Bastille Hardening Assessment Report

ScoreWeights File
5.28 / 10.00 Bastille Default Weights
Contract all Modules | Expand all Modules

FilePermissions

ItemQuestionStateWeightScore Contrib
generalperms_1_1Are more restrictive permissions on the administration utilities set?No 00.00
suidmountIs SUID status for mount/umount disabled?No 10.00
suidpingIs SUID status for ping disabled?No 10.00
suiddumpIs SUID status for dump and restore disabled?Yes11.00
suidcardIs SUID status for cardctl disabled?Yes11.00
suidatIs SUID status for at disabled?No 10.00
suiddosIs SUID status for DOSEMU disabled?Yes11.00
suidnewsIs SUID status for news server tools disabled?Yes11.00
suidprintIs SUID status for printing utilities disabled?Yes11.00
suidrtoolAre the r-tools disabled?No 10.00
suidusernetctlIs SUID status for usernetctl disabled?No 10.00
suidtraceIs SUID status for traceroute disabled?No 10.00
suidXwrapperIs SUID status for Xwrapper disabled?Yes11.00
suidXFree86Is SUID status for XFree86 disabled?No 10.00

AccountSecurity

ItemQuestionStateWeightScore Contrib
protectrhostAre clear-text r-protocols that use IP-based authentication disabled?No 00.00
passwdageIs password aging enforced?No 10.00
cronuserIs the use of cron restricted to administrative accounts?Yes11.00
umaskynIs the default umask set to a minimal value?No 10.00
rootttyloginsAre root logins on tty's 1-6 prohibited?No 10.00

BootSecurity

ItemQuestionStateWeightScore Contrib
protectgrubIs the GRUB prompt password-protected?No 10.00
protectliloIs the LILO prompt password-protected?Yes11.00
lilodelayIs the LILO delay time zero?Yes00.00
secureinittabIs CTRL-ALT-DELETE rebooting disabled?No 00.00
passsumIs single-user mode password-protected?No 10.00

SecureInetd

ItemQuestionStateWeightScore Contrib
tcpd_default_denyIs a default-deny on TCP Wrappers and xinetd set?No 10.00
deactivate_telnetIs the telnet service disabled on this system?Yes11.00
deactivate_ftpIs inetd's FTP service disabled on this system?Yes11.00
bannersAre "Authorized Use" messages displayed at log-in time?No 10.00

DisableUserTools

ItemQuestionStateWeightScore Contrib
compilerAre the gcc and/or g++ compiler disabled?Yes11.00

Logging

ItemQuestionStateWeightScore Contrib
moreloggingHas additional logging been added?Yes11.00
pacctIs process accounting set up?No 10.00
lausIs LAuS active?Yes11.00

MiscellaneousDaemons

ItemQuestionStateWeightScore Contrib
apmdAre acpid and apmd disabled?No 10.00
remotefsAre NFS and Samba deactivated?No 10.00
pcmciaAre PCMCIA services disabled?No 10.00
dhcpdIs the DHCP daemon disabled?Yes11.00
gpmIs GPM disabled?No 10.00
inndIs the news server daemon disabled?Yes11.00
disable_routedIs routed deactivated?Yes11.00
disable_gatedIs gated deactivated?Yes11.00
nis_serverAre NIS server programs deactivated?Yes11.00
nis_clientAre NIS client programs deactivated?Yes11.00
snmpdIs SNMPD disabled?Yes11.00
disable_kudzuIs kudzu's run at boot deactivated?No 10.00

Sendmail

ItemQuestionStateWeightScore Contrib
sendmaildaemonIs sendmail's daemon mode disabled?No 10.00
sendmailcronDoes sendmail process the queue via cron?Yes00.00
vrfyexpnAre the VRFY and EXPN sendmail commands disabled?Yes11.00

DNS

ItemQuestionStateWeightScore Contrib
chrootbindIs named in a chroot jail and is it set to run as a non-root user?Yes00.00
namedoffIs named deactivated?Yes11.00

Apache

ItemQuestionStateWeightScore Contrib
apacheoffIs the Apache Web server deactivated?Yes11.00
bindapachelocalIs the Web server bound to listen only to the localhost?No 00.00
bindapachenicIs the Web server bound to a particular interface?No 00.00
symlinkIs the following of symbolic links deactivated?No 10.00
ssiAre server-side includes deactivated?Yes11.00
cgiAre CGI scripts disabled?Yes11.00
apacheindexAre indexes disabled?Yes11.00

Printing

ItemQuestionStateWeightScore Contrib
printingIs printing disabled?Yes11.00
printing_cupsIs printing disabled?No 10.00
printing_cups_lpd_legacyIs CUPS' legacy LPD support disabled?Yes11.00

FTP

ItemQuestionStateWeightScore Contrib
userftpAre user privileges on the FTP daemon disabled?No 10.00
anonftpIs anonymous download disabled?No 10.00