Bastille Hardening Assessment Report +-------------------------------------+------------------------------------------+-----+------+------+ | Item | Question | Yes |Weight|Score | +-------------------------------------+------------------------------------------+-----+------+------+ | generalperms_1_1 | Are more restrictive permissions on the | Yes | 0.00 | 0.00 | | suidmount | Is SUID status for mount/umount disabled | Yes | 1.00 | 1.00 | | suidping | Is SUID status for ping disabled? | Yes | 1.00 | 1.00 | | suiddump | Is SUID status for dump and restore disa | Yes | 1.00 | 1.00 | | suidcard | Is SUID status for cardctl disabled? | Yes | 1.00 | 1.00 | | suidat | Is SUID status for at disabled? | Yes | 1.00 | 1.00 | | suiddos | Is SUID status for DOSEMU disabled? | Yes | 1.00 | 1.00 | | suidnews | Is SUID status for news server tools dis | Yes | 1.00 | 1.00 | | suidprint | Is SUID status for printing utilities di | Yes | 1.00 | 1.00 | | suidrtool | Are the r-tools disabled? | Yes | 1.00 | 1.00 | | suidusernetctl | Is SUID status for usernetctl disabled? | Yes | 1.00 | 1.00 | | suidtrace | Is SUID status for traceroute disabled? | Yes | 1.00 | 1.00 | | suidXwrapper | Is SUID status for Xwrapper disabled? | Yes | 1.00 | 1.00 | | suidXFree86 | Is SUID status for XFree86 disabled? | Yes | 1.00 | 1.00 | | protectrhost | Are clear-text r-protocols that use IP-b | No | 0.00 | 0.00 | | passwdage | Is password aging enforced? | Yes | 1.00 | 1.00 | | cronuser | Is the use of cron restricted to adminis | Yes | 1.00 | 1.00 | | umaskyn | Is the default umask set to a minimal va | Yes | 1.00 | 1.00 | | rootttylogins | Are root logins on tty's 1-6 prohibited? | Yes | 1.00 | 1.00 | | protectgrub | Is the GRUB prompt password-protected? | Yes | 1.00 | 1.00 | | protectlilo | Is the LILO prompt password-protected? | Yes | 1.00 | 1.00 | | lilodelay | Is the LILO delay time zero? | Yes | 0.00 | 0.00 | | secureinittab | Is CTRL-ALT-DELETE rebooting disabled? | Yes | 0.00 | 0.00 | | passsum | Is single-user mode password-protected? | Yes | 1.00 | 1.00 | | tcpd_default_deny | Is a default-deny on TCP Wrappers and xi | Yes | 1.00 | 1.00 | | deactivate_telnet | Is the telnet service disabled on this s | Yes | 1.00 | 1.00 | | deactivate_ftp | Is inetd's FTP service disabled on this | Yes | 1.00 | 1.00 | | banners | Are "Authorized Use" messages displayed | Yes | 1.00 | 1.00 | | compiler | Are the gcc and/or g++ compiler disabled | Yes | 1.00 | 1.00 | | morelogging | Has additional logging been added? | Yes | 1.00 | 1.00 | | pacct | Is process accounting set up? | Yes | 1.00 | 1.00 | | laus | Is LAuS active? | Yes | 1.00 | 1.00 | | apmd | Are acpid and apmd disabled? | Yes | 1.00 | 1.00 | | remotefs | Are NFS and Samba deactivated? | No | 1.00 | 0.00 | | pcmcia | Are PCMCIA services disabled? | Yes | 1.00 | 1.00 | | dhcpd | Is the DHCP daemon disabled? | Yes | 1.00 | 1.00 | | gpm | Is GPM disabled? | Yes | 1.00 | 1.00 | | innd | Is the news server daemon disabled? | Yes | 1.00 | 1.00 | | disable_routed | Is routed deactivated? | Yes | 1.00 | 1.00 | | disable_gated | Is gated deactivated? | Yes | 1.00 | 1.00 | | nis_server | Are NIS server programs deactivated? | Yes | 1.00 | 1.00 | | nis_client | Are NIS client programs deactivated? | Yes | 1.00 | 1.00 | | snmpd | Is SNMPD disabled? | Yes | 1.00 | 1.00 | | disable_kudzu | Is kudzu's run at boot deactivated? | Yes | 1.00 | 1.00 | | sendmaildaemon | Is sendmail's daemon mode disabled? | Yes | 1.00 | 1.00 | | sendmailcron | Does sendmail process the queue via cron | Yes | 0.00 | 0.00 | | vrfyexpn | Are the VRFY and EXPN sendmail commands | Yes | 1.00 | 1.00 | | chrootbind | Is named in a chroot jail and is it set | Yes | 0.00 | 0.00 | | namedoff | Is named deactivated? | Yes | 1.00 | 1.00 | | apacheoff | Is the Apache Web server deactivated? | Yes | 1.00 | 1.00 | | bindapachelocal | Is the Web server bound to listen only t | Yes | 0.00 | 0.00 | | bindapachenic | Is the Web server bound to a particular | Yes | 0.00 | 0.00 | | symlink | Is the following of symbolic links deact | Yes | 1.00 | 1.00 | | ssi | Are server-side includes deactivated? | Yes | 1.00 | 1.00 | | cgi | Are CGI scripts disabled? | Yes | 1.00 | 1.00 | | apacheindex | Are indexes disabled? | Yes | 1.00 | 1.00 | | printing | Is printing disabled? | Yes | 1.00 | 1.00 | | printing_cups | Is printing disabled? | Yes | 1.00 | 1.00 | | printing_cups_lpd_legacy | Is CUPS' legacy LPD support disabled? | Yes | 1.00 | 1.00 | | userftp | Are user privileges on the FTP daemon di | Yes | 1.00 | 1.00 | | anonftp | Is anonymous download disabled? | Yes | 1.00 | 1.00 | +-------------------------------------+------------------------------------------+-----+------+------+ Score: 9.81 / 10.00