="no_insecure_locks_exports" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check for insecure NFS locks in /etc/exports" test_ref="oval:ssg-test_no_insecure_locks_exports:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-use_kerberos_security_all_exports:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Use Kerberos Security on All Exports</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Using Kerberos Security allows to cryptography authenticate a
valid user to an NFS share.</oval-def:description>
<oval-def:reference ref_id="CCE-27464-7" source="CCE"/>
<oval-def:reference ref_id="use_kerberos_security_all_exports" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Check for Kerberos settings in /etc/exports" test_ref="oval:ssg-test_use_kerberos_security_all_exports:tst:1"/>
<oval-def:criterion comment="Check for a share in /etc/exports" test_ref="oval:ssg-test_non_empty_exports_file:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-chronyd_run_as_chrony_user:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure that chronyd is running under chrony user account</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'OPTIONS' is configured with value '["]?.*-u chrony.*["]?' in /etc/sysconfig/chronyd</oval-def:description>
<oval-def:reference ref_id="CCE-82878-0" source="CCE"/>
<oval-def:reference ref_id="chronyd_run_as_chrony_user" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The respective application or service is configured correctly and configuration file exists" operator="AND">
<oval-def:criteria comment="The respective application or service is configured correctly" operator="OR">
<oval-def:criterion comment="Check the OPTIONS in /etc/sysconfig/chronyd" test_ref="oval:ssg-test_chronyd_run_as_chrony_user:tst:1"/>
</oval-def:criteria>
<oval-def:criterion comment="test if configuration file /etc/sysconfig/chronyd exists for chronyd_run_as_chrony_user" test_ref="oval:ssg-test_chronyd_run_as_chrony_user_config_file_exists:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-chronyd_specify_remote_server:def:1" version="1">
<oval-def:metadata>
<oval-def:title>A remote time server for Chrony is configured</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>A remote NTP Server for time synchronization should be
specified (and dependencies are met)</oval-def:description>
<oval-def:reference ref_id="CCE-83418-4" source="CCE"/>
<oval-def:reference ref_id="chronyd_specify_remote_server" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="chrony.conf conditions are met">
<oval-def:criterion test_ref="oval:ssg-test_chronyd_remote_server:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ntpd_configure_restrictions:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Configure server restrictions for ntpd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Certain restrictions are imposed on ntp servers configured to be used by ntpd</oval-def:description>
<oval-def:reference ref_id="CCE-84299-7" source="CCE"/>
<oval-def:reference ref_id="ntpd_configure_restrictions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="test ipv6 configuration" test_ref="oval:ssg-test_ntpd_configure_restrictions_ipv6:tst:1"/>
<oval-def:criterion comment="test ipv4 configuration" test_ref="oval:ssg-test_ntpd_configure_restrictions_ipv4:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ntpd_run_as_ntp_user:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure ntpd To Run As ntp User</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure ntpd is configured to run correctly under the ntp user.</oval-def:description>
<oval-def:reference ref_id="CCE-84295-5" source="CCE"/>
<oval-def:reference ref_id="ntpd_run_as_ntp_user" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="check /etc/sysconfig/ntpd is configured correctly" test_ref="oval:ssg-test_ntpd_run_as_ntp_user_etc_sysconfig_ntpd:tst:1"/>
<oval-def:criterion comment="check /usr/lib/systemd/system/ntpd.service is configured correctly" test_ref="oval:ssg-test_ntpd_run_as_ntp_user_systemd:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ntpd_specify_multiple_servers:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Specify Additional Remote NTP Servers</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Multiple ntpd NTP Servers for time synchronization should be specified.</oval-def:description>
<oval-def:reference ref_id="ntpd_specify_multiple_servers" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="ntp.conf conditions are met">
<oval-def:criterion test_ref="oval:ssg-test_ntpd_multiple_servers:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ntpd_specify_remote_server:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Specify a Remote NTP Server</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>A remote ntpd NTP Server for time synchronization should be
specified (and dependencies are met)</oval-def:description>
<oval-def:reference ref_id="CCE-83436-6" source="CCE"/>
<oval-def:reference ref_id="ntpd_specify_remote_server" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="ntp.conf conditions are met">
<oval-def:criterion test_ref="oval:ssg-test_ntp_remote_server:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-configure_etc_hosts_deny:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /etc/hosts.deny is configured</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'ALL:' is configured with value 'ALL' in /etc/hosts.deny</oval-def:description>
<oval-def:reference ref_id="CCE-83391-3" source="CCE"/>
<oval-def:reference ref_id="configure_etc_hosts_deny" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The respective application or service is configured correctly and configuration file exists" operator="AND">
<oval-def:criteria comment="The respective application or service is configured correctly" operator="OR">
<oval-def:criterion comment="Check the ALL: in /etc/hosts.deny" test_ref="oval:ssg-test_configure_etc_hosts_deny:tst:1"/>
</oval-def:criteria>
<oval-def:criterion comment="test if configuration file /etc/hosts.deny exists for configure_etc_hosts_deny" test_ref="oval:ssg-test_configure_etc_hosts_deny_config_file_exists:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_host_based_files:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove Host-Based Authentication Files</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>There should not be any shosts.equiv files on the system.</oval-def:description>
<oval-def:reference ref_id="CCE-80513-5" source="CCE"/>
<oval-def:reference ref_id="no_host_based_files" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_no_shosts_equiv:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_rsh_trust_files:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove Rsh Trust Files</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>There should not be any .rhosts or hosts.equiv files on the system.</oval-def:description>
<oval-def:reference ref_id="CCE-27406-8" source="CCE"/>
<oval-def:reference ref_id="no_rsh_trust_files" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_no_rsh_trust_files_root:tst:1" negate="true"/>
<oval-def:criterion test_ref="oval:ssg-test_no_rsh_trust_files_home:tst:1" negate="true"/>
<oval-def:criterion test_ref="oval:ssg-test_no_rsh_trust_files_etc:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_user_host_based_files:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove User Host-Based Authentication Files</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>There should not be any .shosts files on the system.</oval-def:description>
<oval-def:reference ref_id="CCE-80514-3" source="CCE"/>
<oval-def:reference ref_id="no_user_host_based_files" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_no_shosts:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-tftpd_uses_secure_mode:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure tftp Daemon Uses Secure Mode</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The TFTP daemon should use secure mode.</oval-def:description>
<oval-def:reference ref_id="CCE-80214-0" source="CCE"/>
<oval-def:reference ref_id="tftpd_uses_secure_mode" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="package tftp-server removed or /etc/xinetd.d/tftp configured correctly" operator="OR">
<oval-def:extend_definition comment="rpm package tftp-server removed" definition_ref="oval:ssg-package_tftp-server_removed:def:1"/>
<oval-def:criterion comment="tftpd secure mode" test_ref="oval:ssg-test_tftpd_uses_secure_mode:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-cups_disable_browsing:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Printer Browsing Entirely if Possible</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The CUPS print service can be configured to broadcast a list
of available printers to the network. Other machines on the network, also
running the CUPS print service, can be configured to listen to these
broadcasts and add and configure these printers for immediate use. By
disabling this browsing capability, the machine will no longer generate
or receive such broadcasts.</oval-def:description>
<oval-def:reference ref_id="CCE-80283-5" source="CCE"/>
<oval-def:reference ref_id="cups_disable_browsing" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Ensure remote printer browsing is off" test_ref="oval:ssg-test_cups_disable_browsing_browsing_off:tst:1"/>
<oval-def:criterion comment="Ensure no incoming printer information packets are allowed" test_ref="oval:ssg-test_cups_disable_browsing_browseallow:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-cups_disable_printserver:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Print Server Capabilities</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>By default, locally configured printers will not be shared
over the network, but if this functionality has somehow been enabled,
these recommendations will disable it again. Be sure to disable outgoing
printer list broadcasts, or remote users will still be able to see the
locally configured printers, even if they cannot actually print to them.
To limit print serving to a particular set of users, use the Policy
directive.</oval-def:description>
<oval-def:reference ref_id="CCE-80284-3" source="CCE"/>
<oval-def:reference ref_id="cups_disable_printserver" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Don't use port directive" test_ref="oval:ssg-test_cups_disable_printserver_disable_port:tst:1"/>
<oval-def:criterion comment="Do use the listen directive" test_ref="oval:ssg-test_cups_disable_printserver_use_listen:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_smb_client_signing:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Require Client SMB Packet Signing, if using mount.cifs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Require packet signing of clients who mount
Samba shares using the mount.cifs program (e.g., those who
specify shares in /etc/fstab). To do so, ensure that signing
options (either sec=krb5i or sec=ntlmv2i) are
used.</oval-def:description>
<oval-def:reference ref_id="CCE-80281-9" source="CCE"/>
<oval-def:reference ref_id="mount_option_smb_client_signing" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="samba-common installed" definition_ref="oval:ssg-package_samba-common_installed:def:1"/>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="check for no cifs in /etc/fstab" test_ref="oval:ssg-test_20340111:tst:1"/>
<oval-def:criterion comment="check for sec=krb5i or sec=ntlmv2i in /etc/fstab" test_ref="oval:ssg-test_20340112:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="check for no cifs in /etc/mtab" test_ref="oval:ssg-test_20340113:tst:1"/>
<oval-def:criterion comment="check for sec=krb5i or sec=ntlmv2i in /etc/mtab" test_ref="oval:ssg-test_20340114:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-require_smb_client_signing:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Require Client SMB Packet Signing, if using smbclient</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Require samba clients which use smb.conf, such as smbclient,
to use packet signing. A Samba client should only communicate with
servers who can support SMB packet signing.</oval-def:description>
<oval-def:reference ref_id="CCE-80280-1" source="CCE"/>
<oval-def:reference ref_id="require_smb_client_signing" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="package samba-common is not installed" definition_ref="oval:ssg-package_samba-common_removed:def:1"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="samba-common installed" definition_ref="oval:ssg-package_samba-common_installed:def:1"/>
<oval-def:criterion comment="check for client signing = mandatory in /etc/samba/smb.conf" test_ref="oval:ssg-test_require_smb_client_signing:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-snmpd_not_default_password:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure Default SNMP Password Is Not Used</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>SNMP default communities must be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27386-2" source="CCE"/>
<oval-def:reference ref_id="snmpd_not_default_password" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="SNMP communities" test_ref="oval:ssg-test_snmp_default_communities:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-snmpd_use_newer_protocol:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Configure SNMP Service to Use Only SNMPv3 or Newer</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>SNMP version 1 and 2c must not be enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80276-9" source="CCE"/>
<oval-def:reference ref_id="snmpd_use_newer_protocol" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="SNMP installed" definition_ref="oval:ssg-package_net-snmp_removed:def:1"/>
<oval-def:criterion comment="SNMP protocols" test_ref="oval:ssg-test_snmp_versions:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-firewalld_sshd_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove SSH Server firewalld Firewall exception (Unusual)</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If inbound SSH access is not needed, the firewall should disallow or reject access to
the SSH port (22).</oval-def:description>
<oval-def:reference ref_id="CCE-80218-1" source="CCE"/>
<oval-def:reference ref_id="firewalld_sshd_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="ssh service is not enabled in services" test_ref="oval:ssg-test_firewalld_service_sshd:tst:1"/>
<oval-def:criterion comment="ssh port is not enabled in services" test_ref="oval:ssg-test_firewalld_service_sshd_port:tst:1"/>
<oval-def:criterion comment="ssh service is not enabled in zones" test_ref="oval:ssg-test_firewalld_zone_sshd:tst:1"/>
<oval-def:criterion comment="ssh port is not enabled in zones" test_ref="oval:ssg-test_firewalld_zone_sshd_port:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-firewalld_sshd_port_enabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable SSH Server firewalld Firewall Exception</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If inbound SSH access is needed, the firewall should allow access to
the SSH port (22).</oval-def:description>
<oval-def:reference ref_id="CCE-80361-9" source="CCE"/>
<oval-def:reference ref_id="firewalld_sshd_port_enabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="ssh service is enabled in services" test_ref="oval:ssg-test_firewalld_service_sshd_enabled:tst:1"/>
<oval-def:criterion comment="ssh port is enabled in services" test_ref="oval:ssg-test_firewalld_service_sshd_port_enabled:tst:1"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="ssh service is enabled in zones" test_ref="oval:ssg-test_firewalld_zone_sshd_enabled:tst:1"/>
<oval-def:criterion comment="there is at least one NIC assigned to a zone with ssh enabled" test_ref="oval:ssg-test_nic_assigned_to_sshd_enabled_zone:tst:1"/>
</oval-def:criteria>
<oval-def:criterion comment="ssh port is enabled in zones" test_ref="oval:ssg-test_firewalld_zone_sshd_port_enabled:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_allow_only_protocol2:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Allow Only SSH Protocol 2</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The OpenSSH daemon should be running protocol 2.</oval-def:description>
<oval-def:reference ref_id="CCE-27320-1" source="CCE"/>
<oval-def:reference ref_id="sshd_allow_only_protocol2" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criteria comment="SSH version is equal or higher than 7.4 or it is configured with protocol 2" operator="OR">
<oval-def:extend_definition comment="OpenSSH version 7.4 or higher supports only protocol 2" definition_ref="oval:ssg-sshd_version_equal_or_higher_than_74:def:1"/>
<oval-def:criterion comment="Check Protocol in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_allow_only_protocol2:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_disable_compression:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Compression Or Set Compression to delayed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>SSH should either have compression disabled or set to delayed.</oval-def:description>
<oval-def:reference ref_id="CCE-80224-9" source="CCE"/>
<oval-def:reference ref_id="sshd_disable_compression" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check Compression in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_disable_compression:tst:1"/>
</oval-def:criteria>
<oval-def:extend_definition comment="OpenSSH version 7.4 or higher contains fix for authentication Compression exploit" definition_ref="oval:ssg-sshd_version_equal_or_higher_than_74:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_disable_rhosts_rsa:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable SSH Support for Rhosts RSA Authentication</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>SSH can allow authentication through the obsolete rsh command
through the use of the authenticating user's SSH keys. This should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80373-4" source="CCE"/>
<oval-def:reference ref_id="sshd_disable_rhosts_rsa" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criteria comment="SSH version is equal or higher than 7.4 has deprecated RhostsRSAAuthentication" operator="OR">
<oval-def:extend_definition comment="OpenSSH version 7.4 or higher has deprecated RhostsRSAAuthentication" definition_ref="oval:ssg-sshd_version_equal_or_higher_than_74:def:1"/>
<oval-def:criterion comment="Check RhostsRSAAuthentication in /etc/ssh/sshd_config" negate="true" test_ref="oval:ssg-test_sshd_disable_rhosts_rsa:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_rekey_limit:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Force frequent session key renegotiation</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'RekeyLimit' is configured with the correct value in '/etc/ssh/sshd_config'</oval-def:description>
<oval-def:reference ref_id="sshd_rekey_limit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="sshd is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check the RekeyLimit in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_rekey_limit:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_set_idle_timeout:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set SSH Idle Timeout Interval</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SSH idle timeout interval should be set to an
appropriate value.</oval-def:description>
<oval-def:reference ref_id="CCE-27433-2" source="CCE"/>
<oval-def:reference ref_id="sshd_set_idle_timeout" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check ClientAliveInterval in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_idle_timeout:tst:1"/>
<oval-def:extend_definition comment="The SSH ClientAliveCountMax is set to zero" definition_ref="oval:ssg-sshd_set_keepalive:def:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_set_keepalive:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set SSH Client Alive Count Max</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SSH ClientAliveCountMax should be set to an appropriate
value (and dependencies are met)</oval-def:description>
<oval-def:reference ref_id="CCE-27082-7" source="CCE"/>
<oval-def:reference ref_id="sshd_set_keepalive" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check ClientAliveCountMax in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_clientalivecountmax:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_set_login_grace_time:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure SSH LoginGraceTime is configured</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SSH number seconds for login grace time should be set to an
appropriate value.</oval-def:description>
<oval-def:reference ref_id="CCE-86550-1" source="CCE"/>
<oval-def:reference ref_id="sshd_set_login_grace_time" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check LoginGraceTime in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_login_grace_time:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_set_max_auth_tries:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set SSH authentication attempt limit</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SSH MaxAuthTries should be set to an
appropriate value.</oval-def:description>
<oval-def:reference ref_id="CCE-82354-2" source="CCE"/>
<oval-def:reference ref_id="sshd_set_max_auth_tries" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="SSH is not being used or conditions are met" operator="OR">
<oval-def:extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
<oval-def:criterion comment="Check MaxAuthTries in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_max_auth_tries:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_set_max_sessions:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set SSH MaxSessions limit</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SSH number of max sessions should be set to an
appropriate value.</oval-def:description>
<oval-def:reference ref_id="CCE-85856-3" source="CCE"/>
<oval-def:reference ref_id="sshd_set_max_sessions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check MaxSessions in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_max_sessions:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_set_maxstartups:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure SSH MaxStartups is configured</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'MaxStartups' is configured in
'/etc/ssh/sshd_config'</oval-def:description>
<oval-def:reference ref_id="CCE-90714-7" source="CCE"/>
<oval-def:reference ref_id="sshd_set_maxstartups" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="sshd is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-tst_maxstartups_start_parameter:tst:1" comment="SSH MaxStartups start parameter is less than or equal to 10"/>
<oval-def:criterion test_ref="oval:ssg-tst_maxstartups_rate_parameter:tst:1" comment="SSH MaxStartups rate parameter is greater than or equal to 30"/>
<oval-def:criterion test_ref="oval:ssg-tst_maxstartups_full_parameter:tst:1" comment="SSH MaxStartups full parameter is less than or equal to 100"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_use_approved_ciphers:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Use Only FIPS 140-2 Validated Ciphers</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Limit the ciphers to those which are FIPS-approved.</oval-def:description>
<oval-def:reference ref_id="CCE-27295-5" source="CCE"/>
<oval-def:reference ref_id="sshd_use_approved_ciphers" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Installed OS is FIPS certified" definition_ref="oval:ssg-installed_OS_is_FIPS_certified:def:1"/>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check the Cipers list in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_use_approved_ciphers:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_use_approved_ciphers_ordered_stig:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Use Only FIPS 140-2 Validated Ciphers</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Limit the ciphers to those which are FIPS-approved.</oval-def:description>
<oval-def:reference ref_id="CCE-83398-8" source="CCE"/>
<oval-def:reference ref_id="sshd_use_approved_ciphers_ordered_stig" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Installed OS is FIPS certified" definition_ref="oval:ssg-installed_OS_is_FIPS_certified:def:1"/>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check the Cipers list in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_use_approved_ciphers_ordered_stig:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_use_approved_macs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Use Only FIPS 140-2 Validated MACs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Limit the Message Authentication Codes (MACs) to those which are FIPS-approved.</oval-def:description>
<oval-def:reference ref_id="CCE-27455-5" source="CCE"/>
<oval-def:reference ref_id="sshd_use_approved_macs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Installed OS is FIPS certified" definition_ref="oval:ssg-installed_OS_is_FIPS_certified:def:1"/>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check MACs in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_use_approved_macs:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_use_approved_macs_ordered_stig:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Use Only FIPS 140-2 Validated MACs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Limit the Message Authentication Codes (MACs) to those which are FIPS-approved.</oval-def:description>
<oval-def:reference ref_id="CCE-83636-1" source="CCE"/>
<oval-def:reference ref_id="sshd_use_approved_macs_ordered_stig" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Installed OS is FIPS certified" definition_ref="oval:ssg-installed_OS_is_FIPS_certified:def:1"/>
<oval-def:criteria comment="SSH is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criterion comment="Check MACs in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_use_approved_macs_ordered_stig:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_use_priv_separation:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable Use of Privilege Separation</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'UsePrivilegeSeparation' is configured with value 'sandbox' in '/etc/ssh/sshd_config'</oval-def:description>
<oval-def:reference ref_id="CCE-80223-1" source="CCE"/>
<oval-def:reference ref_id="sshd_use_priv_separation" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="sshd is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criterion comment="Check the UsePrivilegeSeparation in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_use_priv_separation:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_use_strong_ciphers:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Use Only Strong Ciphers</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'Ciphers' is configured with value '((aes128-ctr|aes192-ctr|aes256-ctr|chacha20-poly1305@openssh\.com|aes256-gcm@openssh\.com|aes128-gcm@openssh\.com),?)+' in /etc/ssh/sshd_config</oval-def:description>
<oval-def:reference ref_id="CCE-82363-3" source="CCE"/>
<oval-def:reference ref_id="sshd_use_strong_ciphers" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="sshd is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criteria comment="sshd is configured correctly" operator="OR">
<oval-def:criterion comment="Check the Ciphers in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_use_strong_ciphers:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sshd_use_strong_macs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Use Only Strong MACs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'MACs' is configured with value '((hmac-sha2-512-etm@openssh\.com|hmac-sha2-256-etm@openssh\.com|umac-128-etm@openssh\.com|hmac-sha2-512|hmac-sha2-256|hmac-ripemd160),?)+' in /etc/ssh/sshd_config</oval-def:description>
<oval-def:reference ref_id="CCE-82364-1" source="CCE"/>
<oval-def:reference ref_id="sshd_use_strong_macs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="sshd is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criteria comment="sshd is configured correctly" operator="OR">
<oval-def:criterion comment="Check the MACs in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_use_strong_macs:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sssd_enable_pam_services:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure PAM in SSSD Services</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>SSSD should be configured to run SSSD PAM services.
</oval-def:description>
<oval-def:reference ref_id="CCE-80437-7" source="CCE"/>
<oval-def:reference ref_id="sssd_enable_pam_services" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="check if pam is configured in the services setting of the sssd section" test_ref="oval:ssg-test_sssd_enable_pam_services:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sssd_ldap_configure_tls_ca_dir:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure SSSD LDAP Backend Client CA Certificate Location</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Configure SSSD to implement cryptography to protect the integrity of LDAP remote access sessions.</oval-def:description>
<oval-def:reference ref_id="CCE-80515-0" source="CCE"/>
<oval-def:reference ref_id="sssd_ldap_configure_tls_ca_dir" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_sssd_ldap_tls_ca_dir:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sssd_ldap_configure_tls_reqcert:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Configure SSSD to request a valid certificate from the server to protect LDAP remote access sessions.</oval-def:description>
<oval-def:reference ref_id="CCE-84061-1" source="CCE"/>
<oval-def:reference ref_id="sssd_ldap_configure_tls_reqcert" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_sssd_ldap_tls_reqcert:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sssd_ldap_start_tls:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure SSSD LDAP Backend to Use TLS For All Transactions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>LDAP should be used for authentication and use STARTTLS</oval-def:description>
<oval-def:reference ref_id="CCE-80546-5" source="CCE"/>
<oval-def:reference ref_id="sssd_ldap_start_tls" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="LDAP uses STARTTLS set within /etc/sssd/sssd.conf" test_ref="oval:ssg-test_use_starttls:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-xwindows_remove_packages:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable graphical user interface</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure that the default runlevel target is set to multi-user.target.</oval-def:description>
<oval-def:reference ref_id="CCE-83410-1" source="CCE"/>
<oval-def:reference ref_id="xwindows_remove_packages" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package xorg-x11-server-Xorg is not installed" test_ref="oval:ssg-package_xorg-x11-server-Xorg_removed:tst:1"/>
<oval-def:extend_definition comment="package xorg-x11-server-common is removed" definition_ref="oval:ssg-package_xorg-x11-server-common_removed:def:1"/>
<oval-def:criterion comment="package xorg-x11-server-utils is removed" test_ref="oval:ssg-package_xorg-x11-server-utils_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-banner_etc_issue:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Modify the System Login Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The system login banner text should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-27303-7" source="CCE"/>
<oval-def:reference ref_id="banner_etc_issue" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="/etc/issue is set appropriately" test_ref="oval:ssg-test_banner_etc_issue:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-banner_etc_motd:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Modify the System Message of the Day Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The system login banner text should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-83394-7" source="CCE"/>
<oval-def:reference ref_id="banner_etc_motd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="/etc/motd is set appropriately" test_ref="oval:ssg-test_banner_etc_motd:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_banner_enabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable GNOME3 Login Warning Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Enable the GNOME3 Login warning banner.</oval-def:description>
<oval-def:reference ref_id="CCE-26970-4" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_banner_enabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Enable GUI banner and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Enable GUI banner" test_ref="oval:ssg-test_banner_gui_enabled:tst:1"/>
<oval-def:criterion comment="Prevent user from disabling banner" test_ref="oval:ssg-test_prevent_user_banner_gui_enabled_change:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-display_login_attempts:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure PAM Displays Last Logon/Access Notification</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Configure the system to notify users of last login/access using pam_lastlog.</oval-def:description>
<oval-def:reference ref_id="CCE-27275-7" source="CCE"/>
<oval-def:reference ref_id="display_login_attempts" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Conditions for pam_lastlog are satisfied" test_ref="oval:ssg-test_display_login_attempts:tst:1"/>
<oval-def:criterion comment="silent option for pam_lastlog is not set" test_ref="oval:ssg-test_display_login_attempts_silent:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-enable_pam_namespace:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set Up a Private Namespace in PAM Configuration</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check presence of pam_namespace.so module in the /etc/pam.d/login file</oval-def:description>
<oval-def:reference ref_id="CCE-83743-5" source="CCE"/>
<oval-def:reference ref_id="enable_pam_namespace" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="Check that /etc/pam.d/login contains a line with certain text">
<oval-def:criterion comment="Check that /etc/pam.d/login contains a line with certain text" test_ref="oval:ssg-test_enable_pam_namespace:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_pwhistory_remember_password_auth:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Limit Password Reuse: password-auth</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The passwords to remember should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-83476-2" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_pwhistory_remember_password_auth" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="remember parameter of pam_pwhistory.so is set correctly in password-auth" operator="AND">
<oval-def:criterion comment="remember parameter of pam_pwhistory.so is set correctly in password-auth" test_ref="oval:ssg-test_accounts_password_pam_pwhistory_remember_password_auth:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_pwhistory_remember_system_auth:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Limit Password Reuse: system-auth</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The passwords to remember should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-83479-6" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_pwhistory_remember_system_auth" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="remember parameter of pam_pwhistory.so is set correctly" operator="AND">
<oval-def:criterion comment="remember parameter of pam_pwhistory.so is set correctly" test_ref="oval:ssg-test_accounts_password_pam_pwhistory_remember_system_auth:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_unix_remember:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Limit Password Reuse</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The passwords to remember should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-82030-8" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_unix_remember" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="remember parameter of pam_unix.so or pam_pwhistory.so is set correctly" operator="OR">
<oval-def:criterion comment="remember parameter of pam_unix.so is set correctly" test_ref="oval:ssg-test_accounts_password_pam_unix_remember:tst:1"/>
<oval-def:criterion comment="remember parameter of pam_pwhistory.so is set correctly" test_ref="oval:ssg-test_accounts_password_pam_pwhistory_remember:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_passwords_pam_faillock_deny:def:1" version="4">
<oval-def:metadata>
<oval-def:title>Set Deny For Failed Password Attempts</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The number of allowed failed logins should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-27350-8" source="CCE"/>
<oval-def:reference ref_id="accounts_passwords_pam_faillock_deny" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="Checks common to both scenarios">
<oval-def:criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_preauth_silent_system-auth:tst:1" comment="pam_faillock.so preauth silent set in system-auth"/>
<oval-def:criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_account_phase_system-auth:tst:1" comment="pam_faillock.so set in account phase of system-auth"/>
<oval-def:criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_preauth_silent_password-auth:tst:1" comment="pam_faillock.so preauth silent set in password-auth"/>
<oval-def:criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_account_phase_password-auth:tst:1" comment="pam_faillock.so set in account phase of password-auth"/>
<oval-def:criteria operator="AND">
<oval-def:criteria operator="OR" comment="system-auth">
<oval-def:criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_numeric_default_check_system-auth:tst:1" comment="Perform check if pam_faillock authfail follows pam_unix even with lines skipped"/>
<oval-def:criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_authfail_deny_system-auth:tst:1" comment="Perform check if pam_faillock authfail follows pam_unix with either sufficient or default=ignore"/>
</oval-def:criteria>
<oval-def:criteria operator="OR" comment="password-auth">
<oval-def:criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_numeric_default_check_password-auth:tst:1" comment="Perform check if pam_faillock authfail follows pam_unix even with lines skipped"/>
<oval-def:criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_authfail_deny_password-auth:tst:1" comment="pam_faillock.so authfail deny value set in password-auth"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_passwords_pam_faillock_deny_root:def:1" version="4">
<oval-def:metadata>
<oval-def:title>Configure the root Account for Failed Password Attempts</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The root account should be configured to deny access after the number of defined
failed attempts has been reached.</oval-def:description>
<oval-def:reference ref_id="CCE-80353-6" source="CCE"/>
<oval-def:reference ref_id="accounts_passwords_pam_faillock_deny_root" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_pam_faillock_preauth_silent_system-auth:tst:1" comment="pam_faillock.so preauth silent set in system-auth"/>
<oval-def:criterion test_ref="oval:ssg-test_pam_faillock_authfail_deny_root_system-auth:tst:1" comment="pam_faillock.so authfail deny_root value set in system-auth"/>
<oval-def:criterion test_ref="oval:ssg-test_pam_faillock_preauth_silent_password-auth:tst:1" comment="pam_faillock.so preauth silent set in password-auth"/>
<oval-def:criterion test_ref="oval:ssg-test_pam_faillock_authfail_deny_root_password-auth:tst:1" comment="pam_faillock.so authfail deny_root value set in password-auth"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_passwords_pam_faillock_interval:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Interval For Counting Failed Password Attempts</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The number of allowed failed logins should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-27297-1" source="CCE"/>
<oval-def:reference ref_id="accounts_passwords_pam_faillock_interval" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="preauth default is set to 900" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_system-auth:tst:1"/>
<oval-def:criterion comment="authfail default is set to 900" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_authfail_fail_interval_system-auth:tst:1"/>
<oval-def:criterion comment="authfail default is set to 900" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_password-auth:tst:1"/>
<oval-def:criterion comment="preauth default is set to 900" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_preauth_fail_interval_password-auth:tst:1"/>
<oval-def:criterion comment="account requires pam_faillock.so in /etc/pam.d/password-auth" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_account_requires_password-auth:tst:1"/>
<oval-def:criterion comment="account requires pam_faillock.so in /etc/pam.d/system-auth" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_account_requires_system-auth:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_passwords_pam_faillock_unlock_time:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Lockout Time for Failed Password Attempts</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The unlock time after number of failed logins should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-26884-7" source="CCE"/>
<oval-def:reference ref_id="accounts_passwords_pam_faillock_unlock_time" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria comment="When ext var unlock_time is zero, all configs must be zero or never">
<oval-def:criterion comment="Is ext var unlock time zero?" test_ref="oval:ssg-test_var_faillock_unlock_time_is_never:tst:1"/>
<oval-def:criterion comment="Test if config is zero or never" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_unlock_time_is_never:tst:1"/>
</oval-def:criteria>
<oval-def:criteria comment="When ext var unlock_time is not zero, configs should be zero or never, or greater than or equal the external variable">
<oval-def:criterion comment="Is ext var unlock time different than zero?" test_ref="oval:ssg-test_var_faillock_unlock_time_is_never:tst:1" negate="true"/>
<oval-def:criterion comment="Test if config is greater than or equals the ext var unlock time" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_unlock_time_greater_or_equal_ext_var:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_retry:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password retry should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-27160-1" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_retry" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="Conditions for retry are satisfied">
<oval-def:criterion comment="pam_pwquality system-auth" test_ref="oval:ssg-test_password_pam_pwquality_retry_system_auth:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-set_password_hashing_algorithm_libuserconf:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set Password Hashing Algorithm in /etc/libuser.conf</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password hashing algorithm should be set correctly in /etc/libuser.conf.</oval-def:description>
<oval-def:reference ref_id="CCE-82038-1" source="CCE"/>
<oval-def:reference ref_id="set_password_hashing_algorithm_libuserconf" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_etc_libuser_conf_cryptstyle:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-set_password_hashing_algorithm_logindefs:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Password Hashing Algorithm in /etc/login.defs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password hashing algorithm should be set correctly in /etc/login.defs.</oval-def:description>
<oval-def:reference ref_id="CCE-82050-6" source="CCE"/>
<oval-def:reference ref_id="set_password_hashing_algorithm_logindefs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_etc_login_defs_encrypt_method:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-set_password_hashing_algorithm_systemauth:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set PAM's Password Hashing Algorithm</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password hashing algorithm should be set correctly in /etc/pam.d/system-auth.</oval-def:description>
<oval-def:reference ref_id="CCE-82043-1" source="CCE"/>
<oval-def:reference ref_id="set_password_hashing_algorithm_systemauth" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_pam_unix_sha512:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-disable_ctrlaltdel_burstaction:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Ctrl-Alt-Del Burst Action</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Configure the CtrlAltDelBurstAction setting in /etc/systemd/system.conf
or /etc/systemd/system.conf.d/* to none to prevent a reboot if Ctrl-Alt-Delete is
pressed more than 7 times in 2 seconds.</oval-def:description>
<oval-def:reference ref_id="CCE-80449-2" source="CCE"/>
<oval-def:reference ref_id="disable_ctrlaltdel_burstaction" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="check CtrlAltDelBurstAction is set to none" test_ref="oval:ssg-test_disable_ctrlaltdel_burstaction:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_disable_interactive_boot:def:1" version="4">
<oval-def:metadata>
<oval-def:title>Verify that Interactive Boot is Disabled</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The ability for users to perform interactive startups should
be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-27335-9" source="CCE"/>
<oval-def:reference ref_id="grub2_disable_interactive_boot" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_disable_interactive_boot_grub_cmdline_linux:tst:1" comment="Check systemd.confirm_spawn=(1|yes|true|on) not in GRUB_CMDLINE_LINUX"/>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_disable_interactive_boot_grub_cmdline_linux_default:tst:1" comment="Check systemd.confirm_spawn=(1|yes|true|on) not in GRUB_CMDLINE_LINUX_DEFAULT"/>
<oval-def:extend_definition definition_ref="oval:ssg-bootloader_disable_recovery_set_to_true:def:1" comment="Check GRUB_DISABLE_RECOVERY=true in /etc/default/grub"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-require_emergency_target_auth:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Require Authentication for Emergency Systemd Target</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The requirement for a password to boot into emergency mode
should be configured correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-82185-0" source="CCE"/>
<oval-def:reference ref_id="require_emergency_target_auth" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_require_emergency_service:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_require_emergency_service_emergency_target:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_no_custom_emergency_target:tst:1" negate="true"/>
<oval-def:criterion test_ref="oval:ssg-test_no_custom_emergency_service:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-require_singleuser_auth:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Require Authentication for Single User Mode</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The requirement for a password to boot into single-user mode
should be configured correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-27287-2" source="CCE"/>
<oval-def:reference ref_id="require_singleuser_auth" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_require_rescue_service:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_require_rescue_service_runlevel1:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_no_custom_runlevel1_target:tst:1" negate="true"/>
<oval-def:criterion test_ref="oval:ssg-test_no_custom_rescue_service:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-configure_opensc_card_drivers:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure opensc Smart Card Drivers</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Configure the organization's smart card driver so that only
the smart card in use by the organization will be recognized by the system.</oval-def:description>
<oval-def:reference ref_id="CCE-80565-5" source="CCE"/>
<oval-def:reference ref_id="configure_opensc_card_drivers" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_configure_opensc_card_drivers:tst:1" comment="Check that card_drivers is configured for opensc"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-configure_opensc_nss_db:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure NSS DB To Use opensc</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The NSS DB should be set to use opensc library.</oval-def:description>
<oval-def:reference ref_id="CCE-80567-1" source="CCE"/>
<oval-def:reference ref_id="configure_opensc_nss_db" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_configure_opensc_nss_db:tst:1" comment="Check opensc library is configured in /etc/pki/nssdb/pkcs11.txt"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-force_opensc_card_drivers:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Force opensc To Use Defined Smart Card Driver</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Force opensc to use the organization's smart card driver so that only
the smart card in use by the organization will be recognized by the system.</oval-def:description>
<oval-def:reference ref_id="CCE-81002-8" source="CCE"/>
<oval-def:reference ref_id="force_opensc_card_drivers" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_force_opensc_card_drivers:tst:1" comment="Check that force_card_driver is configured for opensc"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-smartcard_configure_cert_checking:def:1" version="4">
<oval-def:metadata>
<oval-def:title>Configure Smart Card Certificate Status Checking</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Enable Smart Card Login</oval-def:description>
<oval-def:reference ref_id="CCE-80520-0" source="CCE"/>
<oval-def:reference ref_id="smartcard_configure_cert_checking" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="smart card authentication is configured" operator="AND">
<oval-def:extend_definition comment="pam_pkcs11 package is installed" definition_ref="oval:ssg-install_smartcard_packages:def:1"/>
<oval-def:criterion comment="cert_policy directive contains ocsp_on" test_ref="oval:ssg-test_pam_pkcs11_all_cert_policy_ocsp_on:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-account_unique_id:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure All Accounts on the System Have Unique User IDs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All accounts on the system should have unique IDs for proper accountability.</oval-def:description>
<oval-def:reference ref_id="CCE-85857-1" source="CCE"/>
<oval-def:reference ref_id="account_unique_id" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="There should not exist duplicate user IDs entries in /etc/passwd">
<oval-def:criterion test_ref="oval:ssg-test_etc_passwd_no_duplicate_user_ids:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_authorized_local_users:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Only Authorized Local User Accounts Exist on Operating System</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Besides the default operating system user, there should be no other users
except the users that are authorized to exist locally on the operating system.</oval-def:description>
<oval-def:reference ref_id="CCE-88380-1" source="CCE"/>
<oval-def:reference ref_id="accounts_authorized_local_users" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_authorized_local_users:tst:1" comment="only root user and explicitly authorized users are allowed in /etc/passwd"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-group_unique_id:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure All Groups on the System Have Unique Group ID</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All groups on the system should have unique names for proper accountability.</oval-def:description>
<oval-def:reference ref_id="CCE-86200-3" source="CCE"/>
<oval-def:reference ref_id="group_unique_id" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="There should not exist duplicate group ids entries in /etc/passwd">
<oval-def:criterion test_ref="oval:ssg-test_etc_group_no_duplicate_group_ids:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-group_unique_name:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure All Groups on the System Have Unique Group Names</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All groups on the system should have unique names for proper accountability.</oval-def:description>
<oval-def:reference ref_id="CCE-86327-4" source="CCE"/>
<oval-def:reference ref_id="group_unique_name" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="There should not exist duplicate group names entries in /etc/passwd">
<oval-def:criterion test_ref="oval:ssg-test_etc_group_no_duplicate_group_names:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-account_disable_post_pw_expiration:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Account Expiration Following Inactivity</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The accounts should be configured to expire automatically following password expiration.</oval-def:description>
<oval-def:reference ref_id="CCE-27355-7" source="CCE"/>
<oval-def:reference ref_id="account_disable_post_pw_expiration" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="the value INACTIVE parameter should be set appropriately in /etc/default/useradd">
<oval-def:criterion test_ref="oval:ssg-test_etc_default_useradd_inactive:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-account_unique_name:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure All Accounts on the System Have Unique Names</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All accounts on the system should have unique names for proper accountability.</oval-def:description>
<oval-def:reference ref_id="CCE-80208-2" source="CCE"/>
<oval-def:reference ref_id="account_unique_name" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="There should not exist duplicate user name entries in /etc/passwd">
<oval-def:criterion test_ref="oval:ssg-test_etc_passwd_no_duplicate_user_names:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_maximum_age_login_defs:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Set Password Maximum Age</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The maximum password age policy should meet minimum requirements.</oval-def:description>
<oval-def:reference ref_id="CCE-27051-2" source="CCE"/>
<oval-def:reference ref_id="accounts_maximum_age_login_defs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The value PASS_MAX_DAYS should be set appropriately in /etc/login.defs">
<oval-def:criterion test_ref="oval:ssg-test_pass_max_days:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_minimum_age_login_defs:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Set Password Minimum Age</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The minimum password age policy should be set appropriately.</oval-def:description>
<oval-def:reference ref_id="CCE-82036-5" source="CCE"/>
<oval-def:reference ref_id="accounts_minimum_age_login_defs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The value of PASS_MIN_DAYS should be set appropriately in /etc/login.defs">
<oval-def:criterion test_ref="oval:ssg-test_pass_min_days:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_minlen_login_defs:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Set Password Minimum Length in login.defs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password minimum length should be set appropriately.</oval-def:description>
<oval-def:reference ref_id="CCE-82049-8" source="CCE"/>
<oval-def:reference ref_id="accounts_password_minlen_login_defs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_pass_min_len:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_set_max_life_existing:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set Existing Passwords Maximum Age</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Set Existing Passwords Maximum Age</oval-def:description>
<oval-def:reference ref_id="CCE-80522-6" source="CCE"/>
<oval-def:reference ref_id="accounts_password_set_max_life_existing" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Passwords must be restricted to the appropriate maximum age for existing accounts." test_ref="oval:ssg-test_password_max_life_existing:tst:1"/>
<oval-def:criterion comment="Passwords must have a maximum lifetime greater than or equal minimum password age." test_ref="oval:ssg-test_password_max_life_existing_minimum:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_set_min_life_existing:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set Existing Passwords Minimum Age</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Passwords for existing accounts much satisfy minimum age requirements</oval-def:description>
<oval-def:reference ref_id="CCE-80521-8" source="CCE"/>
<oval-def:reference ref_id="accounts_password_set_min_life_existing" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Passwords must be restricted to the appropriate minimum age for existing accounts." test_ref="oval:ssg-test_password_min_life_existing:tst:1"/>
<oval-def:criterion comment="Passwords must have a minimum lifetime less than or equal to the defined maximum." test_ref="oval:ssg-test_password_min_life_existing_maximum:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_warn_age_login_defs:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Set Password Warning Age</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password expiration warning age should be set appropriately.</oval-def:description>
<oval-def:reference ref_id="CCE-82016-7" source="CCE"/>
<oval-def:reference ref_id="accounts_password_warn_age_login_defs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_pass_warn_age:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_all_shadowed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify All Account Password Hashes are Shadowed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All password hashes should be shadowed.</oval-def:description>
<oval-def:reference ref_id="CCE-27352-4" source="CCE"/>
<oval-def:reference ref_id="accounts_password_all_shadowed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="password hashes are shadowed" test_ref="oval:ssg-test_accounts_password_all_shadowed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_unix_rounds_password_auth:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set number of Password Hashing Rounds - password-auth</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The number of rounds for password hashing should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-83402-8" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_unix_rounds_password_auth" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Check if rounds option of pam_unix is as expected" operator="OR">
<oval-def:criterion comment="The value of rounds is set correctly in pam_unix.so" test_ref="oval:ssg-test_password_auth_pam_unix_rounds_is_set:tst:1"/>
<oval-def:criteria comment="The value of rounds is no set, in this case the system default is used" operator="AND">
<oval-def:criterion comment="The default value of rounds is used in pam_unix.so" test_ref="oval:ssg-test_password_auth_pam_unix_rounds_is_default:tst:1"/>
<oval-def:criterion comment="The target value of rounds is the default" test_ref="oval:ssg-test_password_auth_default_pam_unix_rounds_var:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_unix_rounds_system_auth:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set number of Password Hashing Rounds - system-auth</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The number of rounds for password hashing should be set correctly.</oval-def:description>
<oval-def:reference ref_id="CCE-83384-8" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_unix_rounds_system_auth" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Check if rounds option of pam_unix is as expected" operator="OR">
<oval-def:criterion comment="The value of rounds is set correctly in pam_unix.so" test_ref="oval:ssg-test_system_auth_pam_unix_rounds_is_set:tst:1"/>
<oval-def:criteria comment="The value of rounds is no set, in this case the system default is used" operator="AND">
<oval-def:criterion comment="The default value of rounds is used in pam_unix.so" test_ref="oval:ssg-test_system_auth_pam_unix_rounds_is_default:tst:1"/>
<oval-def:criterion comment="The target value of rounds is the default" test_ref="oval:ssg-test_system_auth_default_pam_unix_rounds_var:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-gid_passwd_group_same:def:1" version="2">
<oval-def:metadata>
<oval-def:title>All GIDs referenced in /etc/passwd must be defined in /etc/group</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All GIDs referenced in /etc/passwd must be defined in /etc/group.</oval-def:description>
<oval-def:reference ref_id="CCE-27503-2" source="CCE"/>
<oval-def:reference ref_id="gid_passwd_group_same" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_gid_passwd_group_same:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_empty_passwords:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Prevent Login to Accounts With Empty Password</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The file /etc/pam.d/system-auth should not contain the nullok option</oval-def:description>
<oval-def:reference ref_id="CCE-27286-4" source="CCE"/>
<oval-def:reference ref_id="no_empty_passwords" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="make sure the nullok option is not used in /etc/pam.d/system-auth" test_ref="oval:ssg-test_no_empty_passwords:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_legacy_plus_entries_etc_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure there are no legacy + NIS entries in /etc/group</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>No lines starting with + are in /etc/group</oval-def:description>
<oval-def:reference ref_id="CCE-83388-9" source="CCE"/>
<oval-def:reference ref_id="no_legacy_plus_entries_etc_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="no lines starting with + are in /etc/group">
<oval-def:criterion test_ref="oval:ssg-test_no_legacy_plus_entries_etc_group:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_legacy_plus_entries_etc_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure there are no legacy + NIS entries in /etc/passwd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>No lines starting with + are in /etc/passwd</oval-def:description>
<oval-def:reference ref_id="CCE-82889-7" source="CCE"/>
<oval-def:reference ref_id="no_legacy_plus_entries_etc_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="no lines starting with + are in /etc/passwd">
<oval-def:criterion test_ref="oval:ssg-test_no_legacy_plus_entries_etc_passwd:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_legacy_plus_entries_etc_shadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure there are no legacy + NIS entries in /etc/shadow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>No lines starting with + are in /etc/shadow</oval-def:description>
<oval-def:reference ref_id="CCE-83390-5" source="CCE"/>
<oval-def:reference ref_id="no_legacy_plus_entries_etc_shadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="no lines starting with + are in /etc/shadow">
<oval-def:criterion test_ref="oval:ssg-test_no_legacy_plus_entries_etc_shadow:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_netrc_files:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify No netrc Files Exist</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80211-6" source="CCE"/>
<oval-def:reference ref_id="no_netrc_files" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_no_netrc_files_home:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_no_uid_except_zero:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Only Root Has UID 0</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Only the root account should be assigned a user id of 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82054-8" source="CCE"/>
<oval-def:reference ref_id="accounts_no_uid_except_zero" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="tests that there are no accounts with UID 0 except root in the /etc/passwd file" test_ref="oval:ssg-test_accounts_no_uid_except_root:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_root_gid_zero:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Root Has A Primary GID 0</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The root account should have primary group of 0</oval-def:description>
<oval-def:reference ref_id="CCE-86296-1" source="CCE"/>
<oval-def:reference ref_id="accounts_root_gid_zero" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="tests that the root account's gid is equal to 0" test_ref="oval:ssg-test_accounts_root_gid_zero:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_direct_root_logins:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Direct root Logins Not Allowed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Preventing direct root logins help ensure accountability for actions
taken on the system using the root account.</oval-def:description>
<oval-def:reference ref_id="CCE-27294-8" source="CCE"/>
<oval-def:reference ref_id="no_direct_root_logins" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="serial ports /etc/securetty" test_ref="oval:ssg-test_no_direct_root_logins:tst:1"/>
<oval-def:criterion comment="serial ports /etc/securetty" test_ref="oval:ssg-test_etc_securetty_exists:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_shelllogin_for_systemaccounts:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure that System Accounts Do Not Run a Shell Upon Login</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The root account is the only system account that should have
a login shell.</oval-def:description>
<oval-def:reference ref_id="CCE-82015-9" source="CCE"/>
<oval-def:reference ref_id="no_shelllogin_for_systemaccounts" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Test SYS_UID_MIN not defined in /etc/login.defs" test_ref="oval:ssg-test_sys_uid_min_not_defined:tst:1"/>
<oval-def:criterion comment="Test SYS_UID_MAX not defined in /etc/login.defs" test_ref="oval:ssg-test_sys_uid_max_not_defined:tst:1"/>
<oval-def:criterion comment="Test shell defined for UID from &lt;0, UID_MIN -1&gt;" test_ref="oval:ssg-test_shell_defined_default_uid_range:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Test SYS_UID_MIN defined in /etc/login.defs" test_ref="oval:ssg-test_sys_uid_min_not_defined:tst:1" negate="true"/>
<oval-def:criterion comment="Test SYS_UID_MAX defined in /etc/login.defs" test_ref="oval:ssg-test_sys_uid_max_not_defined:tst:1" negate="true"/>
<oval-def:criterion comment="Test shell defined for reserved system UIDs" test_ref="oval:ssg-test_shell_defined_reserved_uid_range:tst:1"/>
<oval-def:criterion comment="Test shell defined for dynamically allocated system UIDs" test_ref="oval:ssg-test_shell_defined_dynalloc_uid_range:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-restrict_serial_port_logins:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Restrict Serial Port Root Logins</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Preventing direct root login to serial port interfaces helps
ensure accountability for actions taken on the system using the root
account.</oval-def:description>
<oval-def:reference ref_id="CCE-27268-2" source="CCE"/>
<oval-def:reference ref_id="restrict_serial_port_logins" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="serial ports /etc/securetty" test_ref="oval:ssg-test_serial_ports_etc_securetty:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-securetty_root_login_console_only:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Restrict Virtual Console Root Logins</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Preventing direct root login to virtual console devices
helps ensure accountability for actions taken on the system using the
root account.</oval-def:description>
<oval-def:reference ref_id="CCE-27318-5" source="CCE"/>
<oval-def:reference ref_id="securetty_root_login_console_only" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="virtual consoles /etc/securetty" test_ref="oval:ssg-test_virtual_consoles_etc_securetty:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-use_pam_wheel_for_su:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enforce usage of pam_wheel for su authentication</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Only members of the wheel group should be able to authenticate through the su command.</oval-def:description>
<oval-def:reference ref_id="CCE-85855-5" source="CCE"/>
<oval-def:reference ref_id="use_pam_wheel_for_su" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_use_pam_wheel_for_su:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_have_homedir_login_defs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Home Directories are Created for New Users</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>CREATE_HOME should be enabled</oval-def:description>
<oval-def:reference ref_id="CCE-80434-4" source="CCE"/>
<oval-def:reference ref_id="accounts_have_homedir_login_defs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Check CREATE_HOME in /etc/login.defs" test_ref="oval:ssg-test_accounts_have_homedir_login_defs:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_logon_fail_delay:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure the Logon Failure Delay is Set Correctly in login.defs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The delay between failed authentication attempts should be
set for all users specified in /etc/login.defs</oval-def:description>
<oval-def:reference ref_id="CCE-80352-8" source="CCE"/>
<oval-def:reference ref_id="accounts_logon_fail_delay" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_logon_fail_delay:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_max_concurrent_login_sessions:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Limit the Number of Concurrent Login Sessions Allowed Per User</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The maximum number of concurrent login sessions per user should meet
minimum requirements.</oval-def:description>
<oval-def:reference ref_id="CCE-82041-5" source="CCE"/>
<oval-def:reference ref_id="accounts_max_concurrent_login_sessions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="the value maxlogins should be set appropriately in /etc/security/limits.d/*.conf" test_ref="oval:ssg-test_limitsd_maxlogins:tst:1"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="the value maxlogins should not be set at all in /etc/security/limits.d/*.conf" test_ref="oval:ssg-test_limitsd_maxlogins_exists:tst:1" negate="true"/>
<oval-def:criterion comment="the value maxlogins should be set appropriately in /etc/security/limits.conf" test_ref="oval:ssg-test_maxlogins:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_polyinstantiated_tmp:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure Polyinstantiation of /tmp Directories</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description/>
<oval-def:reference ref_id="CCE-83731-0" source="CCE"/>
<oval-def:reference ref_id="accounts_polyinstantiated_tmp" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="Check Polyinstantiation of /tmp Directories">
<oval-def:criterion comment="Check that /tmp/tmp-inst exists and has mode 000" test_ref="oval:ssg-test_tmp_inst:tst:1"/>
<oval-def:criterion comment="Check configuration of /tmp in /etc/security/namespace.conf file" test_ref="oval:ssg-test_tmp_in_namespace_conf:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_polyinstantiated_var_tmp:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure Polyinstantiation of /var/tmp Directories</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description/>
<oval-def:reference ref_id="CCE-83777-3" source="CCE"/>
<oval-def:reference ref_id="accounts_polyinstantiated_var_tmp" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="Check Polyinstantiation of /tmp Directories">
<oval-def:criterion comment="Check that /var/tmp/tmp-inst exists and has mode 000" test_ref="oval:ssg-test_var_tmp_tmp_inst:tst:1"/>
<oval-def:criterion comment="Check configuration of /var/tmp in /etc/security/namespace.conf file" test_ref="oval:ssg-test_var_tmp_in_namespace_conf:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_tmout:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Set Interactive Session Timeout</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Checks interactive shell timeout</oval-def:description>
<oval-def:reference ref_id="CCE-27557-8" source="CCE"/>
<oval-def:reference ref_id="accounts_tmout" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="TMOUT value in /etc/profile &lt;= var_accounts_tmout" test_ref="oval:ssg-test_etc_profile_tmout:tst:1"/>
<oval-def:criterion comment="TMOUT value in /etc/profile.d/*.sh &lt;= var_accounts_tmout" test_ref="oval:ssg-test_etc_profiled_tmout:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_user_dot_group_ownership:def:1" version="1">
<oval-def:metadata>
<oval-def:title>User Initialization Files Must Be Group-Owned By The Primary User</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>User Initialization Files Must Be Group-Owned By The Primary User</oval-def:description>
<oval-def:reference ref_id="CCE-80526-7" source="CCE"/>
<oval-def:reference ref_id="accounts_user_dot_group_ownership" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_user_dot_group_ownership:tst:1" comment="User Initialization Files Must Be Group-Owned By The Primary User"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_user_dot_no_world_writable_programs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>User Initialization Files Must Not Run World-Writable Programs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>User Initialization Files Must Not Run World-Writable Programs</oval-def:description>
<oval-def:reference ref_id="CCE-80523-4" source="CCE"/>
<oval-def:reference ref_id="accounts_user_dot_no_world_writable_programs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_user_dot_no_world_writable_programs:tst:1" comment="User Initialization Files Must Not Run World-Writable Programs"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_user_dot_user_ownership:def:1" version="1">
<oval-def:metadata>
<oval-def:title>User Initialization Files Must Be Owned By the Primary User</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>User Initialization Files Must Be Owned By the Primary User</oval-def:description>
<oval-def:reference ref_id="CCE-80527-5" source="CCE"/>
<oval-def:reference ref_id="accounts_user_dot_user_ownership" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_user_dot_user_ownership:tst:1" comment="User Initialization Files Must Be Owned By the Primary User"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_user_interactive_home_directory_defined:def:1" version="1">
<oval-def:metadata>
<oval-def:title>All Interactive Users Must Have A Home Directory Defined</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All Interactive Users Must Have A Home Directory Defined</oval-def:description>
<oval-def:reference ref_id="CCE-80528-3" source="CCE"/>
<oval-def:reference ref_id="accounts_user_interactive_home_directory_defined" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_user_interactive_home_directory_defined:tst:1" comment="All Interactive Users Must Have A Home Directory Defined"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_user_interactive_home_directory_exists:def:1" version="1">
<oval-def:metadata>
<oval-def:title>All Interactive Users Home Directories Must Exist</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All Interactive Users Home Directories Must Exist</oval-def:description>
<oval-def:reference ref_id="CCE-80529-1" source="CCE"/>
<oval-def:reference ref_id="accounts_user_interactive_home_directory_exists" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_accounts_user_interactive_home_directory_exists:tst:1" comment="All Interactive Users Home Directories Must Exist"/>
<oval-def:criterion test_ref="oval:ssg-test_accounts_user_interactive_home_directory_exists_users:tst:1" comment="Interactive users don't exist on the system"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_users_home_files_groupownership:def:1" version="1">
<oval-def:metadata>
<oval-def:title>All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User</oval-def:description>
<oval-def:reference ref_id="CCE-80534-1" source="CCE"/>
<oval-def:reference ref_id="accounts_users_home_files_groupownership" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_users_home_files_groupownership:tst:1" comment="All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_users_home_files_ownership:def:1" version="1">
<oval-def:metadata>
<oval-def:title>All User Files and Directories In The Home Directory Must Have a Valid Owner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All User Files and Directories In The Home Directory Must Have a Valid Owner</oval-def:description>
<oval-def:reference ref_id="CCE-80533-3" source="CCE"/>
<oval-def:reference ref_id="accounts_users_home_files_ownership" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_users_home_files_ownership:tst:1" comment="All User Files and Directories In The Home Directory Must Have a Valid Owner"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_users_home_files_permissions:def:1" version="1">
<oval-def:metadata>
<oval-def:title>All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive</oval-def:description>
<oval-def:reference ref_id="CCE-80535-8" source="CCE"/>
<oval-def:reference ref_id="accounts_users_home_files_permissions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_users_home_files_permissions:tst:1" comment="All files under interactive user's Home Directories must have proper permissions"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupownership_home_directories:def:1" version="1">
<oval-def:metadata>
<oval-def:title>All Interactive User Home Directories Must Be Group-Owned By The Primary User</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All interactive user's Home Directories must be group-owned by its user</oval-def:description>
<oval-def:reference ref_id="CCE-80532-5" source="CCE"/>
<oval-def:reference ref_id="file_groupownership_home_directories" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_file_groupownership_home_directories:tst:1" comment="All interactive user's Home Directories must be group-owned by its user"/>
<oval-def:criterion test_ref="oval:ssg-test_file_groupownership_home_directories_duplicated:tst:1" comment="Interactive users should group-own only one Home Directory"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_ownership_home_directories:def:1" version="1">
<oval-def:metadata>
<oval-def:title>All Interactive User Home Directories Must Be Owned By The Primary User</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All interactive user's Home Directories must be owned by its user</oval-def:description>
<oval-def:reference ref_id="CCE-80531-7" source="CCE"/>
<oval-def:reference ref_id="file_ownership_home_directories" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_file_ownership_home_directories:tst:1" comment="All interactive user's Home Directories must be owned by its user"/>
<oval-def:criterion test_ref="oval:ssg-test_file_ownership_home_directories_duplicated:tst:1" comment="Interactive users should own only one Home Directory"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_home_directories:def:1" version="1">
<oval-def:metadata>
<oval-def:title>All Interactive User Home Directories Must Have mode 0750 Or Less Permissive</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All Interactive User Home Directories Must Have mode 0750 Or Less Permissive</oval-def:description>
<oval-def:reference ref_id="CCE-80530-9" source="CCE"/>
<oval-def:reference ref_id="file_permissions_home_directories" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_file_permissions_home_directories:tst:1" comment="All interactive user's Home Directories must have proper permissions"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_home_dirs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure that User Home Directories are not Group-Writable or World-Readable</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>File permissions should be set correctly for the home directories for all user accounts.</oval-def:description>
<oval-def:reference ref_id="CCE-80201-7" source="CCE"/>
<oval-def:reference ref_id="file_permissions_home_dirs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="home directories" test_ref="oval:ssg-test_file_permissions_home_dirs:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_root_path_dirs_no_write:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure that Root's Path Does Not Include World or Group-Writable Directories</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check each directory in root's path and make use it does
not grant write permission to group and other</oval-def:description>
<oval-def:reference ref_id="CCE-80200-9" source="CCE"/>
<oval-def:reference ref_id="accounts_root_path_dirs_no_write" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Check that write permission to group and other in root's path is denied">
<oval-def:criterion comment="Check for write permission to group and other in root's path" test_ref="oval:ssg-test_accounts_root_path_dirs_no_group_other_write:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-root_path_no_dot:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure that Root's Path Does Not Include Relative Paths or Null Directories</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The environment variable PATH should be set correctly for
the root user.</oval-def:description>
<oval-def:reference ref_id="CCE-80199-3" source="CCE"/>
<oval-def:reference ref_id="root_path_no_dot" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="environment variable PATH contains dangerous path" operator="AND">
<oval-def:criterion comment="environment variable PATH starts with : or ." test_ref="oval:ssg-test_env_var_begins:tst:1"/>
<oval-def:criterion comment="environment variable PATH contains : twice in a row" test_ref="oval:ssg-test_env_var_contains_doublecolon:tst:1"/>
<oval-def:criterion comment="environment variable PATH contains . twice in a row" test_ref="oval:ssg-test_env_var_contains_doubleperiod:tst:1"/>
<oval-def:criterion comment="environment variable PATH ends with : or ." test_ref="oval:ssg-test_env_var_ends:tst:1"/>
<oval-def:criterion comment="environment variable PATH doesn't begin with a /" test_ref="oval:ssg-test_env_var_begins_slash:tst:1"/>
<oval-def:criterion comment="environment variable PATH doesn't contain relative paths" test_ref="oval:ssg-test_env_var_contains_relative_path:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_umask_etc_bashrc:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure the Default Bash Umask is Set Correctly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The default umask for users of the bash shell</oval-def:description>
<oval-def:reference ref_id="CCE-80202-5" source="CCE"/>
<oval-def:reference ref_id="accounts_umask_etc_bashrc" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_accounts_user_umask_as_number:def:1"/>
<oval-def:criterion test_ref="oval:ssg-tst_accounts_umask_etc_bashrc:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_umask_etc_csh_cshrc:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure the Default C Shell Umask is Set Correctly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The default umask for users of the csh shell</oval-def:description>
<oval-def:reference ref_id="CCE-80203-3" source="CCE"/>
<oval-def:reference ref_id="accounts_umask_etc_csh_cshrc" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_accounts_user_umask_as_number:def:1"/>
<oval-def:criterion test_ref="oval:ssg-tst_accounts_umask_etc_csh_cshrc:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_umask_etc_login_defs:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure the Default Umask is Set Correctly in login.defs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The default umask for all users specified in /etc/login.defs</oval-def:description>
<oval-def:reference ref_id="CCE-80205-8" source="CCE"/>
<oval-def:reference ref_id="accounts_umask_etc_login_defs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_accounts_user_umask_as_number:def:1"/>
<oval-def:criterion test_ref="oval:ssg-tst_accounts_umask_etc_login_defs:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_umask_etc_profile:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure the Default Umask is Set Correctly in /etc/profile</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The default umask for all users should be set correctly</oval-def:description>
<oval-def:reference ref_id="CCE-80204-1" source="CCE"/>
<oval-def:reference ref_id="accounts_umask_etc_profile" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_accounts_user_umask_as_number:def:1"/>
<oval-def:criterion test_ref="oval:ssg-tst_accounts_umask_etc_profile:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_umask_interactive_users:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure the Default Umask is Set Correctly For Interactive Users</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure the Default Umask is Set Correctly For Interactive Users</oval-def:description>
<oval-def:reference ref_id="CCE-80536-6" source="CCE"/>
<oval-def:reference ref_id="accounts_umask_interactive_users" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_accounts_umask_interactive_users:tst:1" comment="Ensure the Default Umask is Set Correctly For Interactive Users"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_enable_syscall_auditing:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable Syscall Auditing</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Syscall auditing should not be disabled.</oval-def:description>
<oval-def:reference ref_id="audit_rules_enable_syscall_auditing" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="check that no audit rule exists in /etc/audit/rules.d/*.rules that disables all syscall auditing" test_ref="oval:ssg-test_enable_syscall_audit_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="check that no audit rule exists in /etc/audit/audit.rules that disables all syscall auditing" test_ref="oval:ssg-test_enable_syscall_audit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_immutable:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Make the auditd Configuration Immutable</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Force a reboot to change audit rules is enabled</oval-def:description>
<oval-def:reference ref_id="CCE-27097-5" source="CCE"/>
<oval-def:reference ref_id="audit_rules_immutable" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules configuration locked" test_ref="oval:ssg-test_ari_locked_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl configuration locked" test_ref="oval:ssg-test_ari_locked_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_mac_modification:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Mandatory Access Controls</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-27168-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_mac_modification" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit selinux changes augenrules" test_ref="oval:ssg-test_armm_selinux_watch_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit selinux changes auditctl" test_ref="oval:ssg-test_armm_selinux_watch_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_networkconfig_modification:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Network Environment</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The network environment should not be modified by anything other than
administrator action. Any change to network parameters should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27076-9" source="CCE"/>
<oval-def:reference ref_id="audit_rules_networkconfig_modification" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit /etc/issue augenrules" test_ref="oval:ssg-test_arnm_etc_issue_augenrules:tst:1"/>
<oval-def:criterion comment="audit /etc/issue.net augenrules" test_ref="oval:ssg-test_arnm_etc_issue_net_augenrules:tst:1"/>
<oval-def:criterion comment="audit /etc/hosts augenrules" test_ref="oval:ssg-test_arnm_etc_hosts_augenrules:tst:1"/>
<oval-def:criterion comment="audit /etc/sysconfig/network augenrules" test_ref="oval:ssg-test_arnm_etc_sysconfig_network_augenrules:tst:1"/>
<oval-def:extend_definition comment="audit augenrules sethostname" definition_ref="oval:ssg-audit_rules_networkconfig_modification_hostname:def:1"/>
<oval-def:extend_definition comment="audit augenrules setdomainname" definition_ref="oval:ssg-audit_rules_networkconfig_modification_domainname:def:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit /etc/issue auditctl" test_ref="oval:ssg-test_arnm_etc_issue_auditctl:tst:1"/>
<oval-def:criterion comment="audit /etc/issue.net auditctl" test_ref="oval:ssg-test_arnm_etc_issue_net_auditctl:tst:1"/>
<oval-def:criterion comment="audit /etc/hosts auditctl" test_ref="oval:ssg-test_arnm_etc_hosts_auditctl:tst:1"/>
<oval-def:criterion comment="audit /etc/sysconfig/network auditctl" test_ref="oval:ssg-test_arnm_etc_sysconfig_network_auditctl:tst:1"/>
<oval-def:extend_definition comment="audit augenrules sethostname" definition_ref="oval:ssg-audit_rules_networkconfig_modification_hostname:def:1"/>
<oval-def:extend_definition comment="audit augenrules setdomainname" definition_ref="oval:ssg-audit_rules_networkconfig_modification_domainname:def:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_session_events:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Attempts to Alter Process and Session Initiation Information</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules should capture information about session initiation.</oval-def:description>
<oval-def:reference ref_id="CCE-27301-1" source="CCE"/>
<oval-def:reference ref_id="audit_rules_session_events" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules utmp" test_ref="oval:ssg-test_arse_utmp_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules btmp" test_ref="oval:ssg-test_arse_btmp_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules wtmp" test_ref="oval:ssg-test_arse_wtmp_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl utmp" test_ref="oval:ssg-test_arse_utmp_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl btmp" test_ref="oval:ssg-test_arse_btmp_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl wtmp" test_ref="oval:ssg-test_arse_wtmp_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_suid_privilege_function:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events When Privileged Executables Are Run</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure audit rule for all uses of privileged functions is enabled</oval-def:description>
<oval-def:reference ref_id="CCE-83555-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_suid_privilege_function" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit uid privileged function " test_ref="oval:ssg-test_32bit_uid_privileged_function_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit uid privileged function" test_ref="oval:ssg-test_64bit_uid_privileged_function_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit gid privileged function " test_ref="oval:ssg-test_32bit_gid_privileged_function_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit gid privileged function" test_ref="oval:ssg-test_64bit_gid_privileged_function_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit uid privileged function" test_ref="oval:ssg-test_32bit_uid_privileged_function_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit uid privileged function" test_ref="oval:ssg-test_64bit_uid_privileged_function_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit gid privileged function" test_ref="oval:ssg-test_32bit_gid_privileged_function_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit gid privileged function" test_ref="oval:ssg-test_64bit_gid_privileged_function_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_sysadmin_actions:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects System Administrator Actions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit actions taken by system administrators on the system.</oval-def:description>
<oval-def:reference ref_id="CCE-27461-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_sysadmin_actions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules sudoers" test_ref="oval:ssg-test_audit_rules_sysadmin_actions_sudoers_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules sudoers_d" test_ref="oval:ssg-test_audit_rules_sysadmin_actions_sudoers_d_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl sudoers" test_ref="oval:ssg-test_audit_rules_sysadmin_actions_sudoers_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl sudoers_d" test_ref="oval:ssg-test_audit_rules_sysadmin_actions_sudoers_d_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_system_shutdown:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Shutdown System When Auditing Failures Occur</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The system will shutdown when auditing fails.</oval-def:description>
<oval-def:reference ref_id="CCE-80997-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_system_shutdown" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules configuration shutdown" test_ref="oval:ssg-test_ars_shutdown_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl configuration shutdown" test_ref="oval:ssg-test_ars_shutdown_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_usergroup_modification:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules should detect modification to system files that hold information about users and groups.</oval-def:description>
<oval-def:reference ref_id="CCE-27192-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_usergroup_modification" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit /etc/group" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_group_augen:tst:1"/>
<oval-def:criterion comment="audit /etc/passwd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_passwd_augen:tst:1"/>
<oval-def:criterion comment="audit /etc/gshadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_gshadow_augen:tst:1"/>
<oval-def:criterion comment="audit /etc/shadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_shadow_augen:tst:1"/>
<oval-def:criterion comment="audit /etc/security/opasswd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_security_opasswd_augen:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit /etc/group" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_group_auditctl:tst:1"/>
<oval-def:criterion comment="audit /etc/passwd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_passwd_auditctl:tst:1"/>
<oval-def:criterion comment="audit /etc/gshadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_gshadow_auditctl:tst:1"/>
<oval-def:criterion comment="audit /etc/shadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_shadow_auditctl:tst:1"/>
<oval-def:criterion comment="audit /etc/security/opasswd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_security_opasswd_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-directory_access_var_log_audit:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Access Events to Audit Log Directory</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the read events to /var/log/audit</oval-def:description>
<oval-def:reference ref_id="CCE-82071-2" source="CCE"/>
<oval-def:reference ref_id="directory_access_var_log_audit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record read access events to /var/log/audit" test_ref="oval:ssg-test_directory_acccess_var_log_audit_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record read access events to /var/log/audit" test_ref="oval:ssg-test_directory_acccess_var_log_audit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-directory_permissions_var_log_audit:def:1" version="1">
<oval-def:metadata>
<oval-def:title>System Audit Logs Must Have Mode 0750 or Less Permissive</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Checks for correct permissions for audit logs.</oval-def:description>
<oval-def:reference ref_id="directory_permissions_var_log_audit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND" comment="log_file set">
<oval-def:extend_definition comment="log_file set in auditd.conf" definition_ref="oval:ssg-auditd_conf_log_file_not_set:def:1" negate="true"/>
<oval-def:criteria operator="AND" comment="log_group in auditd.conf is not root">
<oval-def:extend_definition comment="log_group in auditd.conf is not root" definition_ref="oval:ssg-auditd_conf_log_group_not_root:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_dir_permissions_audit_log-non_root:tst:1" negate="true"/>
</oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_dir_permissions_audit_log:tst:1" negate="true"/>
</oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_dir_permissions_var_log_audit:tst:1" negate="true"/>
<oval-def:criteria operator="AND" comment="log_group in auditd.conf is not root">
<oval-def:extend_definition comment="log_group in auditd.conf is not root" definition_ref="oval:ssg-auditd_conf_log_group_not_root:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_dir_permissions_var_log_audit-non_root:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_ownership_var_log_audit:def:1" version="3">
<oval-def:metadata>
<oval-def:title>System Audit Logs Must Be Owned By Root</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Checks that all /var/log/audit files and directories are owned by the root user and group.</oval-def:description>
<oval-def:reference ref_id="CCE-80125-8" source="CCE"/>
<oval-def:reference ref_id="file_ownership_var_log_audit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND" comment="directories are root owned">
<oval-def:criterion test_ref="oval:ssg-test_ownership_var_log_audit_files:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_ownership_var_log_audit_directories:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND" comment="log_group in auditd.conf is not root">
<oval-def:extend_definition comment="log_group in auditd.conf is not root" definition_ref="oval:ssg-auditd_conf_log_group_not_root:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_ownership_var_log_audit_files-non_root:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_ownership_var_log_audit_directories-non_root:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_var_log_audit:def:1" version="2">
<oval-def:metadata>
<oval-def:title>System Audit Logs Must Have Mode 0640 or Less Permissive</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Checks for correct permissions for all audit log files.</oval-def:description>
<oval-def:reference ref_id="CCE-27205-4" source="CCE"/>
<oval-def:reference ref_id="file_permissions_var_log_audit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND" comment="log_file set">
<oval-def:extend_definition comment="log_file set in auditd.conf" definition_ref="oval:ssg-auditd_conf_log_file_not_set:def:1" negate="true"/>
<oval-def:criteria operator="AND" comment="log_group in auditd.conf is not root">
<oval-def:extend_definition comment="log_group in auditd.conf is not root" definition_ref="oval:ssg-auditd_conf_log_group_not_root:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_file_permissions_audit_log-non_root:tst:1" negate="true"/>
</oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_file_permissions_audit_log:tst:1" negate="true"/>
</oval-def:criteria>
<oval-def:criteria operator="AND" comment="log_group in auditd.conf is not root">
<oval-def:extend_definition comment="log_group in auditd.conf is not root" definition_ref="oval:ssg-auditd_conf_log_group_not_root:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_file_permissions_var_log_audit-non_root:tst:1" negate="true"/>
</oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_file_permissions_var_log_audit:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_umount:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - umount</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="audit_rules_dac_modification_umount" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit umount" test_ref="oval:ssg-test_32bit_ardm_umount_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit umount" test_ref="oval:ssg-test_32bit_ardm_umount_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_file_deletion_events:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects File Deletion Events by User</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit files deletion events.</oval-def:description>
<oval-def:reference ref_id="CCE-27206-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_file_deletion_events" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit rmdir" definition_ref="oval:ssg-audit_rules_file_deletion_events_rmdir:def:1"/>
<oval-def:extend_definition comment="audit unlink" definition_ref="oval:ssg-audit_rules_file_deletion_events_unlink:def:1"/>
<oval-def:extend_definition comment="audit unlinkat" definition_ref="oval:ssg-audit_rules_file_deletion_events_unlinkat:def:1"/>
<oval-def:extend_definition comment="audit rename" definition_ref="oval:ssg-audit_rules_file_deletion_events_rename:def:1"/>
<oval-def:extend_definition comment="audit renameat" definition_ref="oval:ssg-audit_rules_file_deletion_events_renameat:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-27347-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit creat" definition_ref="oval:ssg-audit_rules_unsuccessful_file_modification_creat:def:1"/>
<oval-def:extend_definition comment="audit ftruncate" definition_ref="oval:ssg-audit_rules_unsuccessful_file_modification_ftruncate:def:1"/>
<oval-def:extend_definition comment="audit openat" definition_ref="oval:ssg-audit_rules_unsuccessful_file_modification_openat:def:1"/>
<oval-def:extend_definition comment="audit open_by_handle_at" definition_ref="oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at:def:1"/>
<oval-def:extend_definition comment="audit open" definition_ref="oval:ssg-audit_rules_unsuccessful_file_modification_open:def:1"/>
<oval-def:extend_definition comment="audit truncate" definition_ref="oval:ssg-audit_rules_unsuccessful_file_modification_truncate:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_kernel_module_loading:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on Kernel Module Loading and Unloading</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The audit rules should be configured to log information about kernel module loading and unloading.</oval-def:description>
<oval-def:reference ref_id="CCE-27129-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_kernel_module_loading" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit init_module" definition_ref="oval:ssg-audit_rules_kernel_module_loading_init:def:1"/>
<oval-def:extend_definition comment="audit delete_module" definition_ref="oval:ssg-audit_rules_kernel_module_loading_delete:def:1"/>
<oval-def:extend_definition comment="audit finit_module" definition_ref="oval:ssg-audit_rules_kernel_module_loading_finit:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_kernel_module_loading_delete:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on Kernel Module Unloading - delete_module</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The audit rules should be configured to log information about kernel module loading and unloading.</oval-def:description>
<oval-def:reference ref_id="CCE-80415-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_kernel_module_loading_delete" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit delete_module" test_ref="oval:ssg-test_32bit_ardm_delete_module_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit delete_module" test_ref="oval:ssg-test_64bit_ardm_delete_module_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit delete_module" test_ref="oval:ssg-test_32bit_ardm_delete_module_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit delete_module" test_ref="oval:ssg-test_64bit_ardm_delete_module_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_kernel_module_loading_finit:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The audit rules should be configured to log information about kernel module loading and unloading.</oval-def:description>
<oval-def:reference ref_id="CCE-80547-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_kernel_module_loading_finit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit finit_module" test_ref="oval:ssg-test_32bit_ardm_finit_module_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit finit_module" test_ref="oval:ssg-test_64bit_ardm_finit_module_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit finit_module" test_ref="oval:ssg-test_32bit_ardm_finit_module_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit finit_module" test_ref="oval:ssg-test_64bit_ardm_finit_module_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_kernel_module_loading_init:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on Kernel Module Loading - init_module</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The audit rules should be configured to log information about kernel module loading and unloading.</oval-def:description>
<oval-def:reference ref_id="CCE-80414-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_kernel_module_loading_init" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit init_module" test_ref="oval:ssg-test_32bit_ardm_init_module_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit init_module" test_ref="oval:ssg-test_64bit_ardm_init_module_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit init_module" test_ref="oval:ssg-test_32bit_ardm_init_module_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit init_module" test_ref="oval:ssg-test_64bit_ardm_init_module_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_login_events:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Record Attempts to Alter Logon and Logout Events</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules should be configured to log successful and unsuccessful login and logout events.</oval-def:description>
<oval-def:reference ref_id="CCE-27204-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_login_events" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit tallylog" definition_ref="oval:ssg-audit_rules_login_events_tallylog:def:1"/>
<oval-def:extend_definition comment="audit faillock" definition_ref="oval:ssg-audit_rules_login_events_faillock:def:1"/>
<oval-def:extend_definition comment="audit lastlog" definition_ref="oval:ssg-audit_rules_login_events_lastlog:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of privileged commands are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-27437-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules suid sgid" test_ref="oval:ssg-test_arpc_suid_sgid_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules binaries count matches rules count" test_ref="oval:ssg-test_arpc_bin_count_equals_rules_count_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl suid sgid" test_ref="oval:ssg-test_arpc_suid_sgid_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl binaries count matches rules count" test_ref="oval:ssg-test_arpc_bin_count_equals_rules_count_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_insmod:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - insmod</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure audit rule for all uses of the insmod command is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-85851-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_insmod" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules insmod" test_ref="oval:ssg-test_insmod_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl insmod" test_ref="oval:ssg-test_insmod_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_modprobe:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - modprobe</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure audit rule for all uses of the modprobe command is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-85853-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_modprobe" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules modprobe" test_ref="oval:ssg-test_modprobe_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl modprobe" test_ref="oval:ssg-test_modprobe_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_rmmod:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - rmmod</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure audit rule for all uses of the rmmod command is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-85852-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_rmmod" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules rmmod" test_ref="oval:ssg-test_rmmod_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl rmmod" test_ref="oval:ssg-test_rmmod_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_time_adjtimex:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record attempts to alter time through adjtimex</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Record attempts to alter time through adjtimex.</oval-def:description>
<oval-def:reference ref_id="CCE-27290-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_time_adjtimex" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit adjtimex" test_ref="oval:ssg-test_32bit_art_adjtimex_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit adjtimex" test_ref="oval:ssg-test_64bit_art_adjtimex_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit adjtimex" test_ref="oval:ssg-test_32bit_art_adjtimex_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit adjtimex" test_ref="oval:ssg-test_64bit_art_adjtimex_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_time_clock_settime:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Record Attempts to Alter Time Through clock_settime</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Record attempts to alter time through clock_settime.</oval-def:description>
<oval-def:reference ref_id="CCE-27219-5" source="CCE"/>
<oval-def:reference ref_id="audit_rules_time_clock_settime" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit clock_settime" test_ref="oval:ssg-test_32bit_art_clock_settime_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit clock_settime" test_ref="oval:ssg-test_64bit_art_clock_settime_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit clock_settime" test_ref="oval:ssg-test_32bit_art_clock_settime_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit clock_settime" test_ref="oval:ssg-test_64bit_art_clock_settime_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_time_settimeofday:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record attempts to alter time through settimeofday</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Record attempts to alter time through settimeofday.</oval-def:description>
<oval-def:reference ref_id="CCE-27216-1" source="CCE"/>
<oval-def:reference ref_id="audit_rules_time_settimeofday" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit settimeofday" test_ref="oval:ssg-test_32bit_art_settimeofday_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit settimeofday" test_ref="oval:ssg-test_64bit_art_settimeofday_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit settimeofday" test_ref="oval:ssg-test_32bit_art_settimeofday_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit settimeofday" test_ref="oval:ssg-test_64bit_art_settimeofday_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_time_stime:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Attempts to Alter Time Through stime</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Record attempts to alter time through stime. Note that on
64-bit architectures the stime system call is not defined in the audit
system calls lookup table.</oval-def:description>
<oval-def:reference ref_id="CCE-27299-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_time_stime" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criteria comment="32-bit or 64-bit system" operator="OR">
<oval-def:extend_definition comment="32-bit system" definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="audit augenrules or audit auditctl" operator="OR">
<oval-def:criteria comment="audit augenrules stime" operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit stime" test_ref="oval:ssg-test_32bit_art_stime_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria comment="audit auditctl stime" operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit stime" test_ref="oval:ssg-test_32bit_art_stime_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_time_watch_localtime:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Attempts to Alter the localtime File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Record attempts to alter time through /etc/localtime.</oval-def:description>
<oval-def:reference ref_id="CCE-27310-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_time_watch_localtime" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit /etc/localtime watch augenrules" test_ref="oval:ssg-test_artw_etc_localtime_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit /etc/localtime watch auditctl" test_ref="oval:ssg-test_artw_etc_localtime_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_audispd_configure_remote_server:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure audispd Plugin To Send Logs To Remote Server</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>remote_server setting in /etc/audisp/audisp-remote.conf is set to a certain IP address or hostname</oval-def:description>
<oval-def:reference ref_id="CCE-80541-6" source="CCE"/>
<oval-def:reference ref_id="auditd_audispd_configure_remote_server" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="remote_server setting in audisp-remote.conf" test_ref="oval:ssg-test_auditd_audispd_configure_remote_server:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_audispd_encrypt_sent_records:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Encrypt Audit Records Sent With audispd Plugin</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>enable_krb5 setting in /etc/audisp/audisp-remote.conf is set to 'yes'</oval-def:description>
<oval-def:reference ref_id="CCE-80540-8" source="CCE"/>
<oval-def:reference ref_id="auditd_audispd_encrypt_sent_records" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="setting in audisp-remote.conf" test_ref="oval:ssg-test_auditd_audispd_encrypt_sent_records:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_audispd_syslog_plugin_activated:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure auditd to use audispd's syslog plugin</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>active setting in /etc/audisp/plugins.d/syslog.conf is set to 'yes'</oval-def:description>
<oval-def:reference ref_id="CCE-27341-7" source="CCE"/>
<oval-def:reference ref_id="auditd_audispd_syslog_plugin_activated" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="active setting in syslog.conf" test_ref="oval:ssg-test_auditd_audispd_syslog_plugin_activated:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_disk_error_action:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure auditd Disk Error Action on Disk Error</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>disk_error_action setting in /etc/audit/auditd.conf is set to a certain action</oval-def:description>
<oval-def:reference ref_id="CCE-80646-3" source="CCE"/>
<oval-def:reference ref_id="auditd_data_disk_error_action" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="disk_error_action setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_disk_error_action:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_disk_full_action:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure auditd Disk Full Action when Disk Space Is Full</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>disk_full_action setting in /etc/audit/auditd.conf is set to a certain action</oval-def:description>
<oval-def:reference ref_id="auditd_data_disk_full_action" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="disk_full_action setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_disk_full_action:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_retention_action_mail_acct:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Configure auditd mail_acct Action on Low Disk Space</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account</oval-def:description>
<oval-def:reference ref_id="CCE-27394-6" source="CCE"/>
<oval-def:reference ref_id="auditd_data_retention_action_mail_acct" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="action_mail_acct setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_action_mail_acct:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_retention_admin_space_left_action:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Configure auditd admin_space_left Action on Low Disk Space</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action</oval-def:description>
<oval-def:reference ref_id="CCE-27370-6" source="CCE"/>
<oval-def:reference ref_id="auditd_data_retention_admin_space_left_action" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="admin_space_left_action setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_admin_space_left_action:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_retention_flush:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure auditd flush priority</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The setting for flush in /etc/audit/auditd.conf</oval-def:description>
<oval-def:reference ref_id="CCE-27331-8" source="CCE"/>
<oval-def:reference ref_id="auditd_data_retention_flush" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="flush setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_flush:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_retention_max_log_file:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Configure auditd Max Log File Size</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value</oval-def:description>
<oval-def:reference ref_id="CCE-27319-3" source="CCE"/>
<oval-def:reference ref_id="auditd_data_retention_max_log_file" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="max_log_file setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_max_log_file:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_retention_max_log_file_action:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Configure auditd max_log_file_action Upon Reaching Maximum Log Size</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action</oval-def:description>
<oval-def:reference ref_id="CCE-27231-0" source="CCE"/>
<oval-def:reference ref_id="auditd_data_retention_max_log_file_action" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="max_log_file_action setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_max_log_file_action:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_retention_num_logs:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Configure auditd Number of Logs Retained</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>num_logs setting in /etc/audit/auditd.conf is set to at least a certain value</oval-def:description>
<oval-def:reference ref_id="CCE-27348-2" source="CCE"/>
<oval-def:reference ref_id="auditd_data_retention_num_logs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="num_logs setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_num_logs:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_retention_space_left:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Configure auditd space_left on Low Disk Space</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>space_left setting in /etc/audit/auditd.conf is set to at least a certain value</oval-def:description>
<oval-def:reference ref_id="CCE-80537-4" source="CCE"/>
<oval-def:reference ref_id="auditd_data_retention_space_left" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="space_left setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_space_left:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_retention_space_left_action:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Configure auditd space_left Action on Low Disk Space</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>space_left_action setting in /etc/audit/auditd.conf is set to a certain action</oval-def:description>
<oval-def:reference ref_id="CCE-27375-5" source="CCE"/>
<oval-def:reference ref_id="auditd_data_retention_space_left_action" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="space_left_action setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_space_left_action:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_data_retention_space_left_percentage:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Configure auditd space_left on Low Disk Space</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>space_left setting in /etc/audit/auditd.conf is set to at least a certain value</oval-def:description>
<oval-def:reference ref_id="CCE-86056-9" source="CCE"/>
<oval-def:reference ref_id="auditd_data_retention_space_left_percentage" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="space_left setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_space_left_percentage:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_overflow_action:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Appropriate Action Must be Setup When the Internal Audit Event Queue is Full</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'overflow_action' is configured with value '(syslog|single|halt)' in /etc/audisp/audispd.conf</oval-def:description>
<oval-def:reference ref_id="CCE-88073-2" source="CCE"/>
<oval-def:reference ref_id="auditd_overflow_action" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The respective application or service is configured correctly" operator="OR">
<oval-def:criterion comment="Check the overflow_action in /etc/audisp/audispd.conf" test_ref="oval:ssg-test_auditd_overflow_action:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_for_ospp:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure audit according to OSPP requirements</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Compare configure audit rules against the recommended pre-configured files.</oval-def:description>
<oval-def:reference ref_id="CCE-82370-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_for_ospp" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="check 10-base-config.rules file" test_ref="oval:ssg-test_compare_10-base-config_old:tst:1"/>
<oval-def:criterion comment="check 11-loginuid.rules file" test_ref="oval:ssg-test_compare_11-loginuid_old:tst:1"/>
<oval-def:criterion comment="check 30-ospp-v42.rules file" test_ref="oval:ssg-test_compare_30-ospp-v42_old:tst:1"/>
<oval-def:criterion comment="check 43-module-load.rules file" test_ref="oval:ssg-test_compare_43-module-load_old:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_admin_username:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set the Boot Loader Admin Username to a Non-Default Value</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The grub2 boot loader superuser should have a username that is hard to guess.</oval-def:description>
<oval-def:reference ref_id="CCE-83562-9" source="CCE"/>
<oval-def:reference ref_id="grub2_admin_username" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Pass if there are no files matching pattern '/boot/grub2/grub.cfg' exist in the system" test_ref="oval:ssg-test_grub2_admin_username_file_boot_grub2_grub_cfg_absent:tst:1"/>
<oval-def:criterion comment="Superuser is defined in /boot/grub2/grub.cfg and it isn't root, admin, or administrator." test_ref="oval:ssg-test_bootloader_unique_superuser:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_no_removeable_media:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Boot Loader Is Not Installed On Removeable Media</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'set root' is configured with value '['|\(](?!fd)(?!cd)(?!usb).*['|\)]' in /boot/grub2/grub.cfg</oval-def:description>
<oval-def:reference ref_id="CCE-80517-6" source="CCE"/>
<oval-def:reference ref_id="grub2_no_removeable_media" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The respective application or service is configured correctly and configuration file exists" operator="AND">
<oval-def:criteria comment="The respective application or service is configured correctly" operator="OR">
<oval-def:criterion comment="Check the set root in /boot/grub2/grub.cfg" test_ref="oval:ssg-test_grub2_no_removeable_media:tst:1"/>
</oval-def:criteria>
<oval-def:criterion comment="test if configuration file /boot/grub2/grub.cfg exists for grub2_no_removeable_media" test_ref="oval:ssg-test_grub2_no_removeable_media_config_file_exists:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_password:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set Boot Loader Password in grub2</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The grub2 boot loader should have password protection enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-27309-4" source="CCE"/>
<oval-def:reference ref_id="grub2_password" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Pass if there are no files matching pattern '/boot/grub2/grub.cfg' exist in the system" test_ref="oval:ssg-test_grub2_password_file_boot_grub2_grub_cfg_absent:tst:1"/>
<oval-def:criteria operator="AND">
<oval-def:criteria comment="check both files to account for procedure change in documenation" operator="OR">
<oval-def:criterion comment="make sure a password is defined in /boot/grub2/user.cfg" test_ref="oval:ssg-test_grub2_password_usercfg:tst:1"/>
<oval-def:criterion comment="make sure a password is defined in /boot/grub2/grub.cfg" test_ref="oval:ssg-test_grub2_password_grubcfg:tst:1"/>
</oval-def:criteria>
<oval-def:criterion comment="make sure a superuser is defined in /boot/grub2/grub.cfg" test_ref="oval:ssg-test_bootloader_superuser:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_uefi_admin_username:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set the UEFI Boot Loader Admin Username to a Non-Default Value</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The grub2 boot loader superuser should have a username that is hard to guess.</oval-def:description>
<oval-def:reference ref_id="CCE-83541-3" source="CCE"/>
<oval-def:reference ref_id="grub2_uefi_admin_username" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Pass if there are no files matching pattern '/boot/efi/EFI/redhat/grub.cfg' exist in the system" test_ref="oval:ssg-test_grub2_uefi_admin_username_file_boot_efi_EFI_redhat_grub_cfg_absent:tst:1"/>
<oval-def:criterion comment="make sure a superuser is defined in /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:ssg-test_bootloader_uefi_unique_superuser:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_uefi_password:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set the UEFI Boot Loader Password</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The UEFI grub2 boot loader should have password protection enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80354-4" source="CCE"/>
<oval-def:reference ref_id="grub2_uefi_password" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Pass if there are no files matching pattern '/boot/efi/EFI/redhat/grub.cfg' exist in the system" test_ref="oval:ssg-test_grub2_uefi_password_file_boot_efi_EFI_redhat_grub_cfg_absent:tst:1"/>
<oval-def:criteria operator="AND">
<oval-def:criteria comment="check both files to account for procedure change in documenation" operator="OR">
<oval-def:criterion comment="make sure a password is defined in /boot/efi/EFI/redhat/user.cfg" test_ref="oval:ssg-test_grub2_uefi_password_usercfg:tst:1"/>
<oval-def:criterion comment="make sure a password is defined in /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:ssg-test_grub2_uefi_password_grubcfg:tst:1"/>
</oval-def:criteria>
<oval-def:criterion comment="make sure a superuser is defined in /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:ssg-test_bootloader_uefi_superuser:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-uefi_no_removeable_media:def:1" version="1">
<oval-def:metadata>
<oval-def:title>UEFI Boot Loader Is Not Installed On Removeable Media</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure the system is not configured to use a boot loader on removable media.</oval-def:description>
<oval-def:reference ref_id="CCE-80518-4" source="CCE"/>
<oval-def:reference ref_id="uefi_no_removeable_media" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The respective application or service is configured correctly or system boot mode is not UEFI" operator="OR">
<oval-def:criterion comment="Check the set root in /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:ssg-test_uefi_no_removeable_media:tst:1"/>
<oval-def:criterion comment="Pass if there are no files matching pattern '/boot/efi/EFI/redhat/grub.cfg' exist in the system" test_ref="oval:ssg-test_uefi_no_removeable_media_file_boot_efi_EFI_redhat_grub_cfg_absent:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-logwatch_configured_hostlimit:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure Logwatch HostLimit Line</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Test if HostLimit line in logwatch.conf is set appropriately.</oval-def:description>
<oval-def:reference ref_id="CCE-80196-9" source="CCE"/>
<oval-def:reference ref_id="logwatch_configured_hostlimit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Test value of HostLimit" test_ref="oval:ssg-test_logwatch_configured_hostlimit:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-logwatch_configured_splithosts:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure Logwatch SplitHosts Line</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check if SplitHosts line in logwatch.conf is set appropriately.</oval-def:description>
<oval-def:reference ref_id="CCE-80197-7" source="CCE"/>
<oval-def:reference ref_id="logwatch_configured_splithosts" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Test value of SplitHosts" test_ref="oval:ssg-test_logwatch_configured_splithosts:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rsyslog_cron_logging:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure cron Is Logging To Rsyslog</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Rsyslog should be configured to capture cron messages.</oval-def:description>
<oval-def:reference ref_id="CCE-80380-9" source="CCE"/>
<oval-def:reference ref_id="rsyslog_cron_logging" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="cron is configured in /etc/rsyslog.conf" test_ref="oval:ssg-test_cron_logging_rsyslog:tst:1"/>
<oval-def:criterion comment="cron is configured in /etc/rsyslog.d" test_ref="oval:ssg-test_cron_logging_rsyslog_dir:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rsyslog_encrypt_offload_actionsendstreamdriverauthmode:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Rsyslog Authenticates Off-Loaded Audit Records</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Rsyslogd must authenticate remote system its sending logs to.</oval-def:description>
<oval-def:reference ref_id="rsyslog_encrypt_offload_actionsendstreamdriverauthmode" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Check if $ActionSendStreamDriverAuthMode x509/name is set in /etc/rsyslog.conf" test_ref="oval:ssg-test_rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action_send_stream_driver_auth_mode:tst:1"/>
<oval-def:criterion comment="Check if $ActionSendStreamDriverAuthMode x509/name is set in files in /etc/rsyslog.d" test_ref="oval:ssg-test_rsyslog_encrypt_offload_actionsendstreamdriverauthmode_action_send_stream_driver_auth_mode_dir:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rsyslog_encrypt_offload_actionsendstreamdrivermode:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Rsyslog Encrypts Off-Loaded Audit Records</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Rsyslogd must encrypt the off-loading of logs off of the system.</oval-def:description>
<oval-def:reference ref_id="rsyslog_encrypt_offload_actionsendstreamdrivermode" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Check if $ActionSendStreamDriverMode 1 is set in /etc/rsyslog.conf" test_ref="oval:ssg-test_rsyslog_encrypt_offload_actionsendstreamdrivermode_action_send_stream_driver_mode_rsyslog:tst:1"/>
<oval-def:criterion comment="Check if $ActionSendStreamDriverMode 1 is set in files in /etc/rsyslog.d" test_ref="oval:ssg-test_rsyslog_encrypt_offload_actionsendstreamdrivermode_action_send_stream_driver_mode_rsyslog_dir:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rsyslog_encrypt_offload_defaultnetstreamdriver:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Rsyslog Encrypts Off-Loaded Audit Records</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Rsyslogd must encrypt the off-loading of logs off of the system.</oval-def:description>
<oval-def:reference ref_id="rsyslog_encrypt_offload_defaultnetstreamdriver" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Check if $DefaultNetstreamDriver gtls is set in /etc/rsyslog.conf" test_ref="oval:ssg-test_rsyslog_encrypt_offload_defaultnetstreamdriver_default_netstream_rsyslog:tst:1"/>
<oval-def:criterion comment="Check if $DefaultNetstreamDriver gtls is set in files in /etc/rsyslog.d" test_ref="oval:ssg-test_rsyslog_encrypt_offload_defaultnetstreamdriver_default_netstream_rsyslog_dir:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ensure_logrotate_activated:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Logrotate Runs Periodically</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
The frequency of automatic log files rotation performed by the logrotate utility should be configured to run daily
</oval-def:description>
<oval-def:reference ref_id="CCE-80195-1" source="CCE"/>
<oval-def:reference ref_id="ensure_logrotate_activated" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="/etc/logrotate.conf contains daily setting and /etc/cron.daily/logrotate file exists" operator="AND">
<oval-def:criterion comment="Check if daily is set in /etc/logrotate.conf" test_ref="oval:ssg-test_logrotate_conf_daily_setting:tst:1"/>
<oval-def:criterion comment="check that there is no weekly/monthly/yearly keyword in logrotate.conf" test_ref="oval:ssg-test_logrotate_conf_no_other_keyword:tst:1"/>
<oval-def:criterion comment="Check if /etc/cron.daily/logrotate file exists (and calls logrotate)" test_ref="oval:ssg-test_cron_daily_logrotate_existence:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rsyslog_nolisten:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>rsyslogd should reject remote messages</oval-def:description>
<oval-def:reference ref_id="CCE-80192-8" source="CCE"/>
<oval-def:reference ref_id="rsyslog_nolisten" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_rsyslog_nolisten:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rsyslog_remote_loghost:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Logs Sent To Remote Host</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Syslog logs should be sent to a remote loghost</oval-def:description>
<oval-def:reference ref_id="CCE-27343-3" source="CCE"/>
<oval-def:reference ref_id="rsyslog_remote_loghost" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Remote logging set within /etc/rsyslog.conf" test_ref="oval:ssg-test_remote_rsyslog_conf:tst:1"/>
<oval-def:criterion comment="Remote logging set within /etc/rsyslog.d" test_ref="oval:ssg-test_remote_rsyslog_d:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rsyslog_remote_tls:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure TLS for rsyslog remote logging</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check that all needed TLS-related options are present</oval-def:description>
<oval-def:reference ref_id="CCE-89194-5" source="CCE"/>
<oval-def:reference ref_id="rsyslog_remote_tls" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Check that rsyslog is configured to use TLS for remote logging" operator="AND">
<oval-def:criterion comment="Check that all needed TLS-related options are present" test_ref="oval:ssg-test_rsyslog_remote_tls:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rsyslog_remote_tls_cacert:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure CA certificate for rsyslog remote logging</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check that the CA certificate path is set</oval-def:description>
<oval-def:reference ref_id="CCE-89253-9" source="CCE"/>
<oval-def:reference ref_id="rsyslog_remote_tls_cacert" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Check that CA certificate is configured for rsyslog remote logging" operator="AND">
<oval-def:criterion comment="Check that the CA certificate path is set" test_ref="oval:ssg-test_rsyslog_remote_tls_cacert:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-network_configure_name_resolution:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure Multiple DNS Servers in /etc/resolv.conf</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Multiple Domain Name System (DNS) Servers should be configured
in /etc/resolv.conf.</oval-def:description>
<oval-def:reference ref_id="CCE-80438-5" source="CCE"/>
<oval-def:reference ref_id="network_configure_name_resolution" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="check if more than one nameserver in /etc/resolv.conf" test_ref="oval:ssg-test_network_configure_name_resolution:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-network_disable_ddns_interfaces:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Client Dynamic DNS Updates</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Clients should not automatically update their own
DNS record.</oval-def:description>
<oval-def:reference ref_id="CCE-80357-7" source="CCE"/>
<oval-def:reference ref_id="network_disable_ddns_interfaces" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_network_disable_ddns_interfaces_ifcfg:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_network_disable_ddns_interfaces_dhclient:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_network_disable_ddns_interfaces_dhcp:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-network_disable_zeroconf:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Zeroconf Networking</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable Zeroconf automatic route assignment in the
169.254.0.0 subnet.</oval-def:description>
<oval-def:reference ref_id="CCE-80173-8" source="CCE"/>
<oval-def:reference ref_id="network_disable_zeroconf" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Look for NOZEROCONF=yes in /etc/sysconfig/network" test_ref="oval:ssg-test_sysconfig_nozeroconf_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-network_nmcli_permissions:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Prevent non-Privileged Users from Modifying Network Interfaces using nmcli</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>polkit is properly configured to prevent non-privileged users from changing networking settings</oval-def:description>
<oval-def:reference ref_id="CCE-82178-5" source="CCE"/>
<oval-def:reference ref_id="network_nmcli_permissions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_network_nmcli_permissions:tst:1" comment="check for properly configured .pkla file"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-network_sniffer_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure System is Not Acting as a Network Sniffer</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable the network sniffer</oval-def:description>
<oval-def:reference ref_id="CCE-80174-6" source="CCE"/>
<oval-def:reference ref_id="network_sniffer_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="promisc interfaces" test_ref="oval:ssg-test_promisc_interfaces:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-configure_firewalld_ports:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure the Firewalld Ports</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Configure the firewalld ports to allow approved
services to have access to the system.</oval-def:description>
<oval-def:reference ref_id="CCE-80447-6" source="CCE"/>
<oval-def:reference ref_id="configure_firewalld_ports" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="ssh port is enabled" definition_ref="oval:ssg-firewalld_sshd_port_enabled:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-configure_firewalld_rate_limiting:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure firewalld To Rate Limit Connections</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Create a direct firewall rule to protect against DoS attacks by rate limiting incoming connections.</oval-def:description>
<oval-def:reference ref_id="CCE-80542-4" source="CCE"/>
<oval-def:reference ref_id="configure_firewalld_rate_limiting" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="check if the file /etc/firewalld/direct.xml contains correct rule" test_ref="oval:ssg-test_firewalld_rate_limiting:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-set_firewalld_default_zone:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Default firewalld Zone for Incoming Packets</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Change the default firewalld zone to drop.</oval-def:description>
<oval-def:reference ref_id="CCE-27349-0" source="CCE"/>
<oval-def:reference ref_id="set_firewalld_default_zone" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Set default zone to drop" test_ref="oval:ssg-test_firewalld_input_drop:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-network_ipv6_default_gateway:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Manually Assign IPv6 Router Address</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Define default gateways for IPv6 traffic</oval-def:description>
<oval-def:reference ref_id="CCE-80186-0" source="CCE"/>
<oval-def:reference ref_id="network_ipv6_default_gateway" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="IPv6 disabled or..." definition_ref="oval:ssg-sysctl_kernel_ipv6_disable:def:1"/>
<oval-def:criterion comment="Define default gateways" test_ref="oval:ssg-test_network_ipv6_default_gateway:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-network_ipv6_privacy_extensions:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Use Privacy Extensions for Address</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Enable privacy extensions for IPv6</oval-def:description>
<oval-def:reference ref_id="CCE-80185-2" source="CCE"/>
<oval-def:reference ref_id="network_ipv6_privacy_extensions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="IPv6 disabled or..." definition_ref="oval:ssg-sysctl_kernel_ipv6_disable:def:1"/>
<oval-def:criterion comment="Enable privacy extensions per interface" test_ref="oval:ssg-test_network_ipv6_privacy_extensions:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-network_ipv6_static_address:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Manually Assign Global IPv6 Address</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Manually configure addresses for IPv6</oval-def:description>
<oval-def:reference ref_id="CCE-80184-5" source="CCE"/>
<oval-def:reference ref_id="network_ipv6_static_address" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="IPv6 disabled or..." definition_ref="oval:ssg-sysctl_kernel_ipv6_disable:def:1"/>
<oval-def:criterion comment="Set static IPv6 address on each interface" test_ref="oval:ssg-test_network_ipv6_static_address:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_ipv6_option_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable IPv6 Networking Support Automatic Loading</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack.</oval-def:description>
<oval-def:reference ref_id="CCE-82871-5" source="CCE"/>
<oval-def:reference ref_id="kernel_module_ipv6_option_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_kernel_module_ipv6_option_disabled:tst:1" comment="ipv6 disabled any modprobe conf file"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-network_ipv6_disable_rpc:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Support for RPC IPv6</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable ipv6 based rpc services</oval-def:description>
<oval-def:reference ref_id="CCE-80177-9" source="CCE"/>
<oval-def:reference ref_id="network_ipv6_disable_rpc" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Disable udp6" test_ref="oval:ssg-test_network_ipv6_disable_rpc_udp6:tst:1"/>
<oval-def:criterion comment="Disable tcp6" test_ref="oval:ssg-test_network_ipv6_disable_rpc_tcp6:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-wireless_disable_interfaces:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Deactivate Wireless Network Interfaces</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All wireless interfaces should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-27358-1" source="CCE"/>
<oval-def:reference ref_id="wireless_disable_interfaces" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="check if wifi interfaces are disabled" test_ref="oval:ssg-test_wireless_disable_interfaces:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dir_perms_world_writable_root_owned:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure All World-Writable Directories Are Owned by root user</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All world writable directories should be owned by root.</oval-def:description>
<oval-def:reference ref_id="CCE-83374-9" source="CCE"/>
<oval-def:reference ref_id="dir_perms_world_writable_root_owned" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="check for local directories that are world writable and have uid greater than 0" negate="true">
<oval-def:criterion comment="check for local directories that are world writable and have uid greater than 0" test_ref="oval:ssg-test_dir_world_writable_uid_gt_zero:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dir_perms_world_writable_sticky_bits:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify that All World-Writable Directories Have Sticky Bits Set</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The sticky bit should be set for all world-writable directories.</oval-def:description>
<oval-def:reference ref_id="CCE-80130-8" source="CCE"/>
<oval-def:reference ref_id="dir_perms_world_writable_sticky_bits" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="all local world writable directories have sticky bit set" test_ref="oval:ssg-test_dir_perms_world_writable_sticky_bits:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dir_perms_world_writable_system_owned:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure All World-Writable Directories Are Owned by a System Account</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All world writable directories should be owned by a system user.</oval-def:description>
<oval-def:reference ref_id="CCE-80136-5" source="CCE"/>
<oval-def:reference ref_id="dir_perms_world_writable_system_owned" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="check for local directories that are world writable and have uid greater than or equal to 1000" negate="true">
<oval-def:criterion comment="check for local directories that are world writable and have uid greater than or equal to 1000" test_ref="oval:ssg-test_dir_world_writable_uid_gt_value:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dir_perms_world_writable_system_owned_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure All World-Writable Directories Are Group Owned by a System Account</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All world writable directories should be group owned by a system user.</oval-def:description>
<oval-def:reference ref_id="CCE-83923-3" source="CCE"/>
<oval-def:reference ref_id="dir_perms_world_writable_system_owned_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="check for local directories that are world writable and have gid greater than or equal to 1000" negate="true">
<oval-def:criterion comment="check for local directories that are world writable and have gid greater than or equal to 1000" test_ref="oval:ssg-test_dir_world_writable_gid_gt_value:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_systemmap:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify that local System.map file (if exists) is readable only by root</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
Checks that /boot/System.map-* are only readable by root.
</oval-def:description>
<oval-def:reference ref_id="CCE-82350-0" source="CCE"/>
<oval-def:reference ref_id="file_permissions_systemmap" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_permissions_systemmap_files:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition id="oval:ssg-file_permissions_unauthorized_sgid:def:1" version="1" class="compliance">
<oval-def:metadata>
<oval-def:title>Ensure All SGID Executables Are Authorized</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Evaluates to true if all files with SGID set are owned by RPM packages.</oval-def:description>
<oval-def:reference ref_id="CCE-80132-4" source="CCE"/>
<oval-def:reference ref_id="file_permissions_unauthorized_sgid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check all sgid files" test_ref="oval:ssg-test_file_permissions_unauthorized_sgid:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition id="oval:ssg-file_permissions_unauthorized_suid:def:1" version="1" class="compliance">
<oval-def:metadata>
<oval-def:title>Ensure All SUID Executables Are Authorized</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Evaluates to true if all files with SUID set are owned by RPM packages.</oval-def:description>
<oval-def:reference ref_id="CCE-80133-2" source="CCE"/>
<oval-def:reference ref_id="file_permissions_unauthorized_suid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check all suid files" test_ref="oval:ssg-test_file_permissions_unauthorized_suid:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_unauthorized_world_writable:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure No World-Writable Files Exist</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The world-write permission should be disabled for all files.</oval-def:description>
<oval-def:reference ref_id="CCE-80131-6" source="CCE"/>
<oval-def:reference ref_id="file_permissions_unauthorized_world_writable" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_file_permissions_unauthorized_world_write:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_ungroupowned:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure All Files Are Owned by a Group</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All files should be owned by a group</oval-def:description>
<oval-def:reference ref_id="CCE-80135-7" source="CCE"/>
<oval-def:reference ref_id="file_permissions_ungroupowned" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check all files and make sure they are owned by a group" test_ref="oval:ssg-test_file_permissions_ungroupowned:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-no_files_unowned_by_user:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure All Files Are Owned by a User</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All files should be owned by a user</oval-def:description>
<oval-def:reference ref_id="CCE-80134-0" source="CCE"/>
<oval-def:reference ref_id="no_files_unowned_by_user" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check all files and make sure they are owned by a user" test_ref="oval:ssg-no_files_unowned_by_user_test:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dir_ownership_library_dirs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify that Shared Library Directories Have Root Ownership</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and
directories therein, are owned by root.
</oval-def:description>
<oval-def:reference ref_id="dir_ownership_library_dirs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_dir_ownership_lib_dir:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dir_permissions_library_dirs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify that Shared Library Directories Have Restrictive Permissions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and
objects therein, are not group-writable or world-writable.
</oval-def:description>
<oval-def:reference ref_id="dir_permissions_library_dirs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-dir_test_perms_lib_dir:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_ownership_binary_dirs:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Verify that System Executables Have Root Ownership</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
Checks that /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin,
/usr/local/sbin, /usr/libexec, and objects therein, are owned by root.
</oval-def:description>
<oval-def:reference ref_id="CCE-82048-0" source="CCE"/>
<oval-def:reference ref_id="file_ownership_binary_dirs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_ownership_binary_directories:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_ownership_binary_files:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_ownership_library_dirs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify that Shared Library Files Have Root Ownership</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and
objects therein, are owned by root.
</oval-def:description>
<oval-def:reference ref_id="CCE-82021-7" source="CCE"/>
<oval-def:reference ref_id="file_ownership_library_dirs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_ownership_lib_dir:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_ownership_lib_files:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_binary_dirs:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Verify that System Executables Have Restrictive Permissions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
Checks that binary files under /bin, /sbin, /usr/bin, /usr/sbin,
/usr/local/bin, /usr/local/sbin, and /usr/libexec are not group-writable or world-writable.
</oval-def:description>
<oval-def:reference ref_id="CCE-82040-7" source="CCE"/>
<oval-def:reference ref_id="file_permissions_binary_dirs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_perms_binary_files:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_library_dirs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify that Shared Library Files Have Restrictive Permissions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and
objects therein, are not group-writable or world-writable.
</oval-def:description>
<oval-def:reference ref_id="CCE-82033-2" source="CCE"/>
<oval-def:reference ref_id="file_permissions_library_dirs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_perms_lib_dir:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_perms_lib_files:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_nousb_argument:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Kernel Support for USB via Bootloader Configuration</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'GRUB_CMDLINE_LINUX' is configured with value 'nousb' in /etc/default/grub</oval-def:description>
<oval-def:reference ref_id="CCE-26548-8" source="CCE"/>
<oval-def:reference ref_id="grub2_nousb_argument" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="grub is configured correctly" operator="OR">
<oval-def:criterion comment="Check the GRUB_CMDLINE_LINUX in /etc/default/grub" test_ref="oval:ssg-test_grub2_nousb_argument:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_nodev_nonroot_local_partitions:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nodev Option to Non-Root Local Partitions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The nodev mount option prevents files from being interpreted
as character or block devices. Legitimate character and block devices
should exist in the /dev directory on the root partition or within chroot
jails built for system services. All other locations should not allow
character and block devices.</oval-def:description>
<oval-def:reference ref_id="CCE-80145-6" source="CCE"/>
<oval-def:reference ref_id="mount_option_nodev_nonroot_local_partitions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="nodev on local filesystems" test_ref="oval:ssg-test_nodev_nonroot_local_partitions:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_tmp_bind:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Bind Mount /var/tmp To /tmp</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The /var/tmp directory should be bind mounted to /tmp in
order to consolidate temporary storage into one location protected by the
same techniques as /tmp.</oval-def:description>
<oval-def:reference ref_id="CCE-80155-5" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_tmp_bind" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Ensure /var/tmp is configured to bind mount to /tmp" test_ref="oval:ssg-test_configure_mount_option_var_tmp_bind_tmp:tst:1"/>
<oval-def:criterion comment="Ensure /var/tmp is mounted" test_ref="oval:ssg-test_mount_option_var_tmp:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Ensure /var/tmp is mounted and binded" test_ref="oval:ssg-test_mount_option_var_tmp_bind:tst:1"/>
<oval-def:criterion comment="Ensure /var/tmp and /tmp have the same source device" test_ref="oval:ssg-test_mount_option_var_tmp_bind_compare_source:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-coredump_disable_backtraces:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable core dump backtraces</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'ProcessSizeMax' is configured with value '0 in section 'Coredump' in /etc/systemd/coredump.conf</oval-def:description>
<oval-def:reference ref_id="CCE-83432-5" source="CCE"/>
<oval-def:reference ref_id="coredump_disable_backtraces" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="systemd-coredump is configured correctly" operator="OR">
<oval-def:criterion comment="Check the ProcessSizeMax in /etc/systemd/coredump.conf" test_ref="oval:ssg-test_coredump_disable_backtraces:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-coredump_disable_storage:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable storing core dump</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'Storage' is configured with value 'none in section 'Coredump' in /etc/systemd/coredump.conf</oval-def:description>
<oval-def:reference ref_id="CCE-83428-3" source="CCE"/>
<oval-def:reference ref_id="coredump_disable_storage" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="systemd-coredump is configured correctly" operator="OR">
<oval-def:criterion comment="Check the Storage in /etc/systemd/coredump.conf" test_ref="oval:ssg-test_coredump_disable_storage:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-disable_users_coredumps:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Core Dumps for All Users</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Core dumps for all users should be disabled</oval-def:description>
<oval-def:reference ref_id="CCE-80169-6" source="CCE"/>
<oval-def:reference ref_id="disable_users_coredumps" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Are core dumps disabled in /etc/security/limits.d/*" test_ref="oval:ssg-test_core_dumps_limits_d:tst:1"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Are core dumps configured in /etc/security/limits.d/*" test_ref="oval:ssg-test_core_dumps_limits_d_exists:tst:1" negate="true"/>
<oval-def:criterion comment="Are core dumps disabled in /etc/security/limits.conf" test_ref="oval:ssg-test_core_dumps_limitsconf:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-umask_for_daemons:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set Daemon Umask</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The daemon umask should be set as appropriate</oval-def:description>
<oval-def:reference ref_id="CCE-27068-6" source="CCE"/>
<oval-def:reference ref_id="umask_for_daemons" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_umask_for_daemons_as_number:def:1"/>
<oval-def:criterion test_ref="oval:ssg-tst_umask_for_daemons:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sysctl_kernel_exec_shield:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Enable ExecShield via sysctl</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel runtime parameter 'kernel.exec-shield' should not be disabled and set to 1 on 32-bit systems.</oval-def:description>
<oval-def:reference ref_id="CCE-27211-2" source="CCE"/>
<oval-def:reference ref_id="sysctl_kernel_exec_shield" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="32-bit system" definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
<oval-def:criterion comment="kernel runtime parameter kernel.exec-shield set to 1" test_ref="oval:ssg-test_runtime_sysctl_kernel_exec_shield:tst:1"/>
<oval-def:criterion comment="kernel /etc/sysctl.conf parameter kernel.exec-shield set to 1" test_ref="oval:ssg-test_static_sysctl_kernel_exec_shield:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1"/>
<oval-def:criterion comment="NX is supported and is not disabled" test_ref="oval:ssg-test_nx_disabled_grub:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-bios_enable_execution_restrictions:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Enable NX or XD Support in the BIOS</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The NX (no-execution) bit flag should be set on the system.</oval-def:description>
<oval-def:reference ref_id="CCE-27099-1" source="CCE"/>
<oval-def:reference ref_id="bios_enable_execution_restrictions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="NX bit is set" test_ref="oval:ssg-test_NX_cpu_support:tst:1"/>
<oval-def:criterion comment="No log messages about NX being disabled" test_ref="oval:ssg-test_messages_nx_active:tst:1"/>
<oval-def:criterion comment="NX is not disabled in the kernel command line" test_ref="oval:ssg-test_noexec_cmd_line:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-install_PAE_kernel_on_x86-32:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Install PAE Kernel on Supported 32-bit x86 Systems</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package kernel-PAE should be installed on 32-bit
systems.</oval-def:description>
<oval-def:reference ref_id="CCE-27116-3" source="CCE"/>
<oval-def:reference ref_id="install_PAE_kernel_on_x86-32" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="Not a 32-bit system" definition_ref="oval:ssg-system_info_architecture_x86:def:1" negate="true"/>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="Check if PAE or NX is supported by the CPUs" test_ref="oval:ssg-test_PAE_NX_cpu_support:tst:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="A 32-bit system" definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
<oval-def:criterion comment="Package kernel-PAE is installed" test_ref="oval:ssg-test_package_kernel-PAE_installed:tst:1"/>
<oval-def:criterion comment="check for DEFAULTKERNEL set to kernel-PAE in /etc/sysconfig/kernel" test_ref="oval:ssg-test_defaultkernel_sysconfig_kernel:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_enable_selinux:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure SELinux Not Disabled in /etc/default/grub</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
Check if selinux=0 OR enforcing=0 within the GRUB2 configuration files, fail if found.
</oval-def:description>
<oval-def:reference ref_id="CCE-26961-3" source="CCE"/>
<oval-def:reference ref_id="grub2_enable_selinux" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="check value selinux|enforcing=0 in /etc/default/grub, fail if found" test_ref="oval:ssg-test_selinux_default_grub:tst:1"/>
<oval-def:criterion comment="check value selinux|enforcing=0 in /etc/grub2.cfg, fail if found" test_ref="oval:ssg-test_selinux_grub2_cfg:tst:1"/>
<oval-def:criterion comment="check value selinux|enforcing=0 in /etc/grub.d, fail if found" test_ref="oval:ssg-test_selinux_grub_dir:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-selinux_all_devicefiles_labeled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure No Device Files are Unlabeled by SELinux</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All device files in /dev should be assigned an SELinux security context other than 'device_t' and 'unlabeled_t'.</oval-def:description>
<oval-def:reference ref_id="CCE-27326-8" source="CCE"/>
<oval-def:reference ref_id="selinux_all_devicefiles_labeled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="device_t in /dev" test_ref="oval:ssg-test_selinux_dev_device_t:tst:1"/>
<oval-def:criterion comment="unlabeled_t in /dev" test_ref="oval:ssg-test_selinux_dev_unlabeled_t:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-selinux_confinement_of_daemons:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure No Daemons are Unconfined by SELinux</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>All pids in /proc should be assigned an SELinux security context other than 'unconfined_service_t'.</oval-def:description>
<oval-def:reference ref_id="CCE-27288-0" source="CCE"/>
<oval-def:reference ref_id="selinux_confinement_of_daemons" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="no unconfined_service_t in /proc" test_ref="oval:ssg-test_selinux_confinement_of_daemons:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-selinux_policytype:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure SELinux Policy</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SELinux policy should be set appropriately.</oval-def:description>
<oval-def:reference ref_id="CCE-27279-9" source="CCE"/>
<oval-def:reference ref_id="selinux_policytype" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_selinux_policy:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-selinux_state:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure SELinux State is Enforcing</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SELinux state should be enforcing the local policy.</oval-def:description>
<oval-def:reference ref_id="CCE-27334-2" source="CCE"/>
<oval-def:reference ref_id="selinux_state" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="enforce is disabled" test_ref="oval:ssg-test_etc_selinux_config:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-prefer_64bit_os:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Prefer to use a 64-bit Operating System when supported</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check if the system supports a 64-bit Operating System</oval-def:description>
<oval-def:reference ref_id="CCE-83691-6" source="CCE"/>
<oval-def:reference ref_id="prefer_64bit_os" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Either the OS is 64-bit, or the CPU doesn't support 64-bit (it is 32 or 16 bit)" operator="OR">
<oval-def:criterion comment="Check if OS is 64-bit" test_ref="oval:ssg-test_proc_sys_kernel_osrelease_64_bit:tst:1"/>
<oval-def:criterion comment="Check if CPU is not 64-bit" test_ref="oval:ssg-test_proc_cpuinfo_64_bit:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_db_up_to_date:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Make sure that the dconf databases are up-to-date with regards to respective keyfiles</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Make sure that the dconf databases are up-to-date with regards to respective keyfiles.</oval-def:description>
<oval-def:reference ref_id="CCE-81004-4" source="CCE"/>
<oval-def:reference ref_id="dconf_db_up_to_date" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="check that all DBs in question are up-to-date" operator="AND">
<oval-def:criteria comment="check that all DBs in question are up-to-date" operator="OR">
<oval-def:criterion comment="gdm database is up-to-date wrt keyfiles" test_ref="oval:ssg-test_dconf_gdm_up_to_date:tst:1"/>
<oval-def:criterion comment="no keyfiles applicable to the gdm database" test_ref="oval:ssg-test_dconf_gdm_no_keyfiles:tst:1"/>
</oval-def:criteria>
<oval-def:criteria comment="check that all DBs in question are up-to-date" operator="OR">
<oval-def:criterion comment="local database is up-to-date wrt keyfiles" test_ref="oval:ssg-test_dconf_local_up_to_date:tst:1"/>
<oval-def:criterion comment="no keyfiles applicable to the local database" test_ref="oval:ssg-test_dconf_local_no_keyfiles:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-enable_dconf_user_profile:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure GNOME3 DConf User Profile</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The DConf User profile should have the local DB configured.</oval-def:description>
<oval-def:reference ref_id="CCE-27446-4" source="CCE"/>
<oval-def:reference ref_id="enable_dconf_user_profile" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criterion comment="dconf user profile exists" test_ref="oval:ssg-test_dconf_user_profile:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_restart_shutdown:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable the GNOME3 Login Restart and Shutdown Buttons</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable the GNOME3 Login GUI Restart and Shutdown buttons to all users on the login screen.</oval-def:description>
<oval-def:reference ref_id="CCE-80107-6" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_restart_shutdown" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Disable GUI shutdown and restart buttons and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable restart and shutdown buttons" test_ref="oval:ssg-test_disable_restart_buttons:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_enable_restart_buttons:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_user_list:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable the GNOME3 Login User List</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable the GNOME3 GUI listing of all known users on the login screen.</oval-def:description>
<oval-def:reference ref_id="CCE-80106-8" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_user_list" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Disable GUI listing of known users and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable user list" test_ref="oval:ssg-test_disable_user_list:tst:1"/>
<oval-def:criterion comment="Prevent user from disabling banner" test_ref="oval:ssg-test_prevent_user_disable_user_list:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_enable_smartcard_auth:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable the GNOME3 Login Smartcard Authentication</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Enable smartcard authentication in the GNOME3 Login GUI.</oval-def:description>
<oval-def:reference ref_id="CCE-80108-4" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_enable_smartcard_auth" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Enable smartcard authentication and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Enable smartcard authentication" test_ref="oval:ssg-test_enable_gnome_smartcard:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_disable_smartcard:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_login_retries:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set the GNOME3 Login Number of Failures</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Set the GNOME3 number of login failure attempts.</oval-def:description>
<oval-def:reference ref_id="CCE-80109-2" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_login_retries" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Set number of login attempts and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Set number of login tries" test_ref="oval:ssg-test_configure_allowed_failures:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_allowed-failures_change:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-gnome_gdm_disable_automatic_login:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Disable GDM Automatic Login</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable the GNOME Display Manager (GDM) ability to allow users to
automatically login.</oval-def:description>
<oval-def:reference ref_id="CCE-80104-3" source="CCE"/>
<oval-def:reference ref_id="gnome_gdm_disable_automatic_login" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="gdm installed" definition_ref="oval:ssg-package_gdm_installed:def:1" negate="true"/>
<oval-def:criterion comment="Disable GDM Automatic Login" test_ref="oval:ssg-test_disable_automatic_login:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-gnome_gdm_disable_guest_login:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Disable GDM Guest Login</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable the GNOME Display Manager (GDM) ability to allow guest users
to login.</oval-def:description>
<oval-def:reference ref_id="CCE-80105-0" source="CCE"/>
<oval-def:reference ref_id="gnome_gdm_disable_guest_login" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="gdm installed" definition_ref="oval:ssg-package_gdm_installed:def:1" negate="true"/>
<oval-def:criterion comment="Disable GDM Guest Login" test_ref="oval:ssg-test_disable_guest_login:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-gnome_gdm_disable_xdmcp:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable XDMCP in GDM</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'Enable' is configured with value 'false in section 'xdmcp' in /etc/gdm/custom.conf</oval-def:description>
<oval-def:reference ref_id="CCE-83433-3" source="CCE"/>
<oval-def:reference ref_id="gnome_gdm_disable_xdmcp" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="gdm is configured correctly and configuration file exists" operator="AND">
<oval-def:criteria comment="gdm is configured correctly" operator="OR">
<oval-def:criterion comment="Check the Enable in /etc/gdm/custom.conf" test_ref="oval:ssg-test_gnome_gdm_disable_xdmcp:tst:1"/>
</oval-def:criteria>
<oval-def:criterion comment="test if configuration file /etc/gdm/custom.conf exists for gnome_gdm_disable_xdmcp" test_ref="oval:ssg-test_gnome_gdm_disable_xdmcp_config_file_exists:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_automount:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Disable GNOME3 automount</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The system's default desktop environment, GNOME3, will mount
devices and removable media (such as DVDs, CDs and USB flash drives)
whenever they are inserted into the system. Disable automount within GNOME3.</oval-def:description>
<oval-def:reference ref_id="CCE-80122-5" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_automount" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Disable GNOME3 automount and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable automount in GNOME3" test_ref="oval:ssg-test_dconf_gnome_disable_automount:tst:1"/>
<oval-def:criterion comment="Prevent user from changing automount setting" test_ref="oval:ssg-test_prevent_user_gnome_automount:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_automount_open:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable GNOME3 automount-open</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The system's default desktop environment, GNOME3, will mount
devices and removable media (such as DVDs, CDs and USB flash drives)
whenever they are inserted into the system. Disable automount-open within GNOME3.</oval-def:description>
<oval-def:reference ref_id="CCE-83692-4" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_automount_open" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Disable GNOME3 automount/autorun and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable automount-open in GNOME3" test_ref="oval:ssg-test_dconf_gnome_disable_automount_open:tst:1"/>
<oval-def:criterion comment="Prevent user from changing automount-open setting" test_ref="oval:ssg-test_prevent_user_gnome_automount_open:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_autorun:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable GNOME3 autorun</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The system's default desktop environment, GNOME3, will mount
devices and removable media (such as DVDs, CDs and USB flash drives)
whenever they are inserted into the system. Disable autorun within GNOME3.</oval-def:description>
<oval-def:reference ref_id="CCE-83741-9" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_autorun" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Disable GNOME3 autorun and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable autorun in GNOME3" test_ref="oval:ssg-test_dconf_gnome_disable_autorun:tst:1"/>
<oval-def:criterion comment="Prevent user from changing autorun setting" test_ref="oval:ssg-test_prevent_user_gnome_autorun:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_thumbnailers:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable All GNOME3 Thumbnailers</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The system's default desktop environment, GNOME3, uses a
number of different thumbnailer programs to generate thumbnails for any
new or modified content in an opened folder. Disable the execution of
these thumbnail applications within GNOME3.</oval-def:description>
<oval-def:reference ref_id="CCE-80123-3" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_thumbnailers" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Disable Gnome3 Thumbnailers and prevent user from enabling" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable thumbnailers in GNOME3" test_ref="oval:ssg-test_gnome_disable_thumbnailers:tst:1"/>
<oval-def:criterion comment="prevent user from changing idle delay" test_ref="oval:ssg-test_prevent_user_change_gnome_thumbnailers:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_wifi_create:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable WIFI Network Connection Creation in GNOME3</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable the GNOME3 wireless network creation settings.</oval-def:description>
<oval-def:reference ref_id="CCE-80118-3" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_wifi_create" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable wifi creation" test_ref="oval:ssg-test_disable_wifi_creation:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_enable_wifi_creation:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_wifi_notification:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable WIFI Network Notification in GNOME3</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable the GNOME3 wireless network notification.</oval-def:description>
<oval-def:reference ref_id="CCE-80119-1" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_wifi_notification" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable wifi notification" test_ref="oval:ssg-test_disable_wifi_notification:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_enable_wifi_notification:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_remote_access_credential_prompt:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Require Credential Prompting for Remote Access in GNOME3</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Configure GNOME3 to require credential prompting for remote access.</oval-def:description>
<oval-def:reference ref_id="CCE-80120-9" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_remote_access_credential_prompt" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="configure remote access credentials" test_ref="oval:ssg-test_configure_remote_access_creds:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_remote_access_creds:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_remote_access_encryption:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Require Encryption for Remote Access in GNOME3</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Configure GNOME3 to require encryption for remote access connections.</oval-def:description>
<oval-def:reference ref_id="CCE-80121-7" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_remote_access_encryption" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="configure remote access encryption" test_ref="oval:ssg-test_configure_remote_access_encryption:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_remote_access_encryption:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_screensaver_idle_activation_enabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable GNOME3 Screensaver Idle Activation</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Idle activation of the screen saver should be enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80111-8" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_screensaver_idle_activation_enabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="check screensaver idle activation and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="idle activation has been configured" test_ref="oval:ssg-test_screensaver_idle_activation_enabled:tst:1"/>
<oval-def:criterion comment="prevent user from changing idle delay" test_ref="oval:ssg-test_prevent_user_change_idle_activation_enabled:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_screensaver_idle_activation_locked:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Users Cannot Change GNOME3 Screensaver Idle Activation</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Idle activation of the screen saver should not be changed by users.</oval-def:description>
<oval-def:reference ref_id="CCE-80564-8" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_screensaver_idle_activation_locked" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="check screensaver idle activation and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="prevent user from changing idle delay" test_ref="oval:ssg-test_prevent_user_change_idle_activation_locked:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_screensaver_idle_delay:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set GNOME3 Screensaver Inactivity Timeout</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The allowed period of inactivity before the screensaver is activated.</oval-def:description>
<oval-def:reference ref_id="CCE-80110-0" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_screensaver_idle_delay" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="check screensaver idle delay and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="idle delay has been configured" test_ref="oval:ssg-test_screensaver_idle_delay:tst:1"/>
<oval-def:criterion comment="prevent user from changing idle delay" test_ref="oval:ssg-test_prevent_user_change_idle_delay:tst:1"/>
<oval-def:criterion comment="idle delay is set correctly" test_ref="oval:ssg-test_screensaver_idle_delay_setting:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_screensaver_lock_delay:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Set GNOME3 Screensaver Lock Delay After Activation Period</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Idle activation of the screen lock should be enabled immediately or
after a delay.</oval-def:description>
<oval-def:reference ref_id="CCE-80370-0" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_screensaver_lock_delay" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Enable screensaver lock and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="screensaver lock delay is configured" test_ref="oval:ssg-test_screensaver_lock_delay:tst:1"/>
<oval-def:criterion comment="prevent user from changing screensaver lock delay" test_ref="oval:ssg-test_prevent_user_lock_delay:tst:1"/>
<oval-def:criterion comment="lock delay is set correctly" test_ref="oval:ssg-test_screensaver_lock_delay_setting:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_screensaver_lock_enabled:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Enable GNOME3 Screensaver Lock After Idle Period</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Idle activation of the screen lock should be enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80112-6" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_screensaver_lock_enabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Enable screensaver lock and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="screensaver lock is enabled" test_ref="oval:ssg-test_screensaver_lock_enabled:tst:1"/>
<oval-def:criterion comment="screensaver lock prevent user from changing" test_ref="oval:ssg-test_prevent_user_screensaver_lock:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_screensaver_lock_locked:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Idle activation of the screen lock should not be changed by users.</oval-def:description>
<oval-def:reference ref_id="CCE-80563-0" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_screensaver_lock_locked" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Enable screensaver lock and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="screensaver lock prevent user from changing" test_ref="oval:ssg-test_prevent_user_screensaver_lock_locked:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_screensaver_mode_blank:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Implement Blank Screensaver</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The GNOME3 screensaver should be blank.</oval-def:description>
<oval-def:reference ref_id="CCE-80113-4" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_screensaver_mode_blank" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Enable blank screensaver and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="screensaver is blank" test_ref="oval:ssg-test_screensaver_mode_blank:tst:1"/>
<oval-def:criterion comment="screensaver prevent user from changing mode" test_ref="oval:ssg-test_prevent_user_screensaver_mode_change:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_screensaver_user_info:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Full User Name on Splash Shield</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>GNOME3 screen splash shield should not display full name of logged in user.</oval-def:description>
<oval-def:reference ref_id="CCE-80114-2" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_screensaver_user_info" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="Disable screensaver user info and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="screensaver user info is disabled" test_ref="oval:ssg-test_screensaver_disable_user_info:tst:1"/>
<oval-def:criterion comment="screensaver prevent user from changing" test_ref="oval:ssg-test_prevent_user_info_change:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_screensaver_user_locks:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Users Cannot Change GNOME3 Screensaver Settings</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure that users cannot change GNOME3 screensaver idle and lock settings.</oval-def:description>
<oval-def:reference ref_id="CCE-80371-8" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_screensaver_user_locks" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="check screensaver idle delay and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="prevent user from changing screensaver lock delay" test_ref="oval:ssg-test_user_change_lock_delay_lock:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_session_idle_user_locks:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Users Cannot Change GNOME3 Session Idle Settings</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure that users cannot change GNOME3 session idle settings.</oval-def:description>
<oval-def:reference ref_id="CCE-80544-0" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_session_idle_user_locks" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria comment="check screensaver idle delay and prevent user from changing it" operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="prevent user from changing idle delay" test_ref="oval:ssg-test_user_change_idle_delay_lock:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_ctrlaltdel_reboot:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable the GNOME3 ctrl-alt-del reboot key sequence in GNOME3.</oval-def:description>
<oval-def:reference ref_id="CCE-80124-1" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_ctrlaltdel_reboot" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable Ctrl-Alt-Del" test_ref="oval:ssg-test_disable_gnome_ctrlaltdel:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_enable_ctrlaltdel:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_geolocation:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Geolocation in GNOME3</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable GNOME3 Geolocation for the clock and system.</oval-def:description>
<oval-def:reference ref_id="CCE-80117-5" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_geolocation" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable system geolocation" test_ref="oval:ssg-test_disable_sys_geolocation:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_sys_geolocation:tst:1"/>
<oval-def:criterion comment="Disable clock geolocation" test_ref="oval:ssg-test_disable_clock_geolocation:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_clock_geolocation:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_power_settings:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Power Settings in GNOME3</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Disable GNOME3 power settings.</oval-def:description>
<oval-def:reference ref_id="CCE-80116-7" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_power_settings" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="dconf installed" definition_ref="oval:ssg-package_dconf_installed:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="dconf user profile exists" definition_ref="oval:ssg-enable_dconf_user_profile:def:1"/>
<oval-def:criterion comment="Disable power settings" test_ref="oval:ssg-test_disable_gnome_power_setting:tst:1"/>
<oval-def:criterion comment="Prevent user from changing" test_ref="oval:ssg-test_prevent_user_power_setting_change:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-disable_prelink:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Disable Prelinking</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The prelinking feature can interfere with the operation of
checksum integrity tools (e.g. AIDE), mitigates the protection provided
by ASLR, and requires additional CPU cycles by software upgrades.
</oval-def:description>
<oval-def:reference ref_id="CCE-27078-5" source="CCE"/>
<oval-def:reference ref_id="disable_prelink" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR" comment="Conditions for prelinking disabled are satisfied">
<oval-def:extend_definition comment="prelink RPM package not installed" definition_ref="oval:ssg-package_prelink_removed:def:1"/>
<oval-def:criterion comment="Prelinking is disabled" test_ref="oval:ssg-test_prelinking_disabled:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-installed_OS_is_FIPS_certified:def:1" version="1">
<oval-def:metadata>
<oval-def:title>The Installed Operating System Is FIPS 140-2 Certified</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
The operating system installed on the system is a certified operating system that meets FIPS 140-2 requirements.
</oval-def:description>
<oval-def:reference ref_id="CCE-80657-0" source="CCE"/>
<oval-def:reference ref_id="installed_OS_is_FIPS_certified" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Installed operating system is a certified operating system" operator="OR">
<oval-def:extend_definition comment="Installed OS is RHEL7" definition_ref="oval:ssg-installed_OS_is_rhel7:def:1"/>
<oval-def:extend_definition comment="Installed OS is RHEL8" definition_ref="oval:ssg-installed_OS_is_rhel8:def:1"/>
<oval-def:extend_definition comment="Installed OS is RHCOS4" definition_ref="oval:ssg-installed_OS_is_rhcos4:def:1"/>
<oval-def:extend_definition comment="Installed OS is OL7" definition_ref="oval:ssg-installed_OS_is_ol7_family:def:1"/>
<oval-def:extend_definition comment="Installed OS is SLE12" definition_ref="oval:ssg-installed_OS_is_sle12:def:1"/>
<oval-def:extend_definition comment="Installed OS is SLE15" definition_ref="oval:ssg-installed_OS_is_sle15:def:1"/>
<oval-def:extend_definition comment="Installed OS is Ubuntu 16.04" definition_ref="oval:ssg-installed_OS_is_ubuntu1604:def:1"/>
<oval-def:extend_definition comment="Installed OS is Ubuntu 18.04" definition_ref="oval:ssg-installed_OS_is_ubuntu1804:def:1"/>
<oval-def:extend_definition comment="Installed OS is Ubuntu 20.04" definition_ref="oval:ssg-installed_OS_is_ubuntu2004:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-installed_OS_is_vendor_supported:def:1" version="1">
<oval-def:metadata>
<oval-def:title>The Installed Operating System Is Vendor Supported</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>
The operating system installed on the system is supported by a vendor that provides security patches.
</oval-def:description>
<oval-def:reference ref_id="CCE-82371-6" source="CCE"/>
<oval-def:reference ref_id="installed_OS_is_vendor_supported" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Installed operating system is supported by a vendor" operator="OR">
<oval-def:extend_definition comment="Installed OS is RHEL7" definition_ref="oval:ssg-installed_OS_is_rhel7:def:1"/>
<oval-def:extend_definition comment="Installed OS is RHEL8" definition_ref="oval:ssg-installed_OS_is_rhel8:def:1"/>
<oval-def:extend_definition comment="Installed OS is OL7" definition_ref="oval:ssg-installed_OS_is_ol7_family:def:1"/>
<oval-def:extend_definition comment="Installed OS is OL8" definition_ref="oval:ssg-installed_OS_is_ol8_family:def:1"/>
<oval-def:extend_definition comment="Installed OS is SLE12" definition_ref="oval:ssg-installed_OS_is_sle12:def:1"/>
<oval-def:extend_definition comment="Installed OS is SLE15" definition_ref="oval:ssg-installed_OS_is_sle15:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-harden_ssh_client_crypto_policy:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Harden SSH client Crypto Policy</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure the ssh client ciphers are configured correctly in /etc/ssh/ssh_config.d/02-ospp.conf</oval-def:description>
<oval-def:reference ref_id="harden_ssh_client_crypto_policy" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="SSH client is configured correctly" operator="AND">
<oval-def:criterion comment="Check the Match in /etc/ssh/ssh_config.d/02-ospp.conf" test_ref="oval:ssg-test_harden_ssh_client_crypto_policy_Match:tst:1"/>
<oval-def:criterion comment="Check the RekeyLimit in /etc/ssh/ssh_config.d/02-ospp.conf" test_ref="oval:ssg-test_harden_ssh_client_crypto_policy_RekeyLimit:tst:1"/>
<oval-def:criterion comment="Check the GSSAPIAuthentication in /etc/ssh/ssh_config.d/02-ospp.conf" test_ref="oval:ssg-test_harden_ssh_client_crypto_policy_GSSAPIAuthentication:tst:1"/>
<oval-def:criterion comment="Check the Ciphers in /etc/ssh/ssh_config.d/02-ospp.conf" test_ref="oval:ssg-test_harden_ssh_client_crypto_policy_Ciphers:tst:1"/>
<oval-def:criterion comment="Check the PubkeyAcceptedKeyTypes in /etc/ssh/ssh_config.d/02-ospp.conf" test_ref="oval:ssg-test_harden_ssh_client_crypto_policy_PubkeyAcceptedKeyTypes:tst:1"/>
<oval-def:criterion comment="Check the MACs in /etc/ssh/ssh_config.d/02-ospp.conf" test_ref="oval:ssg-test_harden_ssh_client_crypto_policy_MACs:tst:1"/>
<oval-def:criterion comment="Check the KexAlgorithms in /etc/ssh/ssh_config.d/02-ospp.conf" test_ref="oval:ssg-test_harden_ssh_client_crypto_policy_KexAlgorithms:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-harden_sshd_crypto_policy:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Harden SSHD Crypto Policy</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'CRYPTO_POLICY' is configured with value ''-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'' in /etc/crypto-policies/back-ends/opensshserver.config</oval-def:description>
<oval-def:reference ref_id="harden_sshd_crypto_policy" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="sshd is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criteria comment="sshd is configured correctly" operator="OR">
<oval-def:criterion comment="Check the CRYPTO_POLICY in /etc/crypto-policies/back-ends/opensshserver.config" test_ref="oval:ssg-test_harden_sshd_crypto_policy:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-install_antivirus:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install Virus Scanning Software</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Antivirus software should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-27140-3" source="CCE"/>
<oval-def:reference ref_id="install_antivirus" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Antivirus is not being used or conditions are met">
<oval-def:extend_definition comment="McAfee A/V Installed" definition_ref="oval:ssg-install_mcafee_antivirus:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-install_hids:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install Intrusion Detection Software</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Intrusion detection software or SELinux should be installed and enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-26818-5" source="CCE"/>
<oval-def:reference ref_id="install_hids" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="McAfee HBSS" definition_ref="oval:ssg-install_mcafee_hbss:def:1"/>
<oval-def:criterion comment="SELinux enabled" test_ref="oval:ssg-test_selinux_enforcing:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-install_mcafee_antivirus:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install McAfee Virus Scanning Software</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>McAfee Antivirus software should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80127-4" source="CCE"/>
<oval-def:reference ref_id="install_mcafee_antivirus" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Antivirus is not being used or conditions are met" operator="AND">
<oval-def:extend_definition comment="McAfee Runtime Libraries and Agent" definition_ref="oval:ssg-install_mcafee_cma_rt:def:1"/>
<oval-def:criterion comment="Linuxshield AntiVirus package is installed" test_ref="oval:ssg-test_linuxshield_install_antivirus:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-install_mcafee_cma_rt:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the McAfee Runtime Libraries and Linux Agent</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Install the McAfee Runtime Libraries (MFErt) and Linux Agent (MFEcma).</oval-def:description>
<oval-def:reference ref_id="CCE-80367-6" source="CCE"/>
<oval-def:reference ref_id="install_mcafee_cma_rt" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="McAfee runtime library package installed" test_ref="oval:ssg-test_mcafee_runtime_installed:tst:1"/>
<oval-def:criterion comment="McAfee management agent package installed" test_ref="oval:ssg-test_mcafee_management_agent:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mcafee_antivirus_definitions_updated:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Virus Scanning Software Definitions Are Updated</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Verify that McAfee AntiVirus definitions have been updated.</oval-def:description>
<oval-def:reference ref_id="CCE-80129-0" source="CCE"/>
<oval-def:reference ref_id="mcafee_antivirus_definitions_updated" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check if McAfee AntiVirus definitions have been updated" test_ref="oval:ssg-test_mcafee_antivirus_definitions_updated:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-agent_mfetpd_running:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure McAfee Endpoint Security for Linux (ENSL) is running</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure that McAfee Endpoint Security for Linux (ENSL) is running.</oval-def:description>
<oval-def:reference ref_id="CCE-86262-3" source="CCE"/>
<oval-def:reference ref_id="agent_mfetpd_running" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="McAfee ENSL is running" test_ref="oval:ssg-test_agent_mfetpd_running:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-install_mcafee_hbss_accm:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the Asset Configuration Compliance Module (ACCM)</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Install the Asset Configuration Compliance Module (ACCM).</oval-def:description>
<oval-def:reference ref_id="CCE-80126-6" source="CCE"/>
<oval-def:reference ref_id="install_mcafee_hbss_accm" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="McAfee ACCM is installed" test_ref="oval:ssg-test_mcafee_accm_exists:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-install_mcafee_hbss_pa:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the Policy Auditor (PA) Module</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Install the Policy Auditor (PA) Module.</oval-def:description>
<oval-def:reference ref_id="CCE-80369-2" source="CCE"/>
<oval-def:reference ref_id="install_mcafee_hbss_pa" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="McAfee Policy Auditor is installed" test_ref="oval:ssg-test_mcafee_auditengine_exists:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-etc_system_fips_exists:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure '/etc/system-fips' exists</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check /etc/system-fips exists</oval-def:description>
<oval-def:reference ref_id="etc_system_fips_exists" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_etc_system_fips:tst:1" comment="/etc/system-fips exists"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_enable_fips_mode:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable FIPS Mode in GRUB2</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure fips=1 is configured in the kernel line in /etc/default/grub.</oval-def:description>
<oval-def:reference ref_id="CCE-80359-3" source="CCE"/>
<oval-def:reference ref_id="grub2_enable_fips_mode" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Installed OS is FIPS certified" definition_ref="oval:ssg-installed_OS_is_FIPS_certified:def:1"/>
<oval-def:extend_definition comment="prelink disabled" definition_ref="oval:ssg-disable_prelink:def:1"/>
<oval-def:extend_definition comment="package dracut-fips installed" definition_ref="oval:ssg-package_dracut-fips_installed:def:1"/>
<oval-def:extend_definition comment="package dracut-fips-aesni installed" definition_ref="oval:ssg-package_dracut-fips-aesni_installed:def:1"/>
<oval-def:extend_definition comment="check /etc/system-fips exists" definition_ref="oval:ssg-etc_system_fips_exists:def:1"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_grub2_enable_fips_mode:tst:1" comment="check for fips=1 in /etc/default/grub via GRUB_CMDLINE_LINUX"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition definition_ref="oval:ssg-grub2_default_exists:def:1" comment="check for GRUB_CMDLINE_LINUX_DEFAULT exists in /etc/default/grub"/>
<oval-def:criterion test_ref="oval:ssg-test_grub2_enable_fips_mode_default:tst:1" comment="check for fips=1 in /etc/default/grub via GRUB_CMDLINE_LINUX_DEFAULT"/>
<oval-def:criterion test_ref="oval:ssg-test_grub2_enable_fips_mode:tst:1" comment="check for fips=1 in /etc/default/grub via GRUB_CMDLINE_LINUX"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_dracut-fips-aesni_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the dracut-fips-aesni Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package dracut-fips-aesni should be installed.</oval-def:description>
<oval-def:reference ref_id="package_dracut-fips-aesni_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="System does not support AES instruction set" test_ref="oval:ssg-test_processor_aes_instruction:tst:1"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Installed OS is FIPS certified" definition_ref="oval:ssg-installed_OS_is_FIPS_certified:def:1"/>
<oval-def:criterion comment="package dracut-fips-aesni is installed" test_ref="oval:ssg-test_package_dracut-fips-aesni_installed:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_dracut-fips_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the dracut-fips Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package dracut-fips should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80358-5" source="CCE"/>
<oval-def:reference ref_id="package_dracut-fips_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:extend_definition comment="Installed OS is FIPS certified" definition_ref="oval:ssg-installed_OS_is_FIPS_certified:def:1"/>
<oval-def:criterion comment="package dracut-fips is installed" test_ref="oval:ssg-test_package_dracut-fips_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-aide_build_database:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Build and Test AIDE Database</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The aide database must be initialized.</oval-def:description>
<oval-def:reference ref_id="CCE-27220-3" source="CCE"/>
<oval-def:reference ref_id="aide_build_database" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
<oval-def:criterion test_ref="oval:ssg-test_aide_build_new_database_absolute_path:tst:1"/>
<oval-def:criterion test_ref="oval:ssg-test_aide_operational_database_absolute_path:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-aide_periodic_cron_checking:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Configure Periodic Execution of AIDE</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>By default, AIDE does not install itself for periodic
execution. Periodically running AIDE is necessary to reveal
unexpected changes in installed files.
</oval-def:description>
<oval-def:reference ref_id="CCE-26952-2" source="CCE"/>
<oval-def:reference ref_id="aide_periodic_cron_checking" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="run aide with cron" test_ref="oval:ssg-test_aide_periodic_cron_checking:tst:1"/>
<oval-def:criterion comment="run aide with cron" test_ref="oval:ssg-test_aide_crond_checking:tst:1"/>
<oval-def:criterion comment="run aide with cron" test_ref="oval:ssg-test_aide_var_cron_checking:tst:1"/>
<oval-def:criterion comment="run aide with cron.(daily|weekly)" test_ref="oval:ssg-test_aide_crontabs_checking:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-aide_scan_notification:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure Notification of Post-AIDE Scan Details</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>AIDE should notify appropriate personnel of the details
of a scan after the scan has been run.</oval-def:description>
<oval-def:reference ref_id="CCE-80374-2" source="CCE"/>
<oval-def:reference ref_id="aide_scan_notification" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="notify personnel when aide completes" test_ref="oval:ssg-test_aide_scan_notification:tst:1"/>
<oval-def:criterion comment="notify personnel when aide completes" test_ref="oval:ssg-test_aide_var_cron_notification:tst:1"/>
<oval-def:criterion comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)" test_ref="oval:ssg-test_aide_crontabs_notification:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-aide_use_fips_hashes:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure AIDE to Use FIPS 140-2 for Validating Hashes</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>AIDE should be configured to use the FIPS 140-2
cryptographic hashes.</oval-def:description>
<oval-def:reference ref_id="CCE-80377-5" source="CCE"/>
<oval-def:reference ref_id="aide_use_fips_hashes" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Installed OS is FIPS certified" definition_ref="oval:ssg-installed_OS_is_FIPS_certified:def:1"/>
<oval-def:extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
<oval-def:criterion comment="non-FIPS hashes are not configured" test_ref="oval:ssg-test_aide_non_fips_hashes:tst:1"/>
<oval-def:criterion comment="FIPS hashes are configured" test_ref="oval:ssg-test_aide_use_fips_hashes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-aide_verify_acls:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure AIDE to Verify Access Control Lists (ACLs)</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>AIDE should be configured to verify Access Control Lists (ACLs).</oval-def:description>
<oval-def:reference ref_id="CCE-80375-9" source="CCE"/>
<oval-def:reference ref_id="aide_verify_acls" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
<oval-def:criterion comment="acl is set in /etc/aide.conf" test_ref="oval:ssg-test_aide_verify_acls:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-aide_verify_ext_attributes:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Configure AIDE to Verify Extended Attributes</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>AIDE should be configured to verify extended file attributes.</oval-def:description>
<oval-def:reference ref_id="CCE-80376-7" source="CCE"/>
<oval-def:reference ref_id="aide_verify_ext_attributes" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
<oval-def:criterion comment="xattrs is set in /etc/aide.conf" test_ref="oval:ssg-test_aide_verify_ext_attributes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rpm_verify_hashes:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Verify File Hashes with RPM</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Verify the RPM digests of system binaries using the RPM database.</oval-def:description>
<oval-def:reference ref_id="CCE-27157-7" source="CCE"/>
<oval-def:reference ref_id="rpm_verify_hashes" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_files_fail_md5_hash:tst:1" comment="verify file md5 hashes"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rpm_verify_ownership:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Verify and Correct Ownership with RPM</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Verify ownership of installed packages
by comparing the installed files with information about the
files taken from the package metadata stored in the RPM
database.</oval-def:description>
<oval-def:reference ref_id="CCE-80545-7" source="CCE"/>
<oval-def:reference ref_id="rpm_verify_ownership" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_verify_all_rpms_user_ownership:tst:1" comment="user ownership of all files matches local rpm database"/>
<oval-def:criterion test_ref="oval:ssg-test_verify_all_rpms_group_ownership:tst:1" comment="group ownership of all files matches local rpm database"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-rpm_verify_permissions:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Verify and Correct File Permissions with RPM</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Verify the permissions of installed packages
by comparing the installed files with information about the
files taken from the package metadata stored in the RPM
database.</oval-def:description>
<oval-def:reference ref_id="CCE-27209-6" source="CCE"/>
<oval-def:reference ref_id="rpm_verify_permissions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_verify_all_rpms_mode:tst:1" comment="mode of all files matches local rpm database"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudo_dedicated_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure a dedicated group owns sudo</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that /usr/bin/sudo is owned by the group set in var_sudo_dedicated_group</oval-def:description>
<oval-def:reference ref_id="CCE-83491-1" source="CCE"/>
<oval-def:reference ref_id="sudo_dedicated_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check if dedicated group exists" test_ref="oval:ssg-test_dedicated_group_exists:tst:1"/>
<oval-def:criterion comment="Check file group ownership of /usr/bin/sudo" test_ref="oval:ssg-test_sudo_owned_by_dedicated_group:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudo_remove_no_authenticate:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo !authenticate</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Checks sudo usage without authentication</oval-def:description>
<oval-def:reference ref_id="CCE-80350-2" source="CCE"/>
<oval-def:reference ref_id="sudo_remove_no_authenticate" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="!authenticate does not exist in /etc/sudoers" test_ref="oval:ssg-test_no_authenticate_etc_sudoers:tst:1"/>
<oval-def:criterion comment="!authenticate does not exist in /etc/sudoers.d" test_ref="oval:ssg-test_no_authenticate_etc_sudoers_d:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudo_remove_nopasswd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Checks sudo usage without password</oval-def:description>
<oval-def:reference ref_id="CCE-80351-0" source="CCE"/>
<oval-def:reference ref_id="sudo_remove_nopasswd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="NOPASSWD is not configured in /etc/sudoers" test_ref="oval:ssg-test_nopasswd_etc_sudoers:tst:1"/>
<oval-def:criterion comment="NOPASSWD is not configured in /etc/sudoers.d" test_ref="oval:ssg-test_nopasswd_etc_sudoers_d:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudo_require_authentication:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure Users Re-Authenticate for Privilege Escalation - sudo</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Checks sudo usage without password</oval-def:description>
<oval-def:reference ref_id="CCE-82278-3" source="CCE"/>
<oval-def:reference ref_id="sudo_require_authentication" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:extend_definition definition_ref="oval:ssg-sudo_remove_no_authenticate:def:1"/>
<oval-def:extend_definition definition_ref="oval:ssg-sudo_remove_nopasswd:def:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudo_require_reauthentication:def:1" version="1">
<oval-def:metadata>
<oval-def:title>The operating system must require Re-Authentication when using the sudo command. Ensure sudo timestamp_timeout is appropriate - sudo timestamp_timeout</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>'Ensure sudo timestamp_timeout is appropriate - sudo timestamp_timeout</oval-def:description>
<oval-def:reference ref_id="CCE-85963-7" source="CCE"/>
<oval-def:reference ref_id="sudo_require_reauthentication" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The timestamp_timeout should be configured">
<oval-def:criterion comment="check configuration in /etc/sudoers" test_ref="oval:ssg-test_sudo_timestamp_timeout:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudo_restrict_privilege_elevation_to_authorized:def:1" version="1">
<oval-def:metadata>
<oval-def:title>The operating system must restrict privilege elevation to authorized personnel</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check that sudoers doesn't allow all users to run commands via sudo</oval-def:description>
<oval-def:reference ref_id="CCE-83423-4" source="CCE"/>
<oval-def:reference ref_id="sudo_restrict_privilege_elevation_to_authorized" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Make sure that sudoers has restrictions on which users can run sudo for any target user" test_ref="oval:ssg-test_not_all_users_can_sudo_to_users:tst:1"/>
<oval-def:criterion comment="Make sure that sudoers has restrictions on which users can run sudo for any target group" test_ref="oval:ssg-test_not_all_users_can_sudo_to_group:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudo_vdsm_nopasswd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Only the VDSM User Can Use sudo NOPASSWD</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Checks sudo usage for the vdsm user without a password</oval-def:description>
<oval-def:reference ref_id="CCE-82349-2" source="CCE"/>
<oval-def:reference ref_id="sudo_vdsm_nopasswd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="NOPASSWD only exists for vdsm user in /etc/sudoers" test_ref="oval:ssg-test_vdsm_nopasswd_etc_sudoers:tst:1"/>
<oval-def:criterion comment="NOPASSWD only exists for vdsm user in /etc/sudoers.d" test_ref="oval:ssg-test_vdsm_nopasswd_etc_sudoers_d:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudoers_explicit_command_args:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Explicit arguments in sudo specifications</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check that sudoers doesn't contain commands without arguments specified</oval-def:description>
<oval-def:reference ref_id="CCE-83631-2" source="CCE"/>
<oval-def:reference ref_id="sudoers_explicit_command_args" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Make sure that no commands are without arguments" test_ref="oval:ssg-test_sudoers_explicit_command_args:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudoers_no_command_negation:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Don't define allowed commands in sudoers by means of exclusion</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check that sudoers doesn't contain command negations</oval-def:description>
<oval-def:reference ref_id="CCE-83517-3" source="CCE"/>
<oval-def:reference ref_id="sudoers_no_command_negation" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Make sure that no command in user spec contains negation" test_ref="oval:ssg-test_sudoers_no_command_negation:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudoers_no_root_target:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Don't target root user in the sudoers file</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Check that sudoers doesn't allow users to run commands as root</oval-def:description>
<oval-def:reference ref_id="CCE-83597-5" source="CCE"/>
<oval-def:reference ref_id="sudoers_no_root_target" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Make sure that no user spec in sudoers has a runas spec that includes root or ALL" test_ref="oval:ssg-test_no_root_or_ALL_in_runas_spec:tst:1"/>
<oval-def:criterion comment="Make sure that all user specs in sudoers feature a runas spec" test_ref="oval:ssg-test_no_user_spec_rules:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sudoers_validate_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure invoking users password for privilege escalation when using sudo</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure invoking user's password for privilege escalation when using sudo</oval-def:description>
<oval-def:reference ref_id="CCE-83421-8" source="CCE"/>
<oval-def:reference ref_id="sudoers_validate_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Check Defaults !targetpw exists in /etc/sudoers file" test_ref="oval:ssg-test_sudoers_targetpw_config:tst:1"/>
<oval-def:criterion comment="Check Defaults !rootpw exists in /etc/sudoers file" test_ref="oval:ssg-test_sudoers_rootpw_config:tst:1"/>
<oval-def:criterion comment="Check Defaults !runaspw exists in /etc/sudoers file" test_ref="oval:ssg-test_sudoers_runaspw_config:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-clean_components_post_updating:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure yum Removes Previous Package Versions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The clean_requirements_on_remove option should be used to ensure that old
versions of software components are removed after updating.</oval-def:description>
<oval-def:reference ref_id="CCE-80346-0" source="CCE"/>
<oval-def:reference ref_id="clean_components_post_updating" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="check value of clean_requirements_on_remove in /etc/yum.conf" test_ref="oval:ssg-test_yum_clean_components_post_updating:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ensure_gpgcheck_globally_activated:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure gpgcheck Enabled In Main yum Configuration</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The gpgcheck option should be used to ensure that checking
of an RPM package's signature always occurs prior to its
installation.</oval-def:description>
<oval-def:reference ref_id="CCE-26989-4" source="CCE"/>
<oval-def:reference ref_id="ensure_gpgcheck_globally_activated" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="check value of gpgcheck in /etc/yum.conf" test_ref="oval:ssg-test_ensure_gpgcheck_globally_activated:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ensure_gpgcheck_local_packages:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure gpgcheck Enabled for Local Packages</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The localpkg_gpgcheck option should be used to ensure that checking
of an RPM package's signature always occurs prior to its
installation.</oval-def:description>
<oval-def:reference ref_id="CCE-80347-8" source="CCE"/>
<oval-def:reference ref_id="ensure_gpgcheck_local_packages" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="check value of localpkg_gpgcheck in /etc/yum.conf" test_ref="oval:ssg-test_yum_ensure_gpgcheck_local_packages:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ensure_gpgcheck_never_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure gpgcheck Enabled for All yum Package Repositories</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure all yum or dnf repositories utilize signature checking.</oval-def:description>
<oval-def:reference ref_id="CCE-26876-3" source="CCE"/>
<oval-def:reference ref_id="ensure_gpgcheck_never_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="ensure all yum or dnf repositories utilize signiature checking" operator="AND">
<oval-def:criterion comment="verify no gpgpcheck=0 present in /etc/yum.repos.d files" test_ref="oval:ssg-test_ensure_gpgcheck_never_disabled:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ensure_gpgcheck_repo_metadata:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure gpgcheck Enabled for Repository Metadata</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The repo_gpgcheck option should be used to ensure that checking
of repository metadata always occurs.</oval-def:description>
<oval-def:reference ref_id="CCE-80348-6" source="CCE"/>
<oval-def:reference ref_id="ensure_gpgcheck_repo_metadata" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="check value of repo_gpgcheck in /etc/yum.conf" test_ref="oval:ssg-test_yum_ensure_gpgcheck_repo_metadata:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-ensure_redhat_gpgkey_installed:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure Red Hat GPG Key Installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The Red Hat release and auxiliary key packages are required to be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-26957-1" source="CCE"/>
<oval-def:reference ref_id="ensure_redhat_gpgkey_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="Vendor GPG keys" operator="OR">
<oval-def:criteria comment="Red Hat Vendor Keys" operator="AND">
<oval-def:criteria comment="Red Hat Installed" operator="OR">
<oval-def:extend_definition comment="SL7 installed" definition_ref="oval:ssg-installed_OS_is_sl7:def:1"/>
<oval-def:extend_definition comment="rhel7 installed" definition_ref="oval:ssg-installed_OS_is_rhel7:def:1"/>
</oval-def:criteria>
<oval-def:criterion comment="package gpg-pubkey-fd431d51-4ae0493b is installed" test_ref="oval:ssg-test_package_gpgkey-fd431d51-4ae0493b_installed:tst:1"/>
<oval-def:criteria comment="Auxiliary Red Hat Key Installed" operator="OR">
<oval-def:criterion comment="package gpg-pubkey-2fa658e0-45700c69 is installed" test_ref="oval:ssg-test_package_gpgkey-2fa658e0-45700c69_installed:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria comment="CentOS Vendor Keys" operator="AND">
<oval-def:extend_definition comment="CentOS7 installed" definition_ref="oval:ssg-installed_OS_is_centos7:def:1"/>
<oval-def:criterion comment="package gpg-pubkey-f4a80eb5-53a7ff4b is installed" test_ref="oval:ssg-test_package_gpgkey-f4a80eb5-53a7ff4b_installed:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_dcredit:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Ensure PAM Enforces Password Requirements - Minimum Digit Characters</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password dcredit should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-27214-6" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_dcredit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="conditions for dcredit are satisfied">
<oval-def:extend_definition comment="pwquality.so exists in system-auth" definition_ref="oval:ssg-accounts_password_pam_pwquality:def:1"/>
<oval-def:criterion comment="pwquality.conf" test_ref="oval:ssg-test_password_pam_pwquality_dcredit:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_difok:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Ensure PAM Enforces Password Requirements - Minimum Different Characters</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password difok should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-82020-9" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_difok" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="conditions for difok are satisfied">
<oval-def:extend_definition comment="pwquality.so exists in system-auth" definition_ref="oval:ssg-accounts_password_pam_pwquality:def:1"/>
<oval-def:criterion comment="pwquality.conf" test_ref="oval:ssg-test_password_pam_pwquality_difok:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_lcredit:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password lcredit should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-27345-8" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_lcredit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="conditions for lcredit are satisfied">
<oval-def:extend_definition comment="pwquality.so exists in system-auth" definition_ref="oval:ssg-accounts_password_pam_pwquality:def:1"/>
<oval-def:criterion comment="pwquality.conf" test_ref="oval:ssg-test_password_pam_pwquality_lcredit:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_maxclassrepeat:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password maxclassrepeat should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-27512-3" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_maxclassrepeat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="conditions for maxclassrepeat are satisfied">
<oval-def:extend_definition comment="pwquality.so exists in system-auth" definition_ref="oval:ssg-accounts_password_pam_pwquality:def:1"/>
<oval-def:criterion comment="pwquality.conf" test_ref="oval:ssg-test_password_pam_pwquality_maxclassrepeat:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_maxrepeat:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Set Password Maximum Consecutive Repeating Characters</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password maxrepeat should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-82055-5" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_maxrepeat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="conditions for maxrepeat are satisfied">
<oval-def:extend_definition comment="pwquality.so exists in system-auth" definition_ref="oval:ssg-accounts_password_pam_pwquality:def:1"/>
<oval-def:criterion comment="pwquality.conf" test_ref="oval:ssg-test_password_pam_pwquality_maxrepeat:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_minclass:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Ensure PAM Enforces Password Requirements - Minimum Different Categories</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password minclass should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-82045-6" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_minclass" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="conditions for minclass are satisfied">
<oval-def:extend_definition comment="pwquality.so exists in system-auth" definition_ref="oval:ssg-accounts_password_pam_pwquality:def:1"/>
<oval-def:criterion comment="pwquality.conf" test_ref="oval:ssg-test_password_pam_pwquality_minclass:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_minlen:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Ensure PAM Enforces Password Requirements - Minimum Length</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password minlen should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-27293-0" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_minlen" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="conditions for minlen are satisfied">
<oval-def:extend_definition comment="pwquality.so exists in system-auth" definition_ref="oval:ssg-accounts_password_pam_pwquality:def:1"/>
<oval-def:criterion comment="pwquality.conf" test_ref="oval:ssg-test_password_pam_pwquality_minlen:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_ocredit:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Ensure PAM Enforces Password Requirements - Minimum Special Characters</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password ocredit should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-27360-7" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_ocredit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="conditions for ocredit are satisfied">
<oval-def:extend_definition comment="pwquality.so exists in system-auth" definition_ref="oval:ssg-accounts_password_pam_pwquality:def:1"/>
<oval-def:criterion comment="pwquality.conf" test_ref="oval:ssg-test_password_pam_pwquality_ocredit:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-accounts_password_pam_ucredit:def:1" version="3">
<oval-def:metadata>
<oval-def:title>Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The password ucredit should meet minimum requirements</oval-def:description>
<oval-def:reference ref_id="CCE-27200-5" source="CCE"/>
<oval-def:reference ref_id="accounts_password_pam_ucredit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND" comment="conditions for ucredit are satisfied">
<oval-def:extend_definition comment="pwquality.so exists in system-auth" definition_ref="oval:ssg-accounts_password_pam_pwquality:def:1"/>
<oval-def:criterion comment="pwquality.conf" test_ref="oval:ssg-test_password_pam_pwquality_ucredit:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_chmod:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - chmod</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27339-1" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_chmod" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit chmod" test_ref="oval:ssg-test_32bit_ardm_chmod_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit chmod" test_ref="oval:ssg-test_64bit_ardm_chmod_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit chmod" test_ref="oval:ssg-test_32bit_ardm_chmod_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit chmod" test_ref="oval:ssg-test_64bit_ardm_chmod_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_chown:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - chown</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27364-9" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_chown" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit chown" test_ref="oval:ssg-test_32bit_ardm_chown_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit chown" test_ref="oval:ssg-test_64bit_ardm_chown_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit chown" test_ref="oval:ssg-test_32bit_ardm_chown_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit chown" test_ref="oval:ssg-test_64bit_ardm_chown_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fchmod:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - fchmod</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27393-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_fchmod" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit fchmod" test_ref="oval:ssg-test_32bit_ardm_fchmod_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit fchmod" test_ref="oval:ssg-test_64bit_ardm_fchmod_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit fchmod" test_ref="oval:ssg-test_32bit_ardm_fchmod_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit fchmod" test_ref="oval:ssg-test_64bit_ardm_fchmod_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fchmodat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - fchmodat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27388-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_fchmodat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit fchmodat" test_ref="oval:ssg-test_32bit_ardm_fchmodat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit fchmodat" test_ref="oval:ssg-test_64bit_ardm_fchmodat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit fchmodat" test_ref="oval:ssg-test_32bit_ardm_fchmodat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit fchmodat" test_ref="oval:ssg-test_64bit_ardm_fchmodat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fchown:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - fchown</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27356-5" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_fchown" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit fchown" test_ref="oval:ssg-test_32bit_ardm_fchown_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit fchown" test_ref="oval:ssg-test_64bit_ardm_fchown_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit fchown" test_ref="oval:ssg-test_32bit_ardm_fchown_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit fchown" test_ref="oval:ssg-test_64bit_ardm_fchown_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fchownat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - fchownat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27387-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_fchownat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit fchownat" test_ref="oval:ssg-test_32bit_ardm_fchownat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit fchownat" test_ref="oval:ssg-test_64bit_ardm_fchownat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit fchownat" test_ref="oval:ssg-test_32bit_ardm_fchownat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit fchownat" test_ref="oval:ssg-test_64bit_ardm_fchownat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fremovexattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - fremovexattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27353-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_fremovexattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit fremovexattr" test_ref="oval:ssg-test_32bit_ardm_fremovexattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit fremovexattr" test_ref="oval:ssg-test_64bit_ardm_fremovexattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit fremovexattr" test_ref="oval:ssg-test_32bit_ardm_fremovexattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit fremovexattr" test_ref="oval:ssg-test_64bit_ardm_fremovexattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fsetxattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - fsetxattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27389-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_fsetxattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit fsetxattr" test_ref="oval:ssg-test_32bit_ardm_fsetxattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit fsetxattr" test_ref="oval:ssg-test_64bit_ardm_fsetxattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit fsetxattr" test_ref="oval:ssg-test_32bit_ardm_fsetxattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit fsetxattr" test_ref="oval:ssg-test_64bit_ardm_fsetxattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_lchown:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - lchown</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27083-5" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_lchown" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit lchown" test_ref="oval:ssg-test_32bit_ardm_lchown_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit lchown" test_ref="oval:ssg-test_64bit_ardm_lchown_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit lchown" test_ref="oval:ssg-test_32bit_ardm_lchown_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit lchown" test_ref="oval:ssg-test_64bit_ardm_lchown_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_lremovexattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - lremovexattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27410-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_lremovexattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit lremovexattr" test_ref="oval:ssg-test_32bit_ardm_lremovexattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit lremovexattr" test_ref="oval:ssg-test_64bit_ardm_lremovexattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit lremovexattr" test_ref="oval:ssg-test_32bit_ardm_lremovexattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit lremovexattr" test_ref="oval:ssg-test_64bit_ardm_lremovexattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_lsetxattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - lsetxattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27280-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_lsetxattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit lsetxattr" test_ref="oval:ssg-test_32bit_ardm_lsetxattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit lsetxattr" test_ref="oval:ssg-test_64bit_ardm_lsetxattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit lsetxattr" test_ref="oval:ssg-test_32bit_ardm_lsetxattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit lsetxattr" test_ref="oval:ssg-test_64bit_ardm_lsetxattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_removexattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - removexattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27367-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_removexattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit removexattr" test_ref="oval:ssg-test_32bit_ardm_removexattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit removexattr" test_ref="oval:ssg-test_64bit_ardm_removexattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit removexattr" test_ref="oval:ssg-test_32bit_ardm_removexattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit removexattr" test_ref="oval:ssg-test_64bit_ardm_removexattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_setxattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - setxattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27213-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_dac_modification_setxattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit setxattr" test_ref="oval:ssg-test_32bit_ardm_setxattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit setxattr" test_ref="oval:ssg-test_64bit_ardm_setxattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit setxattr" test_ref="oval:ssg-test_32bit_ardm_setxattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit setxattr" test_ref="oval:ssg-test_64bit_ardm_setxattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_dac_modification_umount2:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify the System's Discretionary Access Controls - umount2</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="audit_rules_dac_modification_umount2" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit umount2" test_ref="oval:ssg-test_32bit_ardm_umount2_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit umount2" test_ref="oval:ssg-test_64bit_ardm_umount2_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit umount2" test_ref="oval:ssg-test_32bit_ardm_umount2_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit umount2" test_ref="oval:ssg-test_64bit_ardm_umount2_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_group_open:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via open syscall - /etc/group</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/group</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_group_open" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_open_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_open_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_open_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_open_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_group_open_by_handle_at:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/group</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_group_open_by_handle_at" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_open_by_handle_at_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_open_by_handle_at_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_open_by_handle_at_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_open_by_handle_at_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_group_openat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via openat syscall - /etc/group</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/group</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_group_openat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_openat_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_openat_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_openat_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/group" test_ref="oval:ssg-test_audit_rules_tc_group_openat_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_gshadow_open:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via open syscall - /etc/gshadow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/gshadow</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_gshadow_open" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_open_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_open_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_open_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_open_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_gshadow_open_by_handle_at:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/gshadow</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_gshadow_open_by_handle_at" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_open_by_handle_at_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_open_by_handle_at_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_open_by_handle_at_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_open_by_handle_at_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_gshadow_openat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via openat syscall - /etc/gshadow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/gshadow</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_gshadow_openat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_openat_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_openat_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_openat_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/gshadow" test_ref="oval:ssg-test_audit_rules_tc_gshadow_openat_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_passwd_open:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via open syscall - /etc/passwd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/passwd</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_passwd_open" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_open_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_open_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_open_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_open_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_passwd_open_by_handle_at:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/passwd</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_passwd_open_by_handle_at" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_open_by_handle_at_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_open_by_handle_at_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_open_by_handle_at_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_open_by_handle_at_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_passwd_openat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via openat syscall - /etc/passwd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/passwd</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_passwd_openat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_openat_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_openat_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_openat_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/passwd" test_ref="oval:ssg-test_audit_rules_tc_passwd_openat_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_shadow_open:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via open syscall - /etc/shadow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/shadow</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_shadow_open" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_open_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_open_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_open_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_open_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_shadow_open_by_handle_at:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/shadow</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_shadow_open_by_handle_at" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_open_by_handle_at_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_open_by_handle_at_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_open_by_handle_at_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_open_by_handle_at_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_etc_shadow_openat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information via openat syscall - /etc/shadow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the write events to /etc/shadow</oval-def:description>
<oval-def:reference ref_id="audit_rules_etc_shadow_openat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_openat_32bit_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_openat_64bit_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_openat_32bit_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit rule to record write events to /etc/shadow" test_ref="oval:ssg-test_audit_rules_tc_shadow_openat_64bit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_execution_chcon:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Any Attempts to Run chcon</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of chcon is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80393-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_execution_chcon" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules chcon" test_ref="oval:ssg-test_audit_rules_execution_chcon_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl chcon" test_ref="oval:ssg-test_audit_rules_execution_chcon_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_execution_restorecon:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Any Attempts to Run restorecon</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of restorecon is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80394-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_execution_restorecon" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules restorecon" test_ref="oval:ssg-test_audit_rules_execution_restorecon_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl restorecon" test_ref="oval:ssg-test_audit_rules_execution_restorecon_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_execution_semanage:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Any Attempts to Run semanage</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of semanage is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80391-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_execution_semanage" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules semanage" test_ref="oval:ssg-test_audit_rules_execution_semanage_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl semanage" test_ref="oval:ssg-test_audit_rules_execution_semanage_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_execution_setfiles:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Any Attempts to Run setfiles</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of setfiles is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80660-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_execution_setfiles" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules setfiles" test_ref="oval:ssg-test_audit_rules_execution_setfiles_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl setfiles" test_ref="oval:ssg-test_audit_rules_execution_setfiles_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_execution_setsebool:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Any Attempts to Run setsebool</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of setsebool is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80392-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_execution_setsebool" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules setsebool" test_ref="oval:ssg-test_audit_rules_execution_setsebool_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl setsebool" test_ref="oval:ssg-test_audit_rules_execution_setsebool_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_execution_seunshare:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Any Attempts to Run seunshare</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of seunshare is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82362-5" source="CCE"/>
<oval-def:reference ref_id="audit_rules_execution_seunshare" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules seunshare" test_ref="oval:ssg-test_audit_rules_execution_seunshare_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl seunshare" test_ref="oval:ssg-test_audit_rules_execution_seunshare_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_file_deletion_events_rename:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects File Deletion Events by User - rename</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The deletion of files should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-80995-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_file_deletion_events_rename" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit rename" test_ref="oval:ssg-test_32bit_ardm_rename_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit rename" test_ref="oval:ssg-test_64bit_ardm_rename_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit rename" test_ref="oval:ssg-test_32bit_ardm_rename_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit rename" test_ref="oval:ssg-test_64bit_ardm_rename_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_file_deletion_events_renameat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects File Deletion Events by User - renameat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The deletion of files should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-80413-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_file_deletion_events_renameat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit renameat" test_ref="oval:ssg-test_32bit_ardm_renameat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit renameat" test_ref="oval:ssg-test_64bit_ardm_renameat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit renameat" test_ref="oval:ssg-test_32bit_ardm_renameat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit renameat" test_ref="oval:ssg-test_64bit_ardm_renameat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_file_deletion_events_rmdir:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects File Deletion Events by User - rmdir</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The deletion of files should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-80412-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_file_deletion_events_rmdir" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit rmdir" test_ref="oval:ssg-test_32bit_ardm_rmdir_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit rmdir" test_ref="oval:ssg-test_64bit_ardm_rmdir_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit rmdir" test_ref="oval:ssg-test_32bit_ardm_rmdir_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit rmdir" test_ref="oval:ssg-test_64bit_ardm_rmdir_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_file_deletion_events_unlink:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects File Deletion Events by User - unlink</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The deletion of files should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-80996-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_file_deletion_events_unlink" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit unlink" test_ref="oval:ssg-test_32bit_ardm_unlink_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit unlink" test_ref="oval:ssg-test_64bit_ardm_unlink_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit unlink" test_ref="oval:ssg-test_32bit_ardm_unlink_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit unlink" test_ref="oval:ssg-test_64bit_ardm_unlink_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_file_deletion_events_unlinkat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects File Deletion Events by User - unlinkat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The deletion of files should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-80662-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_file_deletion_events_unlinkat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit unlinkat" test_ref="oval:ssg-test_32bit_ardm_unlinkat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit unlinkat" test_ref="oval:ssg-test_64bit_ardm_unlinkat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit unlinkat" test_ref="oval:ssg-test_32bit_ardm_unlinkat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit unlinkat" test_ref="oval:ssg-test_64bit_ardm_unlinkat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_login_events_faillock:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Record Attempts to Alter Logon and Logout Events - faillock</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules should be configured to log successful and unsuccessful login and logout events.</oval-def:description>
<oval-def:reference ref_id="CCE-80383-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_login_events_faillock" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules faillock" test_ref="oval:ssg-test_arle_faillock_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl faillock" test_ref="oval:ssg-test_arle_faillock_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_login_events_lastlog:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Record Attempts to Alter Logon and Logout Events - lastlog</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules should be configured to log successful and unsuccessful login and logout events.</oval-def:description>
<oval-def:reference ref_id="CCE-80384-1" source="CCE"/>
<oval-def:reference ref_id="audit_rules_login_events_lastlog" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules lastlog" test_ref="oval:ssg-test_arle_lastlog_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl lastlog" test_ref="oval:ssg-test_arle_lastlog_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_login_events_tallylog:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Record Attempts to Alter Logon and Logout Events - tallylog</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules should be configured to log successful and unsuccessful login and logout events.</oval-def:description>
<oval-def:reference ref_id="CCE-80994-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_login_events_tallylog" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules tallylog" test_ref="oval:ssg-test_arle_tallylog_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl tallylog" test_ref="oval:ssg-test_arle_tallylog_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_media_export:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on Exporting to Media (successful)</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The changing of file permissions and attributes should be audited.</oval-def:description>
<oval-def:reference ref_id="CCE-27447-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_media_export" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit mount" test_ref="oval:ssg-test_32bit_ardm_mount_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit augenrules 64-bit mount" test_ref="oval:ssg-test_64bit_ardm_mount_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit mount" test_ref="oval:ssg-test_32bit_ardm_mount_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criterion comment="audit auditctl 64-bit mount" test_ref="oval:ssg-test_64bit_ardm_mount_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_at:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - at</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of at is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81060-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_at" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules at" test_ref="oval:ssg-test_audit_rules_privileged_commands_at_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl at" test_ref="oval:ssg-test_audit_rules_privileged_commands_at_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_chage:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - chage</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of chage is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80398-1" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_chage" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules chage" test_ref="oval:ssg-test_audit_rules_privileged_commands_chage_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl chage" test_ref="oval:ssg-test_audit_rules_privileged_commands_chage_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_chsh:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - chsh</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of chsh is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80404-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_chsh" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules chsh" test_ref="oval:ssg-test_audit_rules_privileged_commands_chsh_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl chsh" test_ref="oval:ssg-test_audit_rules_privileged_commands_chsh_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_crontab:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - crontab</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of crontab is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80410-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_crontab" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules crontab" test_ref="oval:ssg-test_audit_rules_privileged_commands_crontab_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl crontab" test_ref="oval:ssg-test_audit_rules_privileged_commands_crontab_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_gpasswd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of gpasswd is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80397-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_gpasswd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules gpasswd" test_ref="oval:ssg-test_audit_rules_privileged_commands_gpasswd_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl gpasswd" test_ref="oval:ssg-test_audit_rules_privileged_commands_gpasswd_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_mount:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - mount</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of mount is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81064-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_mount" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules mount" test_ref="oval:ssg-test_audit_rules_privileged_commands_mount_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl mount" test_ref="oval:ssg-test_audit_rules_privileged_commands_mount_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_newgidmap:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of newgidmap is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82200-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_newgidmap" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules newgidmap" test_ref="oval:ssg-test_audit_rules_privileged_commands_newgidmap_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl newgidmap" test_ref="oval:ssg-test_audit_rules_privileged_commands_newgidmap_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_newgrp:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - newgrp</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of newgrp is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80403-9" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_newgrp" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules newgrp" test_ref="oval:ssg-test_audit_rules_privileged_commands_newgrp_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl newgrp" test_ref="oval:ssg-test_audit_rules_privileged_commands_newgrp_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_newuidmap:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of newuidmap is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81070-5" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_newuidmap" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules newuidmap" test_ref="oval:ssg-test_audit_rules_privileged_commands_newuidmap_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl newuidmap" test_ref="oval:ssg-test_audit_rules_privileged_commands_newuidmap_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_pam_timestamp_check:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of pam_timestamp_check is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80411-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_pam_timestamp_check" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules pam_timestamp_check" test_ref="oval:ssg-test_audit_rules_privileged_commands_pam_timestamp_check_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl pam_timestamp_check" test_ref="oval:ssg-test_audit_rules_privileged_commands_pam_timestamp_check_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - passwd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of passwd is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80395-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules passwd" test_ref="oval:ssg-test_audit_rules_privileged_commands_passwd_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl passwd" test_ref="oval:ssg-test_audit_rules_privileged_commands_passwd_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_postdrop:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - postdrop</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of postdrop is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80406-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_postdrop" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules postdrop" test_ref="oval:ssg-test_audit_rules_privileged_commands_postdrop_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl postdrop" test_ref="oval:ssg-test_audit_rules_privileged_commands_postdrop_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_postqueue:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - postqueue</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of postqueue is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80407-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_postqueue" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules postqueue" test_ref="oval:ssg-test_audit_rules_privileged_commands_postqueue_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl postqueue" test_ref="oval:ssg-test_audit_rules_privileged_commands_postqueue_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_pt_chown:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of pt_chown is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80409-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_pt_chown" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules pt_chown" test_ref="oval:ssg-test_audit_rules_privileged_commands_pt_chown_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl pt_chown" test_ref="oval:ssg-test_audit_rules_privileged_commands_pt_chown_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_ssh_keysign:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of ssh_keysign is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80408-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_ssh_keysign" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules ssh_keysign" test_ref="oval:ssg-test_audit_rules_privileged_commands_ssh_keysign_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl ssh_keysign" test_ref="oval:ssg-test_audit_rules_privileged_commands_ssh_keysign_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_su:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - su</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of su is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80400-5" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_su" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules su" test_ref="oval:ssg-test_audit_rules_privileged_commands_su_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl su" test_ref="oval:ssg-test_audit_rules_privileged_commands_su_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_sudo:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - sudo</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of sudo is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80401-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_sudo" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules sudo" test_ref="oval:ssg-test_audit_rules_privileged_commands_sudo_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl sudo" test_ref="oval:ssg-test_audit_rules_privileged_commands_sudo_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_sudoedit:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of sudoedit is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80402-1" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_sudoedit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules sudoedit" test_ref="oval:ssg-test_audit_rules_privileged_commands_sudoedit_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl sudoedit" test_ref="oval:ssg-test_audit_rules_privileged_commands_sudoedit_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_umount:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - umount</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of umount is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80405-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_umount" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules umount" test_ref="oval:ssg-test_audit_rules_privileged_commands_umount_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl umount" test_ref="oval:ssg-test_audit_rules_privileged_commands_umount_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_unix_chkpwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of unix_chkpwd is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80396-5" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_unix_chkpwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules unix_chkpwd" test_ref="oval:ssg-test_audit_rules_privileged_commands_unix_chkpwd_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl unix_chkpwd" test_ref="oval:ssg-test_audit_rules_privileged_commands_unix_chkpwd_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_userhelper:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - userhelper</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of userhelper is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80399-9" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_userhelper" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules userhelper" test_ref="oval:ssg-test_audit_rules_privileged_commands_userhelper_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl userhelper" test_ref="oval:ssg-test_audit_rules_privileged_commands_userhelper_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_privileged_commands_usernetctl:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the use of usernetctl is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82074-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_privileged_commands_usernetctl" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules usernetctl" test_ref="oval:ssg-test_audit_rules_privileged_commands_usernetctl_augenrules:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl usernetctl" test_ref="oval:ssg-test_audit_rules_privileged_commands_usernetctl_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_chmod:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Permission Changes to Files - chmod</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81086-1" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_chmod" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_chmod_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_chmod_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_chmod_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_chmod_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_chmod_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_chmod_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_chmod_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_chmod_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_chown:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Ownership Changes to Files - chown</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81082-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_chown" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_chown_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_chown_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_chown_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_chown_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_chown_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_chown_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_chown_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_chown_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_creat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Access Attempts to Files - creat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80385-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_creat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_creat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_creat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_creat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_creat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_creat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_creat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_creat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_creat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_fchmod:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Permission Changes to Files - fchmod</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81088-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_fchmod" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fchmod_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fchmod_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fchmod_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fchmod_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fchmod_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fchmod_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fchmod_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fchmod_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_fchmodat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Permission Changes to Files - fchmodat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81090-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_fchmodat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fchmodat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fchmodat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fchmodat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fchmodat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fchmodat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fchmodat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fchmodat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fchmodat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_fchown:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Ownership Changes to Files - fchown</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81080-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_fchown" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fchown_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fchown_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fchown_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fchown_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fchown_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fchown_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fchown_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fchown_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_fchownat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Ownership Changes to Files - fchownat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81084-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_fchownat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fchownat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fchownat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fchownat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fchownat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fchownat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fchownat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fchownat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fchownat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_fremovexattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Permission Changes to Files - fremovexattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81102-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_fremovexattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fremovexattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fremovexattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fremovexattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fremovexattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fremovexattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fremovexattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fremovexattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fremovexattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_fsetxattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Permission Changes to Files - fsetxattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81096-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_fsetxattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fsetxattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fsetxattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fsetxattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fsetxattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_fsetxattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_fsetxattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_fsetxattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_fsetxattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_ftruncate:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Access Attempts to Files - ftruncate</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80390-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_ftruncate" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_ftruncate_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_ftruncate_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_ftruncate_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_ftruncate_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_ftruncate_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_ftruncate_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_ftruncate_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_ftruncate_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_lchown:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Ownership Changes to Files - lchown</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81078-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_lchown" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_lchown_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_lchown_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_lchown_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_lchown_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_lchown_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_lchown_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_lchown_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_lchown_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_lremovexattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Permission Changes to Files - lremovexattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81100-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_lremovexattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_lremovexattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_lremovexattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_lremovexattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_lremovexattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_lremovexattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_lremovexattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_lremovexattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_lremovexattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_lsetxattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Permission Changes to Files - lsetxattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81094-5" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_lsetxattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_lsetxattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_lsetxattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_lsetxattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_lsetxattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_lsetxattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_lsetxattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_lsetxattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_lsetxattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_open:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Access Attempts to Files - open</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80386-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_open" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_open_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_open_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_open_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_open_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_open_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_open_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_open_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_open_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Access Attempts to Files - open_by_handle_at</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80388-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_open_by_handle_at" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_open_by_handle_at_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_open_by_handle_at_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_open_by_handle_at_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_open_by_handle_at_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_open_by_handle_at_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_open_by_handle_at_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_open_by_handle_at_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_open_by_handle_at_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the unsuccessful use of open_by_handle_at O_CREAT is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81117-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 32bit a2&amp;0100 eacces augenrules exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_creat_32bit_a20100_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 32bit a2&amp;0100 eperm augenrules exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_creat_32bit_a20100_eperm_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule open_by_handle_at 64bit a2&amp;0100 eacces augenrules exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_creat_64bit_a20100_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 64bit a2&amp;0100 eperm augenrules exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_creat_64bit_a20100_eperm_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 32bit a2&amp;0100 eacces auditctl exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_creat_32bit_a20100_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 32bit a2&amp;0100 eperm auditctl exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_creat_32bit_a20100_eperm_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule open_by_handle_at 64bit a2&amp;0100 eacces auditctl exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_creat_64bit_a20100_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 64bit a2&amp;0100 eperm auditctl exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_creat_64bit_a20100_eperm_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the unsuccessful use of open_by_handle_at O_TRUNC is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81125-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 32bit a2&amp;01003 eacces augenrules exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_trunc_32bit_a201003_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 32bit a2&amp;01003 eperm augenrules exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_trunc_32bit_a201003_eperm_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule open_by_handle_at 64bit a2&amp;01003 eacces augenrules exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_trunc_64bit_a201003_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 64bit a2&amp;01003 eperm augenrules exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_trunc_64bit_a201003_eperm_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 32bit a2&amp;01003 eacces auditctl exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_trunc_32bit_a201003_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 32bit a2&amp;01003 eperm auditctl exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_trunc_32bit_a201003_eperm_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule open_by_handle_at 64bit a2&amp;01003 eacces auditctl exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_trunc_64bit_a201003_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule open_by_handle_at 64bit a2&amp;01003 eperm auditctl exists" test_ref="oval:ssg-test_arufm_open_by_handle_at_o_trunc_64bit_a201003_eperm_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the unsuccessful use of open_by_handle_at is configured in the proper rule order.</oval-def:description>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_by_handle_at_order_32bit_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_by_handle_at_order_32bit_eperm_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit" test_ref="oval:ssg-test_arufm_open_by_handle_at_order_64bit_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit" test_ref="oval:ssg-test_arufm_open_by_handle_at_order_64bit_eperm_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_by_handle_at_order_32bit_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_by_handle_at_order_32bit_eperm_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_by_handle_at_order_64bit_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_by_handle_at_order_64bit_eperm_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_open_o_creat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Creation Attempts to Files - open O_CREAT</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the unsuccessful use of open O_CREAT is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81119-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_open_o_creat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="Verify audit rule open 32bit a1&amp;0100 eacces augenrules exists" test_ref="oval:ssg-test_arufm_open_o_creat_32bit_a20100_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule open 32bit a1&amp;0100 eperm augenrules exists" test_ref="oval:ssg-test_arufm_open_o_creat_32bit_a20100_eperm_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule open 64bit a1&amp;0100 eacces augenrules exists" test_ref="oval:ssg-test_arufm_open_o_creat_64bit_a20100_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule open 64bit a1&amp;0100 eperm augenrules exists" test_ref="oval:ssg-test_arufm_open_o_creat_64bit_a20100_eperm_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="Verify audit rule open 32bit a1&amp;0100 eacces auditctl exists" test_ref="oval:ssg-test_arufm_open_o_creat_32bit_a20100_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule open 32bit a1&amp;0100 eperm auditctl exists" test_ref="oval:ssg-test_arufm_open_o_creat_32bit_a20100_eperm_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule open 64bit a1&amp;0100 eacces auditctl exists" test_ref="oval:ssg-test_arufm_open_o_creat_64bit_a20100_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule open 64bit a1&amp;0100 eperm auditctl exists" test_ref="oval:ssg-test_arufm_open_o_creat_64bit_a20100_eperm_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_open_o_trunc_write:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the unsuccessful use of open O_TRUNC is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81121-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_open_o_trunc_write" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="Verify audit rule open 32bit a1&amp;01003 eacces augenrules exists" test_ref="oval:ssg-test_arufm_open_o_trunc_32bit_a201003_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule open 32bit a1&amp;01003 eperm augenrules exists" test_ref="oval:ssg-test_arufm_open_o_trunc_32bit_a201003_eperm_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule open 64bit a1&amp;01003 eacces augenrules exists" test_ref="oval:ssg-test_arufm_open_o_trunc_64bit_a201003_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule open 64bit a1&amp;01003 eperm augenrules exists" test_ref="oval:ssg-test_arufm_open_o_trunc_64bit_a201003_eperm_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="Verify audit rule open 32bit a1&amp;01003 eacces auditctl exists" test_ref="oval:ssg-test_arufm_open_o_trunc_32bit_a201003_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule open 32bit a1&amp;01003 eperm auditctl exists" test_ref="oval:ssg-test_arufm_open_o_trunc_32bit_a201003_eperm_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule open 64bit a1&amp;01003 eacces auditctl exists" test_ref="oval:ssg-test_arufm_open_o_trunc_64bit_a201003_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule open 64bit a1&amp;01003 eperm auditctl exists" test_ref="oval:ssg-test_arufm_open_o_trunc_64bit_a201003_eperm_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_open_rule_order:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the unsuccessful use of open is configured in the proper rule order.</oval-def:description>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_open_rule_order" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_order_32bit_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_order_32bit_eperm_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit" test_ref="oval:ssg-test_arufm_open_order_64bit_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit" test_ref="oval:ssg-test_arufm_open_order_64bit_eperm_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_order_32bit_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_order_32bit_eperm_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_order_64bit_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_open_order_64bit_eperm_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_openat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Access Attempts to Files - openat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80387-4" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_openat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_openat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_openat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_openat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_openat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_openat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_openat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_openat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_openat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_openat_o_creat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Creation Attempts to Files - openat O_CREAT</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the unsuccessful use of openat O_CREAT is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81115-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_openat_o_creat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="Verify audit rule openat 32bit a2&amp;0100 eacces augenrules exists" test_ref="oval:ssg-test_arufm_openat_o_creat_32bit_a20100_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule openat 32bit a2&amp;0100 eperm augenrules exists" test_ref="oval:ssg-test_arufm_openat_o_creat_32bit_a20100_eperm_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule openat 64bit a2&amp;0100 eacces augenrules exists" test_ref="oval:ssg-test_arufm_openat_o_creat_64bit_a20100_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule openat 64bit a2&amp;0100 eperm augenrules exists" test_ref="oval:ssg-test_arufm_openat_o_creat_64bit_a20100_eperm_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="Verify audit rule openat 32bit a2&amp;0100 eacces auditctl exists" test_ref="oval:ssg-test_arufm_openat_o_creat_32bit_a20100_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule openat 32bit a2&amp;0100 eperm auditctl exists" test_ref="oval:ssg-test_arufm_openat_o_creat_32bit_a20100_eperm_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule openat 64bit a2&amp;0100 eacces auditctl exists" test_ref="oval:ssg-test_arufm_openat_o_creat_64bit_a20100_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule openat 64bit a2&amp;0100 eperm auditctl exists" test_ref="oval:ssg-test_arufm_openat_o_creat_64bit_a20100_eperm_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_openat_o_trunc_write:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the unsuccessful use of openat O_TRUNC is enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81123-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_openat_o_trunc_write" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="Verify audit rule openat 32bit a2&amp;01003 eacces augenrules exists" test_ref="oval:ssg-test_arufm_openat_o_trunc_32bit_a201003_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule openat 32bit a2&amp;01003 eperm augenrules exists" test_ref="oval:ssg-test_arufm_openat_o_trunc_32bit_a201003_eperm_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule openat 64bit a2&amp;01003 eacces augenrules exists" test_ref="oval:ssg-test_arufm_openat_o_trunc_64bit_a201003_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="Verify audit rule openat 64bit a2&amp;01003 eperm augenrules exists" test_ref="oval:ssg-test_arufm_openat_o_trunc_64bit_a201003_eperm_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="Verify audit rule openat 32bit a2&amp;01003 eacces auditctl exists" test_ref="oval:ssg-test_arufm_openat_o_trunc_32bit_a201003_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule openat 32bit a2&amp;01003 eperm auditctl exists" test_ref="oval:ssg-test_arufm_openat_o_trunc_32bit_a201003_eperm_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Verify audit rule openat 64bit a2&amp;01003 eacces auditctl exists" test_ref="oval:ssg-test_arufm_openat_o_trunc_64bit_a201003_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="Verify audit rule openat 64bit a2&amp;01003 eperm auditctl exists" test_ref="oval:ssg-test_arufm_openat_o_trunc_64bit_a201003_eperm_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_openat_rule_order:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the information on the unsuccessful use of openat is configured in the proper rule order.</oval-def:description>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_openat_rule_order" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_openat_order_32bit_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_openat_order_32bit_eperm_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit" test_ref="oval:ssg-test_arufm_openat_order_64bit_eacces_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit" test_ref="oval:ssg-test_arufm_openat_order_64bit_eperm_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_openat_order_32bit_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_openat_order_32bit_eperm_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_openat_order_64bit_eacces_auditctl:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit" test_ref="oval:ssg-test_arufm_openat_order_64bit_eperm_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_removexattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Permission Changes to Files - removexattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81098-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_removexattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_removexattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_removexattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_removexattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_removexattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_removexattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_removexattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_removexattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_removexattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_rename:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Delete Attempts to Files - rename</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81108-3" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_rename" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_rename_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_rename_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_rename_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_rename_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_rename_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_rename_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_rename_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_rename_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_renameat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Delete Attempts to Files - renameat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82082-9" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_renameat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_renameat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_renameat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_renameat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_renameat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_renameat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_renameat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_renameat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_renameat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_setxattr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Permission Changes to Files - setxattr</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81092-9" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_setxattr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_setxattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_setxattr_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_setxattr_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_setxattr_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_setxattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_setxattr_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_setxattr_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_setxattr_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_truncate:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessful Access Attempts to Files - truncate</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80389-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_truncate" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_truncate_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_truncate_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_truncate_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_truncate_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_truncate_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_truncate_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_truncate_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_truncate_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_unlink:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Delete Attempts to Files - unlink</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81106-7" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_unlink" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_unlink_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_unlink_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_unlink_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_unlink_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_unlink_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_unlink_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_unlink_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_unlink_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_modification_unlinkat:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Unsuccessul Delete Attempts to Files - unlinkat</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit rules about the unauthorized access attempts to files (unsuccessful) are enabled.</oval-def:description>
<oval-def:reference ref_id="CCE-81104-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_unsuccessful_file_modification_unlinkat" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_unlinkat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_unlinkat_augenrules:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit augenrules 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_unlinkat_augenrules:tst:1"/>
<oval-def:criterion comment="audit augenrules 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_unlinkat_augenrules:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eacces" test_ref="oval:ssg-test_32bit_arufm_eacces_unlinkat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 32-bit file eperm" test_ref="oval:ssg-test_32bit_arufm_eperm_unlinkat_auditctl:tst:1"/>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="64-bit_system" definition_ref="oval:ssg-system_info_architecture_64bit:def:1" negate="true"/>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="audit auditctl 64-bit file eacces" test_ref="oval:ssg-test_64bit_arufm_eacces_unlinkat_auditctl:tst:1"/>
<oval-def:criterion comment="audit auditctl 64-bit file eperm" test_ref="oval:ssg-test_64bit_arufm_eperm_unlinkat_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_usergroup_modification_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information - /etc/group</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit user/group modification.</oval-def:description>
<oval-def:reference ref_id="CCE-80433-6" source="CCE"/>
<oval-def:reference ref_id="audit_rules_usergroup_modification_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit group" test_ref="oval:ssg-test_audit_rules_usergroup_modification_group_augen:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit group" test_ref="oval:ssg-test_audit_rules_usergroup_modification_group_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_usergroup_modification_gshadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information - /etc/gshadow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit user/group modification.</oval-def:description>
<oval-def:reference ref_id="CCE-80432-8" source="CCE"/>
<oval-def:reference ref_id="audit_rules_usergroup_modification_gshadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit gshadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_gshadow_augen:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit gshadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_gshadow_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_usergroup_modification_opasswd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information - /etc/security/opasswd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit user/group modification.</oval-def:description>
<oval-def:reference ref_id="CCE-80430-2" source="CCE"/>
<oval-def:reference ref_id="audit_rules_usergroup_modification_opasswd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit opasswd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_opasswd_augen:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit opasswd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_opasswd_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_usergroup_modification_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information - /etc/passwd</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit user/group modification.</oval-def:description>
<oval-def:reference ref_id="CCE-80435-1" source="CCE"/>
<oval-def:reference ref_id="audit_rules_usergroup_modification_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit passwd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_passwd_augen:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit passwd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_passwd_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-audit_rules_usergroup_modification_shadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Record Events that Modify User/Group Information - /etc/shadow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Audit user/group modification.</oval-def:description>
<oval-def:reference ref_id="CCE-80431-0" source="CCE"/>
<oval-def:reference ref_id="audit_rules_usergroup_modification_shadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit augenrules" definition_ref="oval:ssg-audit_rules_augenrules:def:1"/>
<oval-def:criterion comment="audit shadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_shadow_augen:tst:1"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="audit auditctl" definition_ref="oval:ssg-audit_rules_auditctl:def:1"/>
<oval-def:criterion comment="audit shadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_shadow_auditctl:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_freq:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set number of records to cause an explicit flush to audit logs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'freq' is configured with value '50' in /etc/audit/auditd.conf</oval-def:description>
<oval-def:reference ref_id="CCE-82358-3" source="CCE"/>
<oval-def:reference ref_id="auditd_freq" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="auditd is configured correctly" operator="OR">
<oval-def:criterion comment="Check the freq in /etc/audit/auditd.conf" test_ref="oval:ssg-test_auditd_freq:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_local_events:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Include Local Events in Audit Logs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'local_events' is configured with value 'yes' in /etc/audit/auditd.conf</oval-def:description>
<oval-def:reference ref_id="CCE-82355-9" source="CCE"/>
<oval-def:reference ref_id="auditd_local_events" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="auditd is configured correctly" operator="OR">
<oval-def:criterion comment="Check the local_events in /etc/audit/auditd.conf" test_ref="oval:ssg-test_auditd_local_events:tst:1"/>
<oval-def:criterion comment="Check the absence of local_events in /etc/audit/auditd.conf" test_ref="oval:ssg-test_auditd_local_events_default_not_overriden:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_log_format:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Resolve information before writing to audit logs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'log_format' is configured with value 'ENRICHED' in /etc/audit/auditd.conf</oval-def:description>
<oval-def:reference ref_id="CCE-82357-5" source="CCE"/>
<oval-def:reference ref_id="auditd_log_format" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="auditd is configured correctly" operator="OR">
<oval-def:criterion comment="Check the log_format in /etc/audit/auditd.conf" test_ref="oval:ssg-test_auditd_log_format:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_name_format:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Set hostname as computer node name in audit logs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'name_format' is configured with value 'hostname' in /etc/audit/auditd.conf</oval-def:description>
<oval-def:reference ref_id="CCE-82359-1" source="CCE"/>
<oval-def:reference ref_id="auditd_name_format" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="auditd is configured correctly" operator="OR">
<oval-def:criterion comment="Check the name_format in /etc/audit/auditd.conf" test_ref="oval:ssg-test_auditd_name_format:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-auditd_write_logs:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Write Audit Logs to the Disk</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'write_logs' is configured with value 'yes' in /etc/audit/auditd.conf</oval-def:description>
<oval-def:reference ref_id="CCE-82356-7" source="CCE"/>
<oval-def:reference ref_id="auditd_write_logs" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="auditd is configured correctly" operator="OR">
<oval-def:criterion comment="Check the write_logs in /etc/audit/auditd.conf" test_ref="oval:ssg-test_auditd_write_logs:tst:1"/>
<oval-def:criterion comment="Check the absence of write_logs in /etc/audit/auditd.conf" test_ref="oval:ssg-test_auditd_write_logs_default_not_overriden:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-coreos_enable_selinux_kernel_argument:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure SELinux Not Disabled in the kernel arguments</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure selinux=0 argument is not present in the 'options' line of /boot/loader/entries/ostree-2-*.conf (or ostree-1-*.conf if there is no ostree-2-*.conf as ostree has only two enries at the most, with *-2-*.conf entry always being the most recent). Also, ensure that kernel is currently running with this argument by checking /proc/cmdline.</oval-def:description>
<oval-def:reference ref_id="coreos_enable_selinux_kernel_argument" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criteria operator="OR">
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Pass if there are no files matching pattern '/boot/loader/entries/ostree-2-.*.conf' exist in the system" test_ref="oval:ssg-test_coreos_enable_selinux_kernel_argument_file_boot_loader_entries_ostree_2_conf_absent:tst:1"/>
<oval-def:criterion comment="Check if argument selinux=0 for Linux kernel is not present in /boot/loader/entries/ostree-1-.*.conf" test_ref="oval:ssg-test_coreos_enable_selinux_kernel_argument_selinux_0_argument_in_boot_loader_entries_ostree_1_conf:tst:1" negate="true"/>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Check if argument selinux=0 for Linux kernel is not present in /boot/loader/entries/ostree-2-.*.conf" test_ref="oval:ssg-test_coreos_enable_selinux_kernel_argument_selinux_0_argument_in_boot_loader_entries_ostree_2_conf:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criteria operator="AND">
<oval-def:criterion comment="Check if argument selinux=0 for Linux kernel is not present in /proc/cmdline" test_ref="oval:ssg-test_coreos_enable_selinux_kernel_argument_selinux_0_argument_in_proc_cmdline:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-dconf_gnome_disable_user_admin:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable User Administration in GNOME3</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'user-administration-disabled' is configured with value 'true in section 'org/gnome/desktop/lockdown' in /etc/dconf/db/local.d/</oval-def:description>
<oval-def:reference ref_id="CCE-80115-9" source="CCE"/>
<oval-def:reference ref_id="dconf_gnome_disable_user_admin" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="dconf is configured correctly" operator="AND">
<oval-def:criterion comment="Check the user-administration-disabled in /etc/dconf/db/local.d/" test_ref="oval:ssg-test_dconf_gnome_disable_user_admin:tst:1"/>
<oval-def:criterion comment="Prevent user from modifying user-administration-disabled" test_ref="oval:ssg-test_prevent_user_user-administration-disabled:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-disable_host_auth:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Host-Based Authentication</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'HostbasedAuthentication' is configured with value 'no' in /etc/ssh/sshd_config</oval-def:description>
<oval-def:reference ref_id="CCE-27413-4" source="CCE"/>
<oval-def:reference ref_id="disable_host_auth" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="sshd is configured correctly or is not installed" operator="OR">
<oval-def:criteria comment="sshd is not installed" operator="AND">
<oval-def:extend_definition comment="sshd is not required or requirement is unset" definition_ref="oval:ssg-sshd_not_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
</oval-def:criteria>
<oval-def:criteria comment="sshd is installed and configured" operator="AND">
<oval-def:extend_definition comment="sshd is required or requirement is unset" definition_ref="oval:ssg-sshd_required_or_unset:def:1"/>
<oval-def:extend_definition comment="rpm package openssh-server installed" definition_ref="oval:ssg-package_openssh-server_installed:def:1"/>
<oval-def:criteria comment="sshd is configured correctly" operator="OR">
<oval-def:criterion comment="Check the HostbasedAuthentication in /etc/ssh/sshd_config" test_ref="oval:ssg-test_disable_host_auth:tst:1"/>
<oval-def:criteria comment="sshd is not configured incorrectly" operator="AND">
<oval-def:criterion comment="Check the absence of HostbasedAuthentication in /etc/ssh/sshd_config" test_ref="oval:ssg-test_disable_host_auth_default_not_overriden:tst:1"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_at_deny_not_exist:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure that /etc/at.deny does not exist</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that/etc/at.deny does not exist.</oval-def:description>
<oval-def:reference ref_id="CCE-86944-6" source="CCE"/>
<oval-def:reference ref_id="file_at_deny_not_exist" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Ensure that /etc/at.deny does not exist." test_ref="oval:ssg-test_file_at_deny_not_exist:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_cron_deny_not_exist:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure that /etc/cron.deny does not exist</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that/etc/cron.deny does not exist.</oval-def:description>
<oval-def:reference ref_id="CCE-86848-9" source="CCE"/>
<oval-def:reference ref_id="file_cron_deny_not_exist" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Ensure that /etc/cron.deny does not exist." test_ref="oval:ssg-test_file_cron_deny_not_exist:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_backup_etc_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns Backup group File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83474-7" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_backup_etc_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/group-" test_ref="oval:ssg-test_file_groupowner_backup_etc_group_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_backup_etc_gshadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns Backup gshadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83534-8" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_backup_etc_gshadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/gshadow-" test_ref="oval:ssg-test_file_groupowner_backup_etc_gshadow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_backup_etc_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns Backup passwd File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83323-6" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_backup_etc_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/passwd-" test_ref="oval:ssg-test_file_groupowner_backup_etc_passwd_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_backup_etc_shadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns Backup shadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83414-3" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_backup_etc_shadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/shadow-" test_ref="oval:ssg-test_file_groupowner_backup_etc_shadow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_cron_allow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns /etc/cron.allow file</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-80379-1" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_cron_allow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/cron.allow" test_ref="oval:ssg-test_file_groupowner_cron_allow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_cron_d:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns cron.d</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82265-0" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_cron_d" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/cron.d/" test_ref="oval:ssg-test_file_groupowner_cron_d_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_cron_daily:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns cron.daily</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82232-0" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_cron_daily" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/cron.daily/" test_ref="oval:ssg-test_file_groupowner_cron_daily_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_cron_hourly:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns cron.hourly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82226-2" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_cron_hourly" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/cron.hourly/" test_ref="oval:ssg-test_file_groupowner_cron_hourly_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_cron_monthly:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns cron.monthly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82255-1" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_cron_monthly" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/cron.monthly/" test_ref="oval:ssg-test_file_groupowner_cron_monthly_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_cron_weekly:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns cron.weekly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82242-9" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_cron_weekly" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/cron.weekly/" test_ref="oval:ssg-test_file_groupowner_cron_weekly_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_crontab:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns Crontab</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82222-1" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_crontab" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/crontab" test_ref="oval:ssg-test_file_groupowner_crontab_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_efi_grub2_cfg:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify the UEFI Boot Loader grub.cfg Group Ownership</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83430-9" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_efi_grub2_cfg" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:ssg-test_file_groupowner_efi_grub2_cfg_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_etc_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns group File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82037-3" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_etc_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/group" test_ref="oval:ssg-test_file_groupowner_etc_group_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_etc_gshadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns gshadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82025-8" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_etc_gshadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/gshadow" test_ref="oval:ssg-test_file_groupowner_etc_gshadow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_etc_hosts_allow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Ownership of /etc/hosts.allow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83824-3" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_etc_hosts_allow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/hosts.allow" test_ref="oval:ssg-test_file_groupowner_etc_hosts_allow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_etc_hosts_deny:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Ownership of /etc/hosts.deny</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-84031-4" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_etc_hosts_deny" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/hosts.deny" test_ref="oval:ssg-test_file_groupowner_etc_hosts_deny_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_etc_issue:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Ownership of System Login Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83707-0" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_etc_issue" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/issue" test_ref="oval:ssg-test_file_groupowner_etc_issue_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_etc_motd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Ownership of Message of the Day Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83727-8" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_etc_motd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/motd" test_ref="oval:ssg-test_file_groupowner_etc_motd_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_etc_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns passwd File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-26639-5" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_etc_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/passwd" test_ref="oval:ssg-test_file_groupowner_etc_passwd_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_etc_shadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns shadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82051-4" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_etc_shadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/shadow" test_ref="oval:ssg-test_file_groupowner_etc_shadow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_grub2_cfg:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify /boot/grub2/grub.cfg Group Ownership</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82023-3" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_grub2_cfg" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /boot/grub2/grub.cfg" test_ref="oval:ssg-test_file_groupowner_grub2_cfg_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_sshd_config:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns SSH Server config file</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82902-8" source="CCE"/>
<oval-def:reference ref_id="file_groupowner_sshd_config" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /etc/ssh/sshd_config" test_ref="oval:ssg-test_file_groupowner_sshd_config_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_var_log:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns /var/log Directory</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="file_groupowner_var_log" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /var/log/" test_ref="oval:ssg-test_file_groupowner_var_log_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_groupowner_var_log_messages:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns /var/log/messages File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is group owned by 0.</oval-def:description>
<oval-def:reference ref_id="file_groupowner_var_log_messages" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file group ownership of /var/log/messages" test_ref="oval:ssg-test_file_groupowner_var_log_messages_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_backup_etc_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns Backup group File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83472-1" source="CCE"/>
<oval-def:reference ref_id="file_owner_backup_etc_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/group-" test_ref="oval:ssg-test_file_owner_backup_etc_group_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_backup_etc_gshadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns Backup gshadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83532-2" source="CCE"/>
<oval-def:reference ref_id="file_owner_backup_etc_gshadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/gshadow-" test_ref="oval:ssg-test_file_owner_backup_etc_gshadow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_backup_etc_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns Backup passwd File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83325-1" source="CCE"/>
<oval-def:reference ref_id="file_owner_backup_etc_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/passwd-" test_ref="oval:ssg-test_file_owner_backup_etc_passwd_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_backup_etc_shadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Group Who Owns Backup shadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83412-7" source="CCE"/>
<oval-def:reference ref_id="file_owner_backup_etc_shadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/shadow-" test_ref="oval:ssg-test_file_owner_backup_etc_shadow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_cron_allow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns /etc/cron.allow file</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-80378-3" source="CCE"/>
<oval-def:reference ref_id="file_owner_cron_allow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/cron.allow" test_ref="oval:ssg-test_file_owner_cron_allow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_cron_d:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Owner on cron.d</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82270-0" source="CCE"/>
<oval-def:reference ref_id="file_owner_cron_d" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/cron.d/" test_ref="oval:ssg-test_file_owner_cron_d_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_cron_daily:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Owner on cron.daily</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82236-1" source="CCE"/>
<oval-def:reference ref_id="file_owner_cron_daily" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/cron.daily/" test_ref="oval:ssg-test_file_owner_cron_daily_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_cron_hourly:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Owner on cron.hourly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82208-0" source="CCE"/>
<oval-def:reference ref_id="file_owner_cron_hourly" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/cron.hourly/" test_ref="oval:ssg-test_file_owner_cron_hourly_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_cron_monthly:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Owner on cron.monthly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82259-3" source="CCE"/>
<oval-def:reference ref_id="file_owner_cron_monthly" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/cron.monthly/" test_ref="oval:ssg-test_file_owner_cron_monthly_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_cron_weekly:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Owner on cron.weekly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82246-0" source="CCE"/>
<oval-def:reference ref_id="file_owner_cron_weekly" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/cron.weekly/" test_ref="oval:ssg-test_file_owner_cron_weekly_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_crontab:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Owner on crontab</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82217-1" source="CCE"/>
<oval-def:reference ref_id="file_owner_crontab" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/crontab" test_ref="oval:ssg-test_file_owner_crontab_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_efi_grub2_cfg:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify the UEFI Boot Loader grub.cfg User Ownership</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83429-1" source="CCE"/>
<oval-def:reference ref_id="file_owner_efi_grub2_cfg" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:ssg-test_file_owner_efi_grub2_cfg_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_etc_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns group File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82031-6" source="CCE"/>
<oval-def:reference ref_id="file_owner_etc_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/group" test_ref="oval:ssg-test_file_owner_etc_group_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_etc_gshadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns gshadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82195-9" source="CCE"/>
<oval-def:reference ref_id="file_owner_etc_gshadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/gshadow" test_ref="oval:ssg-test_file_owner_etc_gshadow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_etc_hosts_allow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Ownership of /etc/hosts.allow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83826-8" source="CCE"/>
<oval-def:reference ref_id="file_owner_etc_hosts_allow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/hosts.allow" test_ref="oval:ssg-test_file_owner_etc_hosts_allow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_etc_hosts_deny:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Ownership of /etc/hosts.deny</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-84033-0" source="CCE"/>
<oval-def:reference ref_id="file_owner_etc_hosts_deny" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/hosts.deny" test_ref="oval:ssg-test_file_owner_etc_hosts_deny_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_etc_issue:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify ownership of System Login Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83717-9" source="CCE"/>
<oval-def:reference ref_id="file_owner_etc_issue" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/issue" test_ref="oval:ssg-test_file_owner_etc_issue_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_etc_motd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify ownership of Message of the Day Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-83737-7" source="CCE"/>
<oval-def:reference ref_id="file_owner_etc_motd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/motd" test_ref="oval:ssg-test_file_owner_etc_motd_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_etc_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns passwd File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82052-2" source="CCE"/>
<oval-def:reference ref_id="file_owner_etc_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/passwd" test_ref="oval:ssg-test_file_owner_etc_passwd_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_etc_shadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns shadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82022-5" source="CCE"/>
<oval-def:reference ref_id="file_owner_etc_shadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/shadow" test_ref="oval:ssg-test_file_owner_etc_shadow_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_grub2_cfg:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify /boot/grub2/grub.cfg User Ownership</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82026-6" source="CCE"/>
<oval-def:reference ref_id="file_owner_grub2_cfg" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /boot/grub2/grub.cfg" test_ref="oval:ssg-test_file_owner_grub2_cfg_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_sshd_config:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Owner on SSH Server config file</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="CCE-82899-6" source="CCE"/>
<oval-def:reference ref_id="file_owner_sshd_config" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /etc/ssh/sshd_config" test_ref="oval:ssg-test_file_owner_sshd_config_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_var_log:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns /var/log Directory</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="file_owner_var_log" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /var/log/" test_ref="oval:ssg-test_file_owner_var_log_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_owner_var_log_messages:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify User Who Owns /var/log/messages File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH is owned by 0.</oval-def:description>
<oval-def:reference ref_id="file_owner_var_log_messages" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file ownership of /var/log/messages" test_ref="oval:ssg-test_file_owner_var_log_messages_0:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_backup_etc_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on Backup group File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0644.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-83482-0" source="CCE"/>
<oval-def:reference ref_id="file_permissions_backup_etc_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/group-" test_ref="oval:ssg-test_file_permissions_backup_etc_group_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_backup_etc_gshadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on Backup gshadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0000.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-83572-8" source="CCE"/>
<oval-def:reference ref_id="file_permissions_backup_etc_gshadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/gshadow-" test_ref="oval:ssg-test_file_permissions_backup_etc_gshadow_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_backup_etc_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on Backup passwd File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0644.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-83331-9" source="CCE"/>
<oval-def:reference ref_id="file_permissions_backup_etc_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/passwd-" test_ref="oval:ssg-test_file_permissions_backup_etc_passwd_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_backup_etc_shadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on Backup shadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0000.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-83416-8" source="CCE"/>
<oval-def:reference ref_id="file_permissions_backup_etc_shadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/shadow-" test_ref="oval:ssg-test_file_permissions_backup_etc_shadow_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_cron_allow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on /etc/cron.allow file</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0600.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-86875-2" source="CCE"/>
<oval-def:reference ref_id="file_permissions_cron_allow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/cron.allow" test_ref="oval:ssg-test_file_permissions_cron_allow_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_cron_d:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on cron.d</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0700.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82276-7" source="CCE"/>
<oval-def:reference ref_id="file_permissions_cron_d" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/cron.d/" test_ref="oval:ssg-test_file_permissions_cron_d_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_cron_daily:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on cron.daily</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0700.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82239-5" source="CCE"/>
<oval-def:reference ref_id="file_permissions_cron_daily" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/cron.daily/" test_ref="oval:ssg-test_file_permissions_cron_daily_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_cron_hourly:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on cron.hourly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0700.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82229-6" source="CCE"/>
<oval-def:reference ref_id="file_permissions_cron_hourly" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/cron.hourly/" test_ref="oval:ssg-test_file_permissions_cron_hourly_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_cron_monthly:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on cron.monthly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0700.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82262-7" source="CCE"/>
<oval-def:reference ref_id="file_permissions_cron_monthly" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/cron.monthly/" test_ref="oval:ssg-test_file_permissions_cron_monthly_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_cron_weekly:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on cron.weekly</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0700.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82250-2" source="CCE"/>
<oval-def:reference ref_id="file_permissions_cron_weekly" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/cron.weekly/" test_ref="oval:ssg-test_file_permissions_cron_weekly_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_crontab:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on crontab</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0600.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82205-6" source="CCE"/>
<oval-def:reference ref_id="file_permissions_crontab" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/crontab" test_ref="oval:ssg-test_file_permissions_crontab_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_efi_grub2_cfg:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify the UEFI Boot Loader grub.cfg Permissions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0700.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-83431-7" source="CCE"/>
<oval-def:reference ref_id="file_permissions_efi_grub2_cfg" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:ssg-test_file_permissions_efi_grub2_cfg_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_etc_group:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on group File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0644.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82032-4" source="CCE"/>
<oval-def:reference ref_id="file_permissions_etc_group" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/group" test_ref="oval:ssg-test_file_permissions_etc_group_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_etc_gshadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on gshadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0000.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82192-6" source="CCE"/>
<oval-def:reference ref_id="file_permissions_etc_gshadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/gshadow" test_ref="oval:ssg-test_file_permissions_etc_gshadow_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_etc_hosts_allow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on /etc/hosts.allow</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0644.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-83828-4" source="CCE"/>
<oval-def:reference ref_id="file_permissions_etc_hosts_allow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/hosts.allow" test_ref="oval:ssg-test_file_permissions_etc_hosts_allow_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_etc_hosts_deny:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on /etc/hosts.deny</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0644.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-84035-5" source="CCE"/>
<oval-def:reference ref_id="file_permissions_etc_hosts_deny" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/hosts.deny" test_ref="oval:ssg-test_file_permissions_etc_hosts_deny_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_etc_issue:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify permissions on System Login Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0644.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-83347-5" source="CCE"/>
<oval-def:reference ref_id="file_permissions_etc_issue" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/issue" test_ref="oval:ssg-test_file_permissions_etc_issue_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_etc_motd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify permissions on Message of the Day Banner</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0644.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-83337-6" source="CCE"/>
<oval-def:reference ref_id="file_permissions_etc_motd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/motd" test_ref="oval:ssg-test_file_permissions_etc_motd_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_etc_passwd:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on passwd File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0644.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82029-0" source="CCE"/>
<oval-def:reference ref_id="file_permissions_etc_passwd" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/passwd" test_ref="oval:ssg-test_file_permissions_etc_passwd_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_etc_shadow:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on shadow File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0000.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82042-3" source="CCE"/>
<oval-def:reference ref_id="file_permissions_etc_shadow" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/shadow" test_ref="oval:ssg-test_file_permissions_etc_shadow_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_grub2_cfg:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify /boot/grub2/grub.cfg Permissions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0600.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82039-9" source="CCE"/>
<oval-def:reference ref_id="file_permissions_grub2_cfg" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /boot/grub2/grub.cfg" test_ref="oval:ssg-test_file_permissions_grub2_cfg_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_sshd_config:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on SSH Server config file</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0600.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-82895-4" source="CCE"/>
<oval-def:reference ref_id="file_permissions_sshd_config" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/ssh/sshd_config" test_ref="oval:ssg-test_file_permissions_sshd_config_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_sshd_private_key:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on SSH Server Private *_key Key Files</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0600.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-27485-2" source="CCE"/>
<oval-def:reference ref_id="file_permissions_sshd_private_key" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/ssh/" test_ref="oval:ssg-test_file_permissions_sshd_private_key_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_sshd_pub_key:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on SSH Server Public *.pub Key Files</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0644.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="CCE-27311-0" source="CCE"/>
<oval-def:reference ref_id="file_permissions_sshd_pub_key" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /etc/ssh/" test_ref="oval:ssg-test_file_permissions_sshd_pub_key_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_var_log:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on /var/log Directory</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0755.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="file_permissions_var_log" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /var/log/" test_ref="oval:ssg-test_file_permissions_var_log_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-file_permissions_var_log_messages:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Verify Permissions on /var/log/messages File</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>This test makes sure that FILEPATH has mode 0640.
If the target file or directory has an extended ACL, then it will fail the mode check.
</oval-def:description>
<oval-def:reference ref_id="file_permissions_var_log_messages" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="Check file mode of /var/log/messages" test_ref="oval:ssg-test_file_permissions_var_log_messages_0:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_audit_argument:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Enable Auditing for Processes Which Start Prior to the Audit Daemon</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure audit=1 is configured in the kernel line in /etc/default/grub.</oval-def:description>
<oval-def:reference ref_id="CCE-27212-0" source="CCE"/>
<oval-def:reference ref_id="grub2_audit_argument" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_audit_argument_grub_cfg:tst:1" comment="Check if audit=1 is present in the boot parameters in the /boot/grub2/grub.cfg for all kernels"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_grub2_audit_argument:tst:1" comment="check for audit=1 in /etc/default/grub via GRUB_CMDLINE_LINUX"/>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_audit_argument_default:tst:1" comment="check for audit=1 in /etc/default/grub via GRUB_CMDLINE_LINUX_DEFAULT"/>
<oval-def:extend_definition definition_ref="oval:ssg-bootloader_disable_recovery_set_to_true:def:1" comment="Check GRUB_DISABLE_RECOVERY=true in /etc/default/grub"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_audit_backlog_limit_argument:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Extend Audit Backlog Limit for the Audit Daemon</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure audit_backlog_limit=8192 is configured in the kernel line in /etc/default/grub.</oval-def:description>
<oval-def:reference ref_id="CCE-82156-1" source="CCE"/>
<oval-def:reference ref_id="grub2_audit_backlog_limit_argument" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_audit_backlog_limit_argument_grub_cfg:tst:1" comment="Check if audit_backlog_limit=8192 is present in the boot parameters in the /boot/grub2/grub.cfg for all kernels"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_grub2_audit_backlog_limit_argument:tst:1" comment="check for audit_backlog_limit=8192 in /etc/default/grub via GRUB_CMDLINE_LINUX"/>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_audit_backlog_limit_argument_default:tst:1" comment="check for audit_backlog_limit=8192 in /etc/default/grub via GRUB_CMDLINE_LINUX_DEFAULT"/>
<oval-def:extend_definition definition_ref="oval:ssg-bootloader_disable_recovery_set_to_true:def:1" comment="Check GRUB_DISABLE_RECOVERY=true in /etc/default/grub"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_enable_iommu_force:def:1" version="2">
<oval-def:metadata>
<oval-def:title>IOMMU configuration directive</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure iommu=force is configured in the kernel line in /etc/default/grub.</oval-def:description>
<oval-def:reference ref_id="CCE-82351-8" source="CCE"/>
<oval-def:reference ref_id="grub2_enable_iommu_force" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_iommu_argument_grub_cfg:tst:1" comment="Check if iommu=force is present in the boot parameters in the /boot/grub2/grub.cfg for all kernels"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_grub2_iommu_argument:tst:1" comment="check for iommu=force in /etc/default/grub via GRUB_CMDLINE_LINUX"/>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_iommu_argument_default:tst:1" comment="check for iommu=force in /etc/default/grub via GRUB_CMDLINE_LINUX_DEFAULT"/>
<oval-def:extend_definition definition_ref="oval:ssg-bootloader_disable_recovery_set_to_true:def:1" comment="Check GRUB_DISABLE_RECOVERY=true in /etc/default/grub"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_ipv6_disable_argument:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Ensure IPv6 is disabled through kernel boot parameter</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure ipv6.disable=1 is configured in the kernel line in /etc/default/grub.</oval-def:description>
<oval-def:reference ref_id="CCE-82886-3" source="CCE"/>
<oval-def:reference ref_id="grub2_ipv6_disable_argument" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_ipv6_disable_argument_grub_cfg:tst:1" comment="Check if ipv6.disable=1 is present in the boot parameters in the /boot/grub2/grub.cfg for all kernels"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_grub2_ipv6_disable_argument:tst:1" comment="check for ipv6.disable=1 in /etc/default/grub via GRUB_CMDLINE_LINUX"/>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_ipv6_disable_argument_default:tst:1" comment="check for ipv6.disable=1 in /etc/default/grub via GRUB_CMDLINE_LINUX_DEFAULT"/>
<oval-def:extend_definition definition_ref="oval:ssg-bootloader_disable_recovery_set_to_true:def:1" comment="Check GRUB_DISABLE_RECOVERY=true in /etc/default/grub"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_page_poison_argument:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Enable page allocator poisoning</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure page_poison=1 is configured in the kernel line in /etc/default/grub.</oval-def:description>
<oval-def:reference ref_id="CCE-82158-7" source="CCE"/>
<oval-def:reference ref_id="grub2_page_poison_argument" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_page_poison_argument_grub_cfg:tst:1" comment="Check if page_poison=1 is present in the boot parameters in the /boot/grub2/grub.cfg for all kernels"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_grub2_page_poison_argument:tst:1" comment="check for page_poison=1 in /etc/default/grub via GRUB_CMDLINE_LINUX"/>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_page_poison_argument_default:tst:1" comment="check for page_poison=1 in /etc/default/grub via GRUB_CMDLINE_LINUX_DEFAULT"/>
<oval-def:extend_definition definition_ref="oval:ssg-bootloader_disable_recovery_set_to_true:def:1" comment="Check GRUB_DISABLE_RECOVERY=true in /etc/default/grub"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_slub_debug_argument:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Enable SLUB/SLAB allocator poisoning</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure slub_debug=P is configured in the kernel line in /etc/default/grub.</oval-def:description>
<oval-def:reference ref_id="CCE-82157-9" source="CCE"/>
<oval-def:reference ref_id="grub2_slub_debug_argument" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_slub_debug_argument_grub_cfg:tst:1" comment="Check if slub_debug=P is present in the boot parameters in the /boot/grub2/grub.cfg for all kernels"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_grub2_slub_debug_argument:tst:1" comment="check for slub_debug=P in /etc/default/grub via GRUB_CMDLINE_LINUX"/>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_slub_debug_argument_default:tst:1" comment="check for slub_debug=P in /etc/default/grub via GRUB_CMDLINE_LINUX_DEFAULT"/>
<oval-def:extend_definition definition_ref="oval:ssg-bootloader_disable_recovery_set_to_true:def:1" comment="Check GRUB_DISABLE_RECOVERY=true in /etc/default/grub"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-grub2_vsyscall_argument:def:1" version="2">
<oval-def:metadata>
<oval-def:title>Disable vsyscalls</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure vsyscall=none is configured in the kernel line in /etc/default/grub.</oval-def:description>
<oval-def:reference ref_id="CCE-82159-5" source="CCE"/>
<oval-def:reference ref_id="grub2_vsyscall_argument" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_vsyscall_argument_grub_cfg:tst:1" comment="Check if vsyscall=none is present in the boot parameters in the /boot/grub2/grub.cfg for all kernels"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_grub2_vsyscall_argument:tst:1" comment="check for vsyscall=none in /etc/default/grub via GRUB_CMDLINE_LINUX"/>
<oval-def:criteria operator="AND">
<oval-def:criterion test_ref="oval:ssg-test_grub2_vsyscall_argument_default:tst:1" comment="check for vsyscall=none in /etc/default/grub via GRUB_CMDLINE_LINUX_DEFAULT"/>
<oval-def:extend_definition definition_ref="oval:ssg-bootloader_disable_recovery_set_to_true:def:1" comment="Check GRUB_DISABLE_RECOVERY=true in /etc/default/grub"/>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-install_smartcard_packages:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install Smart Card Packages For Multifactor Authentication</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package pam_pkcs11 should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80519-2" source="CCE"/>
<oval-def:reference ref_id="install_smartcard_packages" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package pam_pkcs11 is installed" test_ref="oval:ssg-test_package_pam_pkcs11_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-journald_compress:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure journald is configured to compress large log files</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'Compress' is configured with value 'yes' in /etc/systemd/journald.conf</oval-def:description>
<oval-def:reference ref_id="CCE-85929-8" source="CCE"/>
<oval-def:reference ref_id="journald_compress" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The respective application or service is configured correctly" operator="OR">
<oval-def:criterion comment="Check the Compress in /etc/systemd/journald.conf" test_ref="oval:ssg-test_journald_compress:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-journald_forward_to_syslog:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure journald is configured to send logs to rsyslog</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'ForwardToSyslog' is configured with value 'yes' in /etc/systemd/journald.conf</oval-def:description>
<oval-def:reference ref_id="CCE-85994-2" source="CCE"/>
<oval-def:reference ref_id="journald_forward_to_syslog" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The respective application or service is configured correctly" operator="OR">
<oval-def:criterion comment="Check the ForwardToSyslog in /etc/systemd/journald.conf" test_ref="oval:ssg-test_journald_forward_to_syslog:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-journald_storage:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure journald is configured to write log files to persistent disk</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>Ensure 'Storage' is configured with value 'persistent' in /etc/systemd/journald.conf</oval-def:description>
<oval-def:reference ref_id="CCE-86044-5" source="CCE"/>
<oval-def:reference ref_id="journald_storage" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria comment="The respective application or service is configured correctly" operator="OR">
<oval-def:criterion comment="Check the Storage in /etc/systemd/journald.conf" test_ref="oval:ssg-test_journald_storage:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_atm_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable ATM Support</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module atm should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82162-9" source="CCE"/>
<oval-def:reference ref_id="kernel_module_atm_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_atm_disabled:tst:1" comment="kernel module atm disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_atm_etcmodules-load:tst:1" comment="kernel module atm disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_atm_runmodules-load:tst:1" comment="kernel module atm disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_atm_libmodules-load:tst:1" comment="kernel module atm disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_atm_runmodprobed:tst:1" comment="kernel module atm disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_atm_libmodprobed:tst:1" comment="kernel module atm disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_atm_modprobeconf:tst:1" comment="kernel module atm disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_bluetooth_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Bluetooth Kernel Module</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module bluetooth should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-27327-6" source="CCE"/>
<oval-def:reference ref_id="kernel_module_bluetooth_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_bluetooth_disabled:tst:1" comment="kernel module bluetooth disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_bluetooth_etcmodules-load:tst:1" comment="kernel module bluetooth disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_bluetooth_runmodules-load:tst:1" comment="kernel module bluetooth disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_bluetooth_libmodules-load:tst:1" comment="kernel module bluetooth disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_bluetooth_runmodprobed:tst:1" comment="kernel module bluetooth disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_bluetooth_libmodprobed:tst:1" comment="kernel module bluetooth disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_bluetooth_modprobeconf:tst:1" comment="kernel module bluetooth disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_can_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable CAN Support</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module can should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82164-5" source="CCE"/>
<oval-def:reference ref_id="kernel_module_can_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_can_disabled:tst:1" comment="kernel module can disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_can_etcmodules-load:tst:1" comment="kernel module can disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_can_runmodules-load:tst:1" comment="kernel module can disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_can_libmodules-load:tst:1" comment="kernel module can disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_can_runmodprobed:tst:1" comment="kernel module can disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_can_libmodprobed:tst:1" comment="kernel module can disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_can_modprobeconf:tst:1" comment="kernel module can disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_cramfs_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Mounting of cramfs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module cramfs should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80137-3" source="CCE"/>
<oval-def:reference ref_id="kernel_module_cramfs_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_cramfs_disabled:tst:1" comment="kernel module cramfs disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_cramfs_etcmodules-load:tst:1" comment="kernel module cramfs disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_cramfs_runmodules-load:tst:1" comment="kernel module cramfs disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_cramfs_libmodules-load:tst:1" comment="kernel module cramfs disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_cramfs_runmodprobed:tst:1" comment="kernel module cramfs disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_cramfs_libmodprobed:tst:1" comment="kernel module cramfs disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_cramfs_modprobeconf:tst:1" comment="kernel module cramfs disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_dccp_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable DCCP Support</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module dccp should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82024-1" source="CCE"/>
<oval-def:reference ref_id="kernel_module_dccp_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_dccp_disabled:tst:1" comment="kernel module dccp disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_dccp_etcmodules-load:tst:1" comment="kernel module dccp disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_dccp_runmodules-load:tst:1" comment="kernel module dccp disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_dccp_libmodules-load:tst:1" comment="kernel module dccp disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_dccp_runmodprobed:tst:1" comment="kernel module dccp disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_dccp_libmodprobed:tst:1" comment="kernel module dccp disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_dccp_modprobeconf:tst:1" comment="kernel module dccp disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_firewire-core_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable IEEE 1394 (FireWire) Support</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module firewire-core should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82160-3" source="CCE"/>
<oval-def:reference ref_id="kernel_module_firewire-core_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_firewire-core_disabled:tst:1" comment="kernel module firewire-core disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_firewire-core_etcmodules-load:tst:1" comment="kernel module firewire-core disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_firewire-core_runmodules-load:tst:1" comment="kernel module firewire-core disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_firewire-core_libmodules-load:tst:1" comment="kernel module firewire-core disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_firewire-core_runmodprobed:tst:1" comment="kernel module firewire-core disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_firewire-core_libmodprobed:tst:1" comment="kernel module firewire-core disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_firewire-core_modprobeconf:tst:1" comment="kernel module firewire-core disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_freevxfs_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Mounting of freevxfs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module freevxfs should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80138-1" source="CCE"/>
<oval-def:reference ref_id="kernel_module_freevxfs_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_freevxfs_disabled:tst:1" comment="kernel module freevxfs disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_freevxfs_etcmodules-load:tst:1" comment="kernel module freevxfs disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_freevxfs_runmodules-load:tst:1" comment="kernel module freevxfs disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_freevxfs_libmodules-load:tst:1" comment="kernel module freevxfs disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_freevxfs_runmodprobed:tst:1" comment="kernel module freevxfs disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_freevxfs_libmodprobed:tst:1" comment="kernel module freevxfs disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_freevxfs_modprobeconf:tst:1" comment="kernel module freevxfs disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_hfs_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Mounting of hfs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module hfs should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80140-7" source="CCE"/>
<oval-def:reference ref_id="kernel_module_hfs_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfs_disabled:tst:1" comment="kernel module hfs disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfs_etcmodules-load:tst:1" comment="kernel module hfs disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfs_runmodules-load:tst:1" comment="kernel module hfs disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfs_libmodules-load:tst:1" comment="kernel module hfs disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfs_runmodprobed:tst:1" comment="kernel module hfs disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfs_libmodprobed:tst:1" comment="kernel module hfs disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfs_modprobeconf:tst:1" comment="kernel module hfs disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_hfsplus_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Mounting of hfsplus</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module hfsplus should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80141-5" source="CCE"/>
<oval-def:reference ref_id="kernel_module_hfsplus_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfsplus_disabled:tst:1" comment="kernel module hfsplus disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfsplus_etcmodules-load:tst:1" comment="kernel module hfsplus disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfsplus_runmodules-load:tst:1" comment="kernel module hfsplus disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfsplus_libmodules-load:tst:1" comment="kernel module hfsplus disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfsplus_runmodprobed:tst:1" comment="kernel module hfsplus disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfsplus_libmodprobed:tst:1" comment="kernel module hfsplus disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_hfsplus_modprobeconf:tst:1" comment="kernel module hfsplus disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_jffs2_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Mounting of jffs2</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module jffs2 should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80139-9" source="CCE"/>
<oval-def:reference ref_id="kernel_module_jffs2_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_jffs2_disabled:tst:1" comment="kernel module jffs2 disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_jffs2_etcmodules-load:tst:1" comment="kernel module jffs2 disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_jffs2_runmodules-load:tst:1" comment="kernel module jffs2 disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_jffs2_libmodules-load:tst:1" comment="kernel module jffs2 disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_jffs2_runmodprobed:tst:1" comment="kernel module jffs2 disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_jffs2_libmodprobed:tst:1" comment="kernel module jffs2 disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_jffs2_modprobeconf:tst:1" comment="kernel module jffs2 disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_rds_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable RDS Support</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module rds should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82869-9" source="CCE"/>
<oval-def:reference ref_id="kernel_module_rds_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_rds_disabled:tst:1" comment="kernel module rds disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_rds_etcmodules-load:tst:1" comment="kernel module rds disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_rds_runmodules-load:tst:1" comment="kernel module rds disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_rds_libmodules-load:tst:1" comment="kernel module rds disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_rds_runmodprobed:tst:1" comment="kernel module rds disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_rds_libmodprobed:tst:1" comment="kernel module rds disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_rds_modprobeconf:tst:1" comment="kernel module rds disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_sctp_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable SCTP Support</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module sctp should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82044-9" source="CCE"/>
<oval-def:reference ref_id="kernel_module_sctp_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_sctp_disabled:tst:1" comment="kernel module sctp disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_sctp_etcmodules-load:tst:1" comment="kernel module sctp disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_sctp_runmodules-load:tst:1" comment="kernel module sctp disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_sctp_libmodules-load:tst:1" comment="kernel module sctp disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_sctp_runmodprobed:tst:1" comment="kernel module sctp disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_sctp_libmodprobed:tst:1" comment="kernel module sctp disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_sctp_modprobeconf:tst:1" comment="kernel module sctp disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_squashfs_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Mounting of squashfs</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module squashfs should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80142-3" source="CCE"/>
<oval-def:reference ref_id="kernel_module_squashfs_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_squashfs_disabled:tst:1" comment="kernel module squashfs disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_squashfs_etcmodules-load:tst:1" comment="kernel module squashfs disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_squashfs_runmodules-load:tst:1" comment="kernel module squashfs disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_squashfs_libmodules-load:tst:1" comment="kernel module squashfs disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_squashfs_runmodprobed:tst:1" comment="kernel module squashfs disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_squashfs_libmodprobed:tst:1" comment="kernel module squashfs disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_squashfs_modprobeconf:tst:1" comment="kernel module squashfs disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_tipc_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable TIPC Support</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module tipc should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-83395-4" source="CCE"/>
<oval-def:reference ref_id="kernel_module_tipc_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_tipc_disabled:tst:1" comment="kernel module tipc disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_tipc_etcmodules-load:tst:1" comment="kernel module tipc disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_tipc_runmodules-load:tst:1" comment="kernel module tipc disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_tipc_libmodules-load:tst:1" comment="kernel module tipc disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_tipc_runmodprobed:tst:1" comment="kernel module tipc disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_tipc_libmodprobed:tst:1" comment="kernel module tipc disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_tipc_modprobeconf:tst:1" comment="kernel module tipc disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_udf_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Mounting of udf</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module udf should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-80143-1" source="CCE"/>
<oval-def:reference ref_id="kernel_module_udf_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_udf_disabled:tst:1" comment="kernel module udf disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_udf_etcmodules-load:tst:1" comment="kernel module udf disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_udf_runmodules-load:tst:1" comment="kernel module udf disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_udf_libmodules-load:tst:1" comment="kernel module udf disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_udf_runmodprobed:tst:1" comment="kernel module udf disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_udf_libmodprobed:tst:1" comment="kernel module udf disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_udf_modprobeconf:tst:1" comment="kernel module udf disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_usb-storage_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Modprobe Loading of USB Storage Driver</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module usb-storage should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-27277-3" source="CCE"/>
<oval-def:reference ref_id="kernel_module_usb-storage_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_usb-storage_disabled:tst:1" comment="kernel module usb-storage disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_usb-storage_etcmodules-load:tst:1" comment="kernel module usb-storage disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_usb-storage_runmodules-load:tst:1" comment="kernel module usb-storage disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_usb-storage_libmodules-load:tst:1" comment="kernel module usb-storage disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_usb-storage_runmodprobed:tst:1" comment="kernel module usb-storage disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_usb-storage_libmodprobed:tst:1" comment="kernel module usb-storage disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_usb-storage_modprobeconf:tst:1" comment="kernel module usb-storage disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-kernel_module_vfat_disabled:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable Mounting of vFAT filesystems</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The kernel module vfat should be disabled.</oval-def:description>
<oval-def:reference ref_id="CCE-82169-4" source="CCE"/>
<oval-def:reference ref_id="kernel_module_vfat_disabled" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_kernmod_vfat_disabled:tst:1" comment="kernel module vfat disabled in /etc/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_vfat_etcmodules-load:tst:1" comment="kernel module vfat disabled in /etc/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_vfat_runmodules-load:tst:1" comment="kernel module vfat disabled in /run/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_vfat_libmodules-load:tst:1" comment="kernel module vfat disabled in /usr/lib/modules-load.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_vfat_runmodprobed:tst:1" comment="kernel module vfat disabled in /run/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_vfat_libmodprobed:tst:1" comment="kernel module vfat disabled in /usr/lib/modprobe.d"/>
<oval-def:criterion test_ref="oval:ssg-test_kernmod_vfat_modprobeconf:tst:1" comment="kernel module vfat disabled in /etc/modprobe.conf"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_boot_noauto:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add noauto Option to /boot</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/boot should be mounted with mount option noauto.</oval-def:description>
<oval-def:reference ref_id="CCE-83344-2" source="CCE"/>
<oval-def:reference ref_id="mount_option_boot_noauto" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="noauto on /boot" test_ref="oval:ssg-test_boot_partition_noauto_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_boot_nodev:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nodev Option to /boot</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/boot should be mounted with mount option nodev.</oval-def:description>
<oval-def:reference ref_id="CCE-82135-5" source="CCE"/>
<oval-def:reference ref_id="mount_option_boot_nodev" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nodev on /boot" test_ref="oval:ssg-test_boot_partition_nodev_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_boot_noexec:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add noexec Option to /boot</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/boot should be mounted with mount option noexec.</oval-def:description>
<oval-def:reference ref_id="CCE-83315-2" source="CCE"/>
<oval-def:reference ref_id="mount_option_boot_noexec" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="noexec on /boot" test_ref="oval:ssg-test_boot_partition_noexec_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_boot_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /boot</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/boot should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-82138-9" source="CCE"/>
<oval-def:reference ref_id="mount_option_boot_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /boot" test_ref="oval:ssg-test_boot_partition_nosuid_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_dev_shm_nodev:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nodev Option to /dev/shm</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/dev/shm should be mounted with mount option nodev.</oval-def:description>
<oval-def:reference ref_id="CCE-80152-2" source="CCE"/>
<oval-def:reference ref_id="mount_option_dev_shm_nodev" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nodev on /dev/shm" test_ref="oval:ssg-test_dev_shm_partition_nodev_optional_no:tst:1"/>
<oval-def:criterion comment="/dev/shm does not exist" test_ref="oval:ssg-test_dev_shm_no_partition_nodev_optional_no:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_dev_shm_noexec:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add noexec Option to /dev/shm</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/dev/shm should be mounted with mount option noexec.</oval-def:description>
<oval-def:reference ref_id="CCE-80153-0" source="CCE"/>
<oval-def:reference ref_id="mount_option_dev_shm_noexec" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="noexec on /dev/shm" test_ref="oval:ssg-test_dev_shm_partition_noexec_optional_no:tst:1"/>
<oval-def:criterion comment="/dev/shm does not exist" test_ref="oval:ssg-test_dev_shm_no_partition_noexec_optional_no:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_dev_shm_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /dev/shm</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/dev/shm should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-80154-8" source="CCE"/>
<oval-def:reference ref_id="mount_option_dev_shm_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /dev/shm" test_ref="oval:ssg-test_dev_shm_partition_nosuid_optional_no:tst:1"/>
<oval-def:criterion comment="/dev/shm does not exist" test_ref="oval:ssg-test_dev_shm_no_partition_nosuid_optional_no:tst:1" negate="true"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_home_nodev:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nodev Option to /home</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/home should be mounted with mount option nodev.</oval-def:description>
<oval-def:reference ref_id="CCE-81047-3" source="CCE"/>
<oval-def:reference ref_id="mount_option_home_nodev" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nodev on /home" test_ref="oval:ssg-test_home_partition_nodev_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_home_noexec:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add noexec Option to /home</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/home should be mounted with mount option noexec.</oval-def:description>
<oval-def:reference ref_id="CCE-83327-7" source="CCE"/>
<oval-def:reference ref_id="mount_option_home_noexec" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="noexec on /home" test_ref="oval:ssg-test_home_partition_noexec_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_home_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /home</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/home should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-81153-9" source="CCE"/>
<oval-def:reference ref_id="mount_option_home_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /home" test_ref="oval:ssg-test_home_partition_nosuid_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_krb_sec_remote_filesystems:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Mount Remote Filesystems with Kerberos Security</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The sec_krb5_krb5i_krb5p option should be enabled for all NFS mounts in /etc/fstab.</oval-def:description>
<oval-def:reference ref_id="CCE-27458-9" source="CCE"/>
<oval-def:reference ref_id="mount_option_krb_sec_remote_filesystems" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="XOR">
<oval-def:criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_no_nfs_defined_etc_fstab_sec_krb5_krb5i_krb5p:tst:1"/>
<oval-def:criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_nfs_sec_krb5_krb5i_krb5p_etc_fstab:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_nodev_remote_filesystems:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Mount Remote Filesystems with nodev</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The nodev option should be enabled for all NFS mounts in /etc/fstab.</oval-def:description>
<oval-def:reference ref_id="CCE-80239-7" source="CCE"/>
<oval-def:reference ref_id="mount_option_nodev_remote_filesystems" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="XOR">
<oval-def:criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_no_nfs_defined_etc_fstab_nodev:tst:1"/>
<oval-def:criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_nfs_nodev_etc_fstab:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_nodev_removable_partitions:def:1" version="5">
<oval-def:metadata>
<oval-def:title>Add nodev Option to Removable Media Partitions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The nodev option should be enabled for all removable devices mounts in /etc/fstab.</oval-def:description>
<oval-def:reference ref_id="CCE-80146-4" source="CCE"/>
<oval-def:reference ref_id="mount_option_nodev_removable_partitions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="Check if removable partition really exists on the system" definition_ref="oval:ssg-removable_partition_doesnt_exist:def:1"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Check if removable partition value represents CD/DVD drive" definition_ref="oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_nodev_etc_fstab_cd_dvd_drive:tst:1" comment="Check if at least one from CD/DVD drive alternative names is using 'nodev' mount option in /etc/fstab"/>
<oval-def:extend_definition definition_ref="oval:ssg-no_cd_dvd_drive_in_etc_fstab:def:1" comment="Check if CD/DVD drive is not configured to automount in /etc/fstab"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_nodev_etc_fstab_not_cd_dvd_drive:tst:1" comment="Check if removable partition is using 'nodev' mount option in /etc/fstab"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_noexec_remote_filesystems:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Mount Remote Filesystems with noexec</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The noexec option should be enabled for all NFS mounts in /etc/fstab.</oval-def:description>
<oval-def:reference ref_id="CCE-80436-9" source="CCE"/>
<oval-def:reference ref_id="mount_option_noexec_remote_filesystems" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="XOR">
<oval-def:criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_no_nfs_defined_etc_fstab_noexec:tst:1"/>
<oval-def:criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_nfs_noexec_etc_fstab:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_noexec_removable_partitions:def:1" version="5">
<oval-def:metadata>
<oval-def:title>Add noexec Option to Removable Media Partitions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The noexec option should be enabled for all removable devices mounts in /etc/fstab.</oval-def:description>
<oval-def:reference ref_id="CCE-80147-2" source="CCE"/>
<oval-def:reference ref_id="mount_option_noexec_removable_partitions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="Check if removable partition really exists on the system" definition_ref="oval:ssg-removable_partition_doesnt_exist:def:1"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Check if removable partition value represents CD/DVD drive" definition_ref="oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_noexec_etc_fstab_cd_dvd_drive:tst:1" comment="Check if at least one from CD/DVD drive alternative names is using 'noexec' mount option in /etc/fstab"/>
<oval-def:extend_definition definition_ref="oval:ssg-no_cd_dvd_drive_in_etc_fstab:def:1" comment="Check if CD/DVD drive is not configured to automount in /etc/fstab"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_noexec_etc_fstab_not_cd_dvd_drive:tst:1" comment="Check if removable partition is using 'noexec' mount option in /etc/fstab"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_nosuid_remote_filesystems:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Mount Remote Filesystems with nosuid</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The nosuid option should be enabled for all NFS mounts in /etc/fstab.</oval-def:description>
<oval-def:reference ref_id="CCE-80240-5" source="CCE"/>
<oval-def:reference ref_id="mount_option_nosuid_remote_filesystems" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="XOR">
<oval-def:criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_no_nfs_defined_etc_fstab_nosuid:tst:1"/>
<oval-def:criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_nfs_nosuid_etc_fstab:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_nosuid_removable_partitions:def:1" version="5">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to Removable Media Partitions</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The nosuid option should be enabled for all removable devices mounts in /etc/fstab.</oval-def:description>
<oval-def:reference ref_id="CCE-80148-0" source="CCE"/>
<oval-def:reference ref_id="mount_option_nosuid_removable_partitions" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:extend_definition comment="Check if removable partition really exists on the system" definition_ref="oval:ssg-removable_partition_doesnt_exist:def:1"/>
<oval-def:criteria operator="AND">
<oval-def:extend_definition comment="Check if removable partition value represents CD/DVD drive" definition_ref="oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1"/>
<oval-def:criteria operator="OR">
<oval-def:criterion test_ref="oval:ssg-test_nosuid_etc_fstab_cd_dvd_drive:tst:1" comment="Check if at least one from CD/DVD drive alternative names is using 'nosuid' mount option in /etc/fstab"/>
<oval-def:extend_definition definition_ref="oval:ssg-no_cd_dvd_drive_in_etc_fstab:def:1" comment="Check if CD/DVD drive is not configured to automount in /etc/fstab"/>
</oval-def:criteria>
</oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-test_nosuid_etc_fstab_not_cd_dvd_drive:tst:1" comment="Check if removable partition is using 'nosuid' mount option in /etc/fstab"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_opt_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /opt</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/opt should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-83317-8" source="CCE"/>
<oval-def:reference ref_id="mount_option_opt_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /opt" test_ref="oval:ssg-test_opt_partition_nosuid_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_srv_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /srv</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/srv should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-83320-2" source="CCE"/>
<oval-def:reference ref_id="mount_option_srv_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /srv" test_ref="oval:ssg-test_srv_partition_nosuid_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_tmp_nodev:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nodev Option to /tmp</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/tmp should be mounted with mount option nodev.</oval-def:description>
<oval-def:reference ref_id="CCE-80149-8" source="CCE"/>
<oval-def:reference ref_id="mount_option_tmp_nodev" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nodev on /tmp" test_ref="oval:ssg-test_tmp_partition_nodev_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_tmp_noexec:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add noexec Option to /tmp</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/tmp should be mounted with mount option noexec.</oval-def:description>
<oval-def:reference ref_id="CCE-80150-6" source="CCE"/>
<oval-def:reference ref_id="mount_option_tmp_noexec" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="noexec on /tmp" test_ref="oval:ssg-test_tmp_partition_noexec_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_tmp_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /tmp</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/tmp should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-80151-4" source="CCE"/>
<oval-def:reference ref_id="mount_option_tmp_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /tmp" test_ref="oval:ssg-test_tmp_partition_nosuid_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_log_audit_nodev:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nodev Option to /var/log/audit</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var/log/audit should be mounted with mount option nodev.</oval-def:description>
<oval-def:reference ref_id="CCE-82079-5" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_log_audit_nodev" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nodev on /var/log/audit" test_ref="oval:ssg-test_var_log_audit_partition_nodev_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_log_audit_noexec:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add noexec Option to /var/log/audit</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var/log/audit should be mounted with mount option noexec.</oval-def:description>
<oval-def:reference ref_id="CCE-82146-2" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_log_audit_noexec" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="noexec on /var/log/audit" test_ref="oval:ssg-test_var_log_audit_partition_noexec_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_log_audit_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /var/log/audit</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var/log/audit should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-82148-8" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_log_audit_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /var/log/audit" test_ref="oval:ssg-test_var_log_audit_partition_nosuid_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_log_nodev:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nodev Option to /var/log</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var/log should be mounted with mount option nodev.</oval-def:description>
<oval-def:reference ref_id="CCE-82076-1" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_log_nodev" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nodev on /var/log" test_ref="oval:ssg-test_var_log_partition_nodev_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_log_noexec:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add noexec Option to /var/log</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var/log should be mounted with mount option noexec.</oval-def:description>
<oval-def:reference ref_id="CCE-82142-1" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_log_noexec" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="noexec on /var/log" test_ref="oval:ssg-test_var_log_partition_noexec_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_log_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /var/log</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var/log should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-82144-7" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_log_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /var/log" test_ref="oval:ssg-test_var_log_partition_nosuid_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_nodev:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nodev Option to /var</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var should be mounted with mount option nodev.</oval-def:description>
<oval-def:reference ref_id="CCE-82064-7" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_nodev" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nodev on /var" test_ref="oval:ssg-test_var_partition_nodev_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_noexec:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add noexec Option to /var</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var should be mounted with mount option noexec.</oval-def:description>
<oval-def:reference ref_id="CCE-83329-3" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_noexec" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="noexec on /var" test_ref="oval:ssg-test_var_partition_noexec_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /var</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-83378-0" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /var" test_ref="oval:ssg-test_var_partition_nosuid_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_tmp_nodev:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nodev Option to /var/tmp</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var/tmp should be mounted with mount option nodev.</oval-def:description>
<oval-def:reference ref_id="CCE-81052-3" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_tmp_nodev" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nodev on /var/tmp" test_ref="oval:ssg-test_var_tmp_partition_nodev_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_tmp_noexec:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add noexec Option to /var/tmp</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var/tmp should be mounted with mount option noexec.</oval-def:description>
<oval-def:reference ref_id="CCE-82150-4" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_tmp_noexec" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="noexec on /var/tmp" test_ref="oval:ssg-test_var_tmp_partition_noexec_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-mount_option_var_tmp_nosuid:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Add nosuid Option to /var/tmp</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>/var/tmp should be mounted with mount option nosuid.</oval-def:description>
<oval-def:reference ref_id="CCE-82153-8" source="CCE"/>
<oval-def:reference ref_id="mount_option_var_tmp_nosuid" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria operator="OR">
<oval-def:criterion comment="nosuid on /var/tmp" test_ref="oval:ssg-test_var_tmp_partition_nosuid_optional_yes:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_GConf2_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>package_GConf2_installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package GConf2 should be installed.</oval-def:description>
<oval-def:reference ref_id="package_GConf2_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package GConf2 is installed" test_ref="oval:ssg-test_package_GConf2_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_MFEhiplsm_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the Host Intrusion Prevention System (HIPS) Module</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package MFEhiplsm should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80368-4" source="CCE"/>
<oval-def:reference ref_id="package_MFEhiplsm_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package MFEhiplsm is installed" test_ref="oval:ssg-test_package_MFEhiplsm_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_abrt-addon-ccpp_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall abrt-addon-ccpp Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package abrt-addon-ccpp should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82920-0" source="CCE"/>
<oval-def:reference ref_id="package_abrt-addon-ccpp_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package abrt-addon-ccpp is removed" test_ref="oval:ssg-test_package_abrt-addon-ccpp_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_abrt-addon-kerneloops_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall abrt-addon-kerneloops Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package abrt-addon-kerneloops should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82927-5" source="CCE"/>
<oval-def:reference ref_id="package_abrt-addon-kerneloops_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package abrt-addon-kerneloops is removed" test_ref="oval:ssg-test_package_abrt-addon-kerneloops_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_abrt-addon-python_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall abrt-addon-python Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package abrt-addon-python should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82924-2" source="CCE"/>
<oval-def:reference ref_id="package_abrt-addon-python_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package abrt-addon-python is removed" test_ref="oval:ssg-test_package_abrt-addon-python_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_abrt-cli_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall abrt-cli Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package abrt-cli should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82908-5" source="CCE"/>
<oval-def:reference ref_id="package_abrt-cli_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package abrt-cli is removed" test_ref="oval:ssg-test_package_abrt-cli_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_abrt-plugin-logger_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall abrt-plugin-logger Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package abrt-plugin-logger should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82914-3" source="CCE"/>
<oval-def:reference ref_id="package_abrt-plugin-logger_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package abrt-plugin-logger is removed" test_ref="oval:ssg-test_package_abrt-plugin-logger_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_abrt-plugin-rhtsupport_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall abrt-plugin-rhtsupport Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package abrt-plugin-rhtsupport should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82917-6" source="CCE"/>
<oval-def:reference ref_id="package_abrt-plugin-rhtsupport_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package abrt-plugin-rhtsupport is removed" test_ref="oval:ssg-test_package_abrt-plugin-rhtsupport_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_abrt-plugin-sosreport_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall abrt-plugin-sosreport Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package abrt-plugin-sosreport should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82911-9" source="CCE"/>
<oval-def:reference ref_id="package_abrt-plugin-sosreport_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package abrt-plugin-sosreport is removed" test_ref="oval:ssg-test_package_abrt-plugin-sosreport_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_abrt_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall Automatic Bug Reporting Tool (abrt)</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package abrt should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-81040-8" source="CCE"/>
<oval-def:reference ref_id="package_abrt_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package abrt is removed" test_ref="oval:ssg-test_package_abrt_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_aide_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install AIDE</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package aide should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-27096-7" source="CCE"/>
<oval-def:reference ref_id="package_aide_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package aide is installed" test_ref="oval:ssg-test_package_aide_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_audispd-plugins_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install audispd-plugins Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package audispd-plugins should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82954-9" source="CCE"/>
<oval-def:reference ref_id="package_audispd-plugins_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package audispd-plugins is installed" test_ref="oval:ssg-test_package_audispd-plugins_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_audit-audispd-plugins_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure the default plugins for the audit dispatcher are Installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package audit-audispd-plugins should be installed.</oval-def:description>
<oval-def:reference ref_id="package_audit-audispd-plugins_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package audit-audispd-plugins is installed" test_ref="oval:ssg-test_package_audit-audispd-plugins_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_audit_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure the audit Subsystem is Installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package audit should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-81042-4" source="CCE"/>
<oval-def:reference ref_id="package_audit_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package audit is installed" test_ref="oval:ssg-test_package_audit_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_avahi_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>package_avahi_installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package avahi should be installed.</oval-def:description>
<oval-def:reference ref_id="package_avahi_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package avahi is installed" test_ref="oval:ssg-test_package_avahi_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_bind_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall bind Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package bind should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80326-2" source="CCE"/>
<oval-def:reference ref_id="package_bind_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package bind is removed" test_ref="oval:ssg-test_package_bind_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_binutils_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install binutils Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package binutils should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82990-3" source="CCE"/>
<oval-def:reference ref_id="package_binutils_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package binutils is installed" test_ref="oval:ssg-test_package_binutils_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_chrony_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>The Chrony package is installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package chrony should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-83419-2" source="CCE"/>
<oval-def:reference ref_id="package_chrony_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package chrony is installed" test_ref="oval:ssg-test_package_chrony_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_cron_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the cron service</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package cron should be installed.</oval-def:description>
<oval-def:reference ref_id="package_cron_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package cron is installed" test_ref="oval:ssg-test_package_cron_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_cryptsetup-luks_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install cryptsetup-luks Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package cryptsetup-luks should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82996-0" source="CCE"/>
<oval-def:reference ref_id="package_cryptsetup-luks_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package cryptsetup-luks is installed" test_ref="oval:ssg-test_package_cryptsetup-luks_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_dconf_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>package_dconf_installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package dconf should be installed.</oval-def:description>
<oval-def:reference ref_id="package_dconf_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package dconf is installed" test_ref="oval:ssg-test_package_dconf_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_dhcp_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall DHCP Server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package dhcp should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80331-2" source="CCE"/>
<oval-def:reference ref_id="package_dhcp_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package dhcp is removed" test_ref="oval:ssg-test_package_dhcp_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_docker_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the docker Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package docker should be installed.</oval-def:description>
<oval-def:reference ref_id="package_docker_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package docker is installed" test_ref="oval:ssg-test_package_docker_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_dovecot_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall dovecot Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package dovecot should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80295-9" source="CCE"/>
<oval-def:reference ref_id="package_dovecot_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package dovecot is removed" test_ref="oval:ssg-test_package_dovecot_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_esc_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>package_esc_installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package esc should be installed.</oval-def:description>
<oval-def:reference ref_id="package_esc_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package esc is installed" test_ref="oval:ssg-test_package_esc_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_firewalld_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install firewalld Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package firewalld should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82999-4" source="CCE"/>
<oval-def:reference ref_id="package_firewalld_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package firewalld is installed" test_ref="oval:ssg-test_package_firewalld_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_freeradius_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove the FreeRadius Server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package freeradius should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82751-9" source="CCE"/>
<oval-def:reference ref_id="package_freeradius_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package freeradius is removed" test_ref="oval:ssg-test_package_freeradius_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_gdm_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>package_gdm_installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package gdm should be installed.</oval-def:description>
<oval-def:reference ref_id="package_gdm_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package gdm is installed" test_ref="oval:ssg-test_package_gdm_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_gdm_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove the GDM Package Group</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package gdm should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82348-4" source="CCE"/>
<oval-def:reference ref_id="package_gdm_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package gdm is removed" test_ref="oval:ssg-test_package_gdm_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_geolite2-city_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall geolite2-city Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package geolite2-city should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82940-8" source="CCE"/>
<oval-def:reference ref_id="package_geolite2-city_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package geolite2-city is removed" test_ref="oval:ssg-test_package_geolite2-city_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_geolite2-country_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall geolite2-country Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package geolite2-country should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82937-4" source="CCE"/>
<oval-def:reference ref_id="package_geolite2-country_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package geolite2-country is removed" test_ref="oval:ssg-test_package_geolite2-country_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_gnutls-utils_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure gnutls-utils is installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package gnutls-utils should be installed.</oval-def:description>
<oval-def:reference ref_id="package_gnutls-utils_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package gnutls-utils is installed" test_ref="oval:ssg-test_package_gnutls-utils_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_gssproxy_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall gssproxy Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package gssproxy should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82944-0" source="CCE"/>
<oval-def:reference ref_id="package_gssproxy_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package gssproxy is removed" test_ref="oval:ssg-test_package_gssproxy_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_httpd_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall httpd Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package httpd should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80301-5" source="CCE"/>
<oval-def:reference ref_id="package_httpd_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package httpd is removed" test_ref="oval:ssg-test_package_httpd_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_inetutils-telnetd_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall the inet-based telnet server</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package inetutils-telnetd should be removed.</oval-def:description>
<oval-def:reference ref_id="package_inetutils-telnetd_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package inetutils-telnetd is removed" test_ref="oval:ssg-test_package_inetutils-telnetd_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_iprutils_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall iprutils Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package iprutils should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82947-3" source="CCE"/>
<oval-def:reference ref_id="package_iprutils_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package iprutils is removed" test_ref="oval:ssg-test_package_iprutils_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_iptables_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install iptables Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package iptables should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82983-8" source="CCE"/>
<oval-def:reference ref_id="package_iptables_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package iptables is installed" test_ref="oval:ssg-test_package_iptables_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_krb5-server_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove the Kerberos Server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package krb5-server should be removed.</oval-def:description>
<oval-def:reference ref_id="package_krb5-server_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package krb5-server is removed" test_ref="oval:ssg-test_package_krb5-server_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_krb5-workstation_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall krb5-workstation Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package krb5-workstation should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82930-9" source="CCE"/>
<oval-def:reference ref_id="package_krb5-workstation_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package krb5-workstation is removed" test_ref="oval:ssg-test_package_krb5-workstation_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_libcap-ng-utils_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install libcap-ng-utils Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package libcap-ng-utils should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82980-4" source="CCE"/>
<oval-def:reference ref_id="package_libcap-ng-utils_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package libcap-ng-utils is installed" test_ref="oval:ssg-test_package_libcap-ng-utils_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_libreswan_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install libreswan Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package libreswan should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80170-4" source="CCE"/>
<oval-def:reference ref_id="package_libreswan_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package libreswan is installed" test_ref="oval:ssg-test_package_libreswan_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_libselinux_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install libselinux Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package libselinux should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82876-4" source="CCE"/>
<oval-def:reference ref_id="package_libselinux_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package libselinux is installed" test_ref="oval:ssg-test_package_libselinux_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_mcafeetp_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install McAfee Endpoint Security for Linux (ENSL)</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package mcafeetp should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-86257-3" source="CCE"/>
<oval-def:reference ref_id="package_mcafeetp_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package mcafeetp is installed" test_ref="oval:ssg-test_package_mcafeetp_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_mcstrans_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall mcstrans Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package mcstrans should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80445-0" source="CCE"/>
<oval-def:reference ref_id="package_mcstrans_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package mcstrans is removed" test_ref="oval:ssg-test_package_mcstrans_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_net-snmp_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall net-snmp Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package net-snmp should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80275-1" source="CCE"/>
<oval-def:reference ref_id="package_net-snmp_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package net-snmp is removed" test_ref="oval:ssg-test_package_net-snmp_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_nfs-utils_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall nfs-utils Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package nfs-utils should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82933-3" source="CCE"/>
<oval-def:reference ref_id="package_nfs-utils_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package nfs-utils is removed" test_ref="oval:ssg-test_package_nfs-utils_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_nis_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall the nis package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package nis should be removed.</oval-def:description>
<oval-def:reference ref_id="package_nis_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package nis is removed" test_ref="oval:ssg-test_package_nis_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_nss-tools_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure nss-tools is installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package nss-tools should be installed.</oval-def:description>
<oval-def:reference ref_id="package_nss-tools_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package nss-tools is installed" test_ref="oval:ssg-test_package_nss-tools_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_ntp_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the ntp service</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package ntp should be installed.</oval-def:description>
<oval-def:reference ref_id="package_ntp_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package ntp is installed" test_ref="oval:ssg-test_package_ntp_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_ntpdate_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall the ntpdate package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package ntpdate should be removed.</oval-def:description>
<oval-def:reference ref_id="package_ntpdate_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package ntpdate is removed" test_ref="oval:ssg-test_package_ntpdate_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_openldap-clients_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure LDAP client is not installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package openldap-clients should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82884-8" source="CCE"/>
<oval-def:reference ref_id="package_openldap-clients_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package openldap-clients is removed" test_ref="oval:ssg-test_package_openldap-clients_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_openldap-servers_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall openldap-servers Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package openldap-servers should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80293-4" source="CCE"/>
<oval-def:reference ref_id="package_openldap-servers_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package openldap-servers is removed" test_ref="oval:ssg-test_package_openldap-servers_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_opensc_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the opensc Package For Multifactor Authentication</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package opensc should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80568-9" source="CCE"/>
<oval-def:reference ref_id="package_opensc_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package opensc is installed" test_ref="oval:ssg-test_package_opensc_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_openscap-scanner_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install openscap-scanner Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package openscap-scanner should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82219-7" source="CCE"/>
<oval-def:reference ref_id="package_openscap-scanner_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package openscap-scanner is installed" test_ref="oval:ssg-test_package_openscap-scanner_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_openssh-server_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the OpenSSH Server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package openssh-server should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80215-7" source="CCE"/>
<oval-def:reference ref_id="package_openssh-server_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package openssh-server is installed" test_ref="oval:ssg-test_package_openssh-server_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_openssh-server_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove the OpenSSH Server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package openssh-server should be removed.</oval-def:description>
<oval-def:reference ref_id="package_openssh-server_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package openssh-server is removed" test_ref="oval:ssg-test_package_openssh-server_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_pam_ldap_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>package_pam_ldap_removed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package pam_ldap should be removed.</oval-def:description>
<oval-def:reference ref_id="package_pam_ldap_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package pam_ldap is removed" test_ref="oval:ssg-test_package_pam_ldap_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_pcsc-lite_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the pcsc-lite package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package pcsc-lite should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82347-6" source="CCE"/>
<oval-def:reference ref_id="package_pcsc-lite_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package pcsc-lite is installed" test_ref="oval:ssg-test_package_pcsc-lite_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_policycoreutils_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install policycoreutils Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package policycoreutils should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82977-0" source="CCE"/>
<oval-def:reference ref_id="package_policycoreutils_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package policycoreutils is installed" test_ref="oval:ssg-test_package_policycoreutils_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_prelink_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>package_prelink_removed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package prelink should be removed.</oval-def:description>
<oval-def:reference ref_id="package_prelink_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package prelink is removed" test_ref="oval:ssg-test_package_prelink_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_psacct_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the psacct package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package psacct should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82403-7" source="CCE"/>
<oval-def:reference ref_id="package_psacct_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package psacct is installed" test_ref="oval:ssg-test_package_psacct_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_quagga_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall quagga Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package quagga should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27594-1" source="CCE"/>
<oval-def:reference ref_id="package_quagga_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package quagga is removed" test_ref="oval:ssg-test_package_quagga_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_rear_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install rear Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package rear should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82882-2" source="CCE"/>
<oval-def:reference ref_id="package_rear_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package rear is installed" test_ref="oval:ssg-test_package_rear_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_rng-tools_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install rng-tools Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package rng-tools should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82969-7" source="CCE"/>
<oval-def:reference ref_id="package_rng-tools_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package rng-tools is installed" test_ref="oval:ssg-test_package_rng-tools_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_rsh-server_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall rsh-server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package rsh-server should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27342-5" source="CCE"/>
<oval-def:reference ref_id="package_rsh-server_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package rsh-server is removed" test_ref="oval:ssg-test_package_rsh-server_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_rsh_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall rsh Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package rsh should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27274-0" source="CCE"/>
<oval-def:reference ref_id="package_rsh_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package rsh is removed" test_ref="oval:ssg-test_package_rsh_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_rsyslog-gnutls_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure rsyslog-gnutls is installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package rsyslog-gnutls should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-86724-2" source="CCE"/>
<oval-def:reference ref_id="package_rsyslog-gnutls_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package rsyslog-gnutls is installed" test_ref="oval:ssg-test_package_rsyslog-gnutls_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_rsyslog_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure rsyslog is Installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package rsyslog should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80187-8" source="CCE"/>
<oval-def:reference ref_id="package_rsyslog_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package rsyslog is installed" test_ref="oval:ssg-test_package_rsyslog_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_samba-common_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the Samba Common Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package samba-common should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80360-1" source="CCE"/>
<oval-def:reference ref_id="package_samba-common_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package samba-common is installed" test_ref="oval:ssg-test_package_samba-common_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_samba-common_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>package_samba-common_removed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package samba-common should be removed.</oval-def:description>
<oval-def:reference ref_id="package_samba-common_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package samba-common is removed" test_ref="oval:ssg-test_package_samba-common_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_samba_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall Samba Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package samba should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80278-5" source="CCE"/>
<oval-def:reference ref_id="package_samba_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package samba is removed" test_ref="oval:ssg-test_package_samba_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_scap-security-guide_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install scap-security-guide Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package scap-security-guide should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82951-5" source="CCE"/>
<oval-def:reference ref_id="package_scap-security-guide_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package scap-security-guide is installed" test_ref="oval:ssg-test_package_scap-security-guide_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_screen_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the screen Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package screen should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-27351-6" source="CCE"/>
<oval-def:reference ref_id="package_screen_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package screen is installed" test_ref="oval:ssg-test_package_screen_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_sendmail_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall Sendmail Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package sendmail should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80288-4" source="CCE"/>
<oval-def:reference ref_id="package_sendmail_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package sendmail is removed" test_ref="oval:ssg-test_package_sendmail_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_setroubleshoot-plugins_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall setroubleshoot-plugins Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package setroubleshoot-plugins should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-84249-2" source="CCE"/>
<oval-def:reference ref_id="package_setroubleshoot-plugins_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package setroubleshoot-plugins is removed" test_ref="oval:ssg-test_package_setroubleshoot-plugins_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_setroubleshoot-server_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall setroubleshoot-server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package setroubleshoot-server should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-83488-7" source="CCE"/>
<oval-def:reference ref_id="package_setroubleshoot-server_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package setroubleshoot-server is removed" test_ref="oval:ssg-test_package_setroubleshoot-server_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_setroubleshoot_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall setroubleshoot Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package setroubleshoot should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80444-3" source="CCE"/>
<oval-def:reference ref_id="package_setroubleshoot_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package setroubleshoot is removed" test_ref="oval:ssg-test_package_setroubleshoot_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_squid_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall squid Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package squid should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80286-8" source="CCE"/>
<oval-def:reference ref_id="package_squid_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package squid is removed" test_ref="oval:ssg-test_package_squid_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_sssd-ipa_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install sssd-ipa Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package sssd-ipa should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82993-7" source="CCE"/>
<oval-def:reference ref_id="package_sssd-ipa_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package sssd-ipa is installed" test_ref="oval:ssg-test_package_sssd-ipa_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_sssd_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install the SSSD Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package sssd should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80362-7" source="CCE"/>
<oval-def:reference ref_id="package_sssd_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package sssd is installed" test_ref="oval:ssg-test_package_sssd_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_subscription-manager_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install subscription-manager Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package subscription-manager should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82638-8" source="CCE"/>
<oval-def:reference ref_id="package_subscription-manager_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package subscription-manager is installed" test_ref="oval:ssg-test_package_subscription-manager_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_sudo_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install sudo Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package sudo should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82213-0" source="CCE"/>
<oval-def:reference ref_id="package_sudo_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package sudo is installed" test_ref="oval:ssg-test_package_sudo_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_syslogng_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure syslog-ng is Installed</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package syslog-ng should be installed.</oval-def:description>
<oval-def:reference ref_id="package_syslogng_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package syslog-ng is installed" test_ref="oval:ssg-test_package_syslog-ng_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_talk-server_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall talk-server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package talk-server should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27210-4" source="CCE"/>
<oval-def:reference ref_id="package_talk-server_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package talk-server is removed" test_ref="oval:ssg-test_package_talk-server_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_talk_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall talk Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package talk should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27432-4" source="CCE"/>
<oval-def:reference ref_id="package_talk_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package talk is removed" test_ref="oval:ssg-test_package_talk_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_tar_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install tar Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package tar should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82966-3" source="CCE"/>
<oval-def:reference ref_id="package_tar_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package tar is installed" test_ref="oval:ssg-test_package_tar_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_tcp_wrappers_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install tcp_wrappers Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package tcp_wrappers should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-27361-5" source="CCE"/>
<oval-def:reference ref_id="package_tcp_wrappers_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package tcp_wrappers is installed" test_ref="oval:ssg-test_package_tcp_wrappers_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_telnet-server_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall telnet-server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package telnet-server should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27165-0" source="CCE"/>
<oval-def:reference ref_id="package_telnet-server_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package telnet-server is removed" test_ref="oval:ssg-test_package_telnet-server_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_telnet_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove telnet Clients</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package telnet should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27305-2" source="CCE"/>
<oval-def:reference ref_id="package_telnet_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package telnet is removed" test_ref="oval:ssg-test_package_telnet_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_telnetd-ssl_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall the ssl compliant telnet server</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package telnetd-ssl should be removed.</oval-def:description>
<oval-def:reference ref_id="package_telnetd-ssl_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package telnetd-ssl is removed" test_ref="oval:ssg-test_package_telnetd-ssl_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_telnetd_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall the telnet server</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package telnetd should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82461-5" source="CCE"/>
<oval-def:reference ref_id="package_telnetd_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package telnetd is removed" test_ref="oval:ssg-test_package_telnetd_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_tftp-server_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall tftp-server Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package tftp-server should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80213-2" source="CCE"/>
<oval-def:reference ref_id="package_tftp-server_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package tftp-server is removed" test_ref="oval:ssg-test_package_tftp-server_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_tftp_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove tftp Daemon</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package tftp should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80443-5" source="CCE"/>
<oval-def:reference ref_id="package_tftp_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package tftp is removed" test_ref="oval:ssg-test_package_tftp_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_tuned_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall tuned Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package tuned should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-82905-1" source="CCE"/>
<oval-def:reference ref_id="package_tuned_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package tuned is removed" test_ref="oval:ssg-test_package_tuned_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_usbguard_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install usbguard Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package usbguard should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82960-6" source="CCE"/>
<oval-def:reference ref_id="package_usbguard_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package usbguard is installed" test_ref="oval:ssg-test_package_usbguard_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_vim_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install vim Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package vim-enhanced should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-82957-2" source="CCE"/>
<oval-def:reference ref_id="package_vim_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package vim-enhanced is installed" test_ref="oval:ssg-test_package_vim-enhanced_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_vsftpd_installed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Install vsftpd Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package vsftpd should be installed.</oval-def:description>
<oval-def:reference ref_id="CCE-80246-2" source="CCE"/>
<oval-def:reference ref_id="package_vsftpd_installed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package vsftpd is installed" test_ref="oval:ssg-test_package_vsftpd_installed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_vsftpd_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall vsftpd Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package vsftpd should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-80245-4" source="CCE"/>
<oval-def:reference ref_id="package_vsftpd_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package vsftpd is removed" test_ref="oval:ssg-test_package_vsftpd_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_xinetd_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall xinetd Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package xinetd should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27354-0" source="CCE"/>
<oval-def:reference ref_id="package_xinetd_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package xinetd is removed" test_ref="oval:ssg-test_package_xinetd_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_xorg-x11-server-common_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove the X Windows Package Group</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package xorg-x11-server-common should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27218-7" source="CCE"/>
<oval-def:reference ref_id="package_xorg-x11-server-common_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package xorg-x11-server-common is removed" test_ref="oval:ssg-test_package_xorg-x11-server-common_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_ypbind_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Remove NIS Client</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package ypbind should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27396-1" source="CCE"/>
<oval-def:reference ref_id="package_ypbind_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package ypbind is removed" test_ref="oval:ssg-test_package_ypbind_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-package_ypserv_removed:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Uninstall ypserv Package</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The RPM package ypserv should be removed.</oval-def:description>
<oval-def:reference ref_id="CCE-27399-5" source="CCE"/>
<oval-def:reference ref_id="package_ypserv_removed" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="package ypserv is removed" test_ref="oval:ssg-test_package_ypserv_removed:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_boot:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /boot Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-83333-5" source="CCE"/>
<oval-def:reference ref_id="partition_for_boot" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testboot_partition:tst:1" comment="/boot on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_home:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /home Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-80144-9" source="CCE"/>
<oval-def:reference ref_id="partition_for_home" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testhome_partition:tst:1" comment="/home on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_opt:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /opt Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-83339-2" source="CCE"/>
<oval-def:reference ref_id="partition_for_opt" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testopt_partition:tst:1" comment="/opt on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_srv:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /srv Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-83376-4" source="CCE"/>
<oval-def:reference ref_id="partition_for_srv" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testsrv_partition:tst:1" comment="/srv on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_tmp:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /tmp Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-82053-0" source="CCE"/>
<oval-def:reference ref_id="partition_for_tmp" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testtmp_partition:tst:1" comment="/tmp on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_usr:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /usr Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-83342-6" source="CCE"/>
<oval-def:reference ref_id="partition_for_usr" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testusr_partition:tst:1" comment="/usr on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_var:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /var Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-82014-2" source="CCE"/>
<oval-def:reference ref_id="partition_for_var" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testvar_partition:tst:1" comment="/var on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_var_log:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /var/log Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-82034-0" source="CCE"/>
<oval-def:reference ref_id="partition_for_var_log" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testvar_log_partition:tst:1" comment="/var/log on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_var_log_audit:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /var/log/audit Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-82035-7" source="CCE"/>
<oval-def:reference ref_id="partition_for_var_log_audit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testvar_log_audit_partition:tst:1" comment="/var/log/audit on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-partition_for_var_tmp:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Ensure /var/tmp Located On Separate Partition</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>If stored locally, create a separate partition for
. If will be mounted from another
system such as an NFS server, then creating a separate partition is not
necessary at this time, and the mountpoint can instead be configured
later.</oval-def:description>
<oval-def:reference ref_id="CCE-82353-4" source="CCE"/>
<oval-def:reference ref_id="partition_for_var_tmp" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion test_ref="oval:ssg-testvar_tmp_partition:tst:1" comment="/var/tmp on own partition"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sebool_abrt_anon_write:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable the abrt_anon_write SELinux Boolean</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SELinux 'abrt_anon_write' boolean should be set in the system configuration.</oval-def:description>
<oval-def:reference ref_id="CCE-80419-5" source="CCE"/>
<oval-def:reference ref_id="sebool_abrt_anon_write" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="abrt_anon_write is configured correctly" test_ref="oval:ssg-test_sebool_abrt_anon_write:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sebool_abrt_handle_event:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable the abrt_handle_event SELinux Boolean</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SELinux 'abrt_handle_event' boolean should be set in the system configuration.</oval-def:description>
<oval-def:reference ref_id="CCE-80420-3" source="CCE"/>
<oval-def:reference ref_id="sebool_abrt_handle_event" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="abrt_handle_event is configured correctly" test_ref="oval:ssg-test_sebool_abrt_handle_event:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sebool_abrt_upload_watch_anon_write:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable the abrt_upload_watch_anon_write SELinux Boolean</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SELinux 'abrt_upload_watch_anon_write' boolean should be set in the system configuration.</oval-def:description>
<oval-def:reference ref_id="CCE-80421-1" source="CCE"/>
<oval-def:reference ref_id="sebool_abrt_upload_watch_anon_write" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="abrt_upload_watch_anon_write is configured correctly" test_ref="oval:ssg-test_sebool_abrt_upload_watch_anon_write:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sebool_antivirus_can_scan_system:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable the antivirus_can_scan_system SELinux Boolean</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SELinux 'antivirus_can_scan_system' boolean should be set in the system configuration.</oval-def:description>
<oval-def:reference ref_id="CCE-80422-9" source="CCE"/>
<oval-def:reference ref_id="sebool_antivirus_can_scan_system" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="antivirus_can_scan_system is configured correctly" test_ref="oval:ssg-test_sebool_antivirus_can_scan_system:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sebool_antivirus_use_jit:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Disable the antivirus_use_jit SELinux Boolean</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SELinux 'antivirus_use_jit' boolean should be set in the system configuration.</oval-def:description>
<oval-def:reference ref_id="CCE-80423-7" source="CCE"/>
<oval-def:reference ref_id="sebool_antivirus_use_jit" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="antivirus_use_jit is configured correctly" test_ref="oval:ssg-test_sebool_antivirus_use_jit:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" id="oval:ssg-sebool_auditadm_exec_content:def:1" version="1">
<oval-def:metadata>
<oval-def:title>Enable the auditadm_exec_content SELinux Boolean</oval-def:title>
<oval-def:affected family="unix">
<oval-def:platform>Red Hat Enterprise Linux 7</oval-def:platform>
</oval-def:affected>
<oval-def:description>The SELinux 'auditadm_exec_content' boolean should be set in the system configuration.</oval-def:description>
<oval-def:reference ref_id="CCE-80424-5" source="CCE"/>
<oval-def:reference ref_id="sebool_auditadm_exec_content" source="ssg"/>
</oval-def:metadata>
<oval-def:criteria>
<oval-def:criterion comment="auditadm_exec_content is configured correctly" test_ref="oval:ssg-test_sebool_auditadm_exec_content:tst:1"/>
</oval-def:criteria>
</oval-def:definition>
<oval-def:definition class="compliance" i
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment