+# 5.2.3 Configure /etc/rsyslog.conf (Not Scored)
+
+# 5.2.4 Create and Set Permissions on rsyslog Log Files (Not Scored)
+
+# 5.2.5 Configure rsyslog to Send Logs to a Remote Log Host (Not Scored)
+
+# 5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored)
+
+
+###############################################
+# 5.3 Configure System Accounting (auditd)
+###############################################
+
+###############################################
+# 5.3.1 Configure Data Retention
+###############################################
+
+# 5.3.1.1 Configure Audit Log Storage Size (Not Scored)
+
+# 5.3.1.2 Disable System on Audit Log Full (Not Scored)
+
+# 5.3.1.3 Keep All Auditing Information (Scored)
+
+# 5.3.2 Enable auditd Service (Scored)
+
+# 5.3.3 Configure Audit Log Storage Size (Not Scored)
+
+# 5.3.4 Disable System on Audit Log Full (Not Scored)
+
+# 5.3.5 Keep All Auditing Information (Scored)
+
+# 5.3.6 Enable Auditing for Processes That Start Prior to auditd (Scored)
+
+# 5.3.7 Record Events That Modify Date and Time Information (Scored)
+
+# 5.3.8 Record Events That Modify User/Group Information (Scored)
+
+# 5.3.9 Record Events That Modify the System’s Network Environment (Scored)
+
+# 5.3.10 Record Events That Modify the System’s Mandatory Access Controls (Scored)
+
+# 5.3.11 Collect Login and Logout Events (Scored)
+
+# 5.3.12 Collect Session Initiation Information (Scored)
+
+# 5.3.13 Collect Discretionary Access Control Permission Modification Events (Scored)
+
+# 5.3.14 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored)
+
+# 5.3.15 Collect Use of Privileged Commands (Scored)
+
+# 5.3.16 Collect Successful File System Mounts (Scored)
+
+# 5.3.17 Collect File Deletion Events by User (Scored)
+
+# 5.3.18 Collect Changes to System Administration Scope (sudoers) (Scored)
+
+# 5.3.19 Collect System Administrator Actions (sudolog) (Scored)
+
+# 5.3.20 Collect Kernel Module Loading and Unloading (Scored)
+
+# 5.3.21 Make the Audit Configuration Immutable (Scored)
+
+# 5.4 Configure logrotate (Not Scored)
+
+
+###############################################
+# 6 System Access, Authentication and Authorization
+###############################################
+
+###############################################
+# 6.1 Configure cron and anacron
+###############################################
+
+# 6.1.1 Enable anacron Daemon (Scored)
+
+# 6.1.2 Enable cron Daemon (Scored)
+
+# 6.1.3 Set User/Group Owner and Permission on /etc/anacrontab (Scored)
+
+# 6.1.4 Set User/Group Owner and Permission on /etc/crontab (Scored)
+
+# 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly (Scored)
+
+# 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily (Scored)
+
+# 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored)
+
+# 6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored)
+
+# 6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored)
+
+# 6.1.10 Restrict at Daemon (Scored)
+
+# 6.1.11 Restrict at/cron to Authorized Users (Scored)
+
+###############################################
+# 6.1 Configure SSH
+###############################################
+
+# 6.2.1 Set SSH Protocol to 2 (Scored)
+[CIS - RHEL5 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1;
+
+# 6.2.2 Set LogLevel to INFO (Scored)
+
+# 6.2.3 Set Permissions on /etc/ssh/sshd_config (Scored)
+
+# 6.2.4 Disable SSH X11 Forwarding (Scored)
+
+# 6.2.5 Set SSH MaxAuthTries to 4 or Less (Scored)
+
+# 6.2.6 Set SSH IgnoreRhosts to Yes (Scored)
+[CIS - RHEL5 - 6.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 6.2.6 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no;
+
+# 6.2.7 Set SSH HostbasedAuthentication to No (Scored)
+[CIS - RHEL5 - 6.2.7 - SSH Configuration - Host based authentication enabled {CIS: 6.2.7 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes;
+
+# 6.2.8 Disable SSH Root Login (Scored)
+[CIS - RHEL5 - 6.2.8 - SSH Configuration - Root login allowed {CIS: 6.2.8 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes;
+
+# 6.2.9 Set SSH PermitEmptyPasswords to No (Scored)
+[CIS - RHEL5 - 6.2.9 - SSH Configuration - Empty passwords permitted {CIS: 6.2.9 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes;
+
+# 6.2.10 Do Not Allow Users to Set Environment Options (Scored)
+
+# 6.2.11 Use Only Approved Ciphers in Counter Mode (Scored)
+
+# 6.2.12 Set Idle Timeout Interval for User Login (Not Scored)
+
+# 6.2.13 Limit Access via SSH (Scored)
+
+# 6.2.14 Set SSH Banner (Scored)
+
+# 6.2.15 Enable SSH UsePrivilegeSeparation (Scored)
+
+
+###############################################
+# 6.3 Configure PAM
+###############################################
+
+# 6.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored)
+
+# 6.3.2 Set Lockout for Failed Password Attempts (Not Scored)
+
+# 6.3.3 Use pam_deny.so to Deny Services (Not Scored)
+
+# 6.3.4 Upgrade Password Hashing Algorithm to SHA-512 (Scored)
+
+# 6.3.5 Limit Password Reuse (Scored)
+
+# 6.3.6 Remove the pam_ccreds Package (Scored)
+
+# 6.4 Restrict root Login to System Console (Not Scored)
+
+# 6.5 Restrict Access to the su Command (Scored)
+
+
+###############################################
+# 7 User Accounts and Environment
+###############################################
+
+###############################################
+# 7.1 Set Shadow Password Suite Parameters (/etc/login.defs)
+###############################################
+
+# 7.1.1 Set Password Expiration Days (Scored)
+
+# 7.1.2 Set Password Change Minimum Number of Days (Scored)
+
+# 7.1.3 Set Password Expiring Warning Days (Scored)
+
+# 7.2 Disable System Accounts (Scored)
+
+# 7.3 Set Default Group for root Account (Scored)
+
+# 7.4 Set Default umask for Users (Scored)
+
+# 7.5 Lock Inactive User Accounts (Scored)
+
+
+###############################################
+# 8 Warning Banners
+###############################################
+
+###############################################
+# 8.1 Warning Banners for Standard Login Services
+###############################################
+
+# 8.1.1 Set Warning Banner for Standard Login Services (Scored)
+
+# 8.1.2 Remove OS Information from Login Warning Banners (Scored)
+
+# 8.2 Set GNOME Warning Banner (Not Scored)
+
+
+###############################################
+# 9 System Maintenance
+###############################################
+
+###############################################
+# 9.1 Verify System File Permissions
+###############################################
+
+# 9.1.1 Verify System File Permissions (Not Scored)
+
+# 9.1.2 Verify Permissions on /etc/passwd (Scored)
+
+# 9.1.3 Verify Permissions on /etc/shadow (Scored)
+
+# 9.1.4 Verify Permissions on /etc/gshadow (Scored)
+
+# 9.1.5 Verify Permissions on /etc/group (Scored)
+
+# 9.1.6 Verify User/Group Ownership on /etc/passwd (Scored)
+
+# 9.1.7 Verify User/Group Ownership on /etc/shadow (Scored)
+
+# 9.1.8 Verify User/Group Ownership on /etc/gshadow (Scored)
+
+# 9.1.9 Verify User/Group Ownership on /etc/group (Scored)
+
+# 9.1.10 Find World Writable Files (Not Scored)
+
+# 9.1.11 Find Un-owned Files and Directories (Scored)
+
+# 9.1.12 Find Un-grouped Files and Directories (Scored)
+
+# 9.1.13 Find SUID System Executables (Not Scored)
+
+# 9.1.14 Find SGID System Executables (Not Scored)
+
+
+###############################################
+# 9.2 Review User and Group Settings
+###############################################
+
+# 9.2.1 Ensure Password Fields are Not Empty (Scored)
+
+# 9.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored)
+
+# 9.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored)
+
+# 9.2.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored)
+
+# 9.2.5 Verify No UID 0 Accounts Exist Other Than root (Scored)
+[CIS - RHEL5 - 9.2.5 - Non-root account with uid 0 {CIS: 9.2.5 RHEL5} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]