Weights File | |
5.28 / 10.00 | Bastille Default Weights |
Item | Question | State | Weight | Score Contrib |
generalperms_1_1 | Are more restrictive permissions on the administration utilities set? | No | 0 | 0.00 |
suidmount | Is SUID status for mount/umount disabled? | No | 1 | 0.00 |
suidping | Is SUID status for ping disabled? | No | 1 | 0.00 |
suiddump | Is SUID status for dump and restore disabled? | Yes | 1 | 1.00 |
suidcard | Is SUID status for cardctl disabled? | Yes | 1 | 1.00 |
suidat | Is SUID status for at disabled? | No | 1 | 0.00 |
suiddos | Is SUID status for DOSEMU disabled? | Yes | 1 | 1.00 |
suidnews | Is SUID status for news server tools disabled? | Yes | 1 | 1.00 |
suidprint | Is SUID status for printing utilities disabled? | Yes | 1 | 1.00 |
suidrtool | Are the r-tools disabled? | No | 1 | 0.00 |
suidusernetctl | Is SUID status for usernetctl disabled? | No | 1 | 0.00 |
suidtrace | Is SUID status for traceroute disabled? | No | 1 | 0.00 |
suidXwrapper | Is SUID status for Xwrapper disabled? | Yes | 1 | 1.00 |
suidXFree86 | Is SUID status for XFree86 disabled? | No | 1 | 0.00 |
Item | Question | State | Weight | Score Contrib |
protectrhost | Are clear-text r-protocols that use IP-based authentication disabled? | No | 0 | 0.00 |
passwdage | Is password aging enforced? | No | 1 | 0.00 |
cronuser | Is the use of cron restricted to administrative accounts? | Yes | 1 | 1.00 |
umaskyn | Is the default umask set to a minimal value? | No | 1 | 0.00 |
rootttylogins | Are root logins on tty's 1-6 prohibited? | No | 1 | 0.00 |
Item | Question | State | Weight | Score Contrib |
protectgrub | Is the GRUB prompt password-protected? | No | 1 | 0.00 |
protectlilo | Is the LILO prompt password-protected? | Yes | 1 | 1.00 |
lilodelay | Is the LILO delay time zero? | Yes | 0 | 0.00 |
secureinittab | Is CTRL-ALT-DELETE rebooting disabled? | No | 0 | 0.00 |
passsum | Is single-user mode password-protected? | No | 1 | 0.00 |
Item | Question | State | Weight | Score Contrib |
tcpd_default_deny | Is a default-deny on TCP Wrappers and xinetd set? | No | 1 | 0.00 |
deactivate_telnet | Is the telnet service disabled on this system? | Yes | 1 | 1.00 |
deactivate_ftp | Is inetd's FTP service disabled on this system? | Yes | 1 | 1.00 |
banners | Are "Authorized Use" messages displayed at log-in time? | No | 1 | 0.00 |
Item | Question | State | Weight | Score Contrib |
compiler | Are the gcc and/or g++ compiler disabled? | Yes | 1 | 1.00 |
Item | Question | State | Weight | Score Contrib |
morelogging | Has additional logging been added? | Yes | 1 | 1.00 |
pacct | Is process accounting set up? | No | 1 | 0.00 |
laus | Is LAuS active? | Yes | 1 | 1.00 |
Item | Question | State | Weight | Score Contrib |
apmd | Are acpid and apmd disabled? | No | 1 | 0.00 |
remotefs | Are NFS and Samba deactivated? | No | 1 | 0.00 |
pcmcia | Are PCMCIA services disabled? | No | 1 | 0.00 |
dhcpd | Is the DHCP daemon disabled? | Yes | 1 | 1.00 |
gpm | Is GPM disabled? | No | 1 | 0.00 |
innd | Is the news server daemon disabled? | Yes | 1 | 1.00 |
disable_routed | Is routed deactivated? | Yes | 1 | 1.00 |
disable_gated | Is gated deactivated? | Yes | 1 | 1.00 |
nis_server | Are NIS server programs deactivated? | Yes | 1 | 1.00 |
nis_client | Are NIS client programs deactivated? | Yes | 1 | 1.00 |
snmpd | Is SNMPD disabled? | Yes | 1 | 1.00 |
disable_kudzu | Is kudzu's run at boot deactivated? | No | 1 | 0.00 |
Item | Question | State | Weight | Score Contrib |
sendmaildaemon | Is sendmail's daemon mode disabled? | No | 1 | 0.00 |
sendmailcron | Does sendmail process the queue via cron? | Yes | 0 | 0.00 |
vrfyexpn | Are the VRFY and EXPN sendmail commands disabled? | Yes | 1 | 1.00 |
Item | Question | State | Weight | Score Contrib |
chrootbind | Is named in a chroot jail and is it set to run as a non-root user? | Yes | 0 | 0.00 |
namedoff | Is named deactivated? | Yes | 1 | 1.00 |
Item | Question | State | Weight | Score Contrib |
apacheoff | Is the Apache Web server deactivated? | Yes | 1 | 1.00 |
bindapachelocal | Is the Web server bound to listen only to the localhost? | No | 0 | 0.00 |
bindapachenic | Is the Web server bound to a particular interface? | No | 0 | 0.00 |
symlink | Is the following of symbolic links deactivated? | No | 1 | 0.00 |
ssi | Are server-side includes deactivated? | Yes | 1 | 1.00 |
cgi | Are CGI scripts disabled? | Yes | 1 | 1.00 |
apacheindex | Are indexes disabled? | Yes | 1 | 1.00 |
Item | Question | State | Weight | Score Contrib |
printing | Is printing disabled? | Yes | 1 | 1.00 |
printing_cups | Is printing disabled? | No | 1 | 0.00 |
printing_cups_lpd_legacy | Is CUPS' legacy LPD support disabled? | Yes | 1 | 1.00 |
Item | Question | State | Weight | Score Contrib |
userftp | Are user privileges on the FTP daemon disabled? | No | 1 | 0.00 |
anonftp | Is anonymous download disabled? | No | 1 | 0.00 |