X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Fdb%2Fcis_rhel5_linux_rcl.txt;fp=src%2Frootcheck%2Fdb%2Fcis_rhel5_linux_rcl.txt;h=72fe8185b497475d5f08568faa376c5dbd59bd37;hp=20f132990b2d885be1b823ea803ba5212b416e71;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/src/rootcheck/db/cis_rhel5_linux_rcl.txt b/src/rootcheck/db/cis_rhel5_linux_rcl.txt
index 20f1329..72fe818 100644
--- a/src/rootcheck/db/cis_rhel5_linux_rcl.txt
+++ b/src/rootcheck/db/cis_rhel5_linux_rcl.txt
@@ -1,11 +1,8 @@
-# @(#) $Id: ./src/rootcheck/db/cis_rhel5_linux_rcl.txt, 2011/09/08 dcid Exp $
-
-#
-# OSSEC Linux Audit - (C) 2008 Daniel B. Cid - dcid@ossec.net
+# OSSEC Linux Audit - (C) 2018 OSSEC Project
 #
 # Released under the same license as OSSEC.
 # More details at the LICENSE file included with OSSEC or online
-# at: http://www.ossec.net/en/licensing.html
+# at: https://github.com/ossec/ossec-hids/blob/master/LICENSE
 #
 # [Application name] [any or all] [reference]
 # type:<entry name>;
@@ -16,11 +13,12 @@
 #             - d (any file inside the directory)
 #
 # Additional values:
-# For the registry , use "->" to look for a specific entry and another
+# For the registry and for directories, use "->" to look for a specific entry and another
 # "->" to look for the value.
+# Also, use " -> r:^\. -> ..." to search all files in a directory
 # For files, use "->" to look for a specific value in the file.
 #
-# Values can be preceeded by: =: (for equal) - default
+# Values can be preceded by: =: (for equal) - default
 #                             r: (for ossec regexes)
 #                             >: (for strcmp greater)
 #                             <: (for strcmp  lower)
@@ -28,162 +26,820 @@
 # (All of them must match for it to return true).
 
 
-# CIS Checks for Red Hat (RHEL 2.1, 3.0, 4.0 and Fedora Core 1,2,3,4 and 5).
-# Based on CIS Benchmark for Red Hat Enterprise Linux 5 v1.1
-
+# CIS Checks for Red Hat / CentOS 5
+# Based on CIS Benchmark for Red Hat Enterprise Linux 5 v2.1.0
 
+# TODO: URL is invalid currently
 
 # RC scripts location
 $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d;
 
 
-
-# Main one. Only valid for Red Hat 5.
-[CIS - Testing against the CIS Red Hat Enterprise Linux 5 Benchmark v1.1] [any required] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+[CIS - Testing against the CIS Red Hat Enterprise Linux 5 Benchmark v2.1.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 5;
-f:/etc/redhat-release -> r:^CentOS && r:release 5.2;
+f:/etc/redhat-release -> r:^CentOS && r:release 5;
+f:/etc/redhat-release -> r:^Cloud && r:release 5;
+f:/etc/redhat-release -> r:^Oracle && r:release 5;
+f:/etc/redhat-release -> r:^Better && r:release 5;
 
 
+# 1.1.1 /tmp: partition
+[CIS - RHEL5 - - Build considerations - Robust partition scheme - /tmp is not on its own partition {CIS: 1.1.1 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:/tmp;
 
-# Build considerations - Partition scheme.
-[CIS - RHEL5 - Build considerations - Robust partition scheme - /var is not on its own partition] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/fstab -> !r:/var;
+# 1.1.2 /tmp: nodev
+[CIS - RHEL5 - 1.1.2 - Partition /tmp without 'nodev' set {CIS: 1.1.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev;
 
+# 1.1.3 /tmp: nosuid
+[CIS - RHEL5 - 1.1.3 - Partition /tmp without 'nosuid' set {CIS: 1.1.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid;
 
+# 1.1.4 /tmp: noexec
+[CIS - RHEL5 - 1.1.4 - Partition /tmp without 'noexec' set {CIS: 1.1.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev;
 
-# Section 2.3 - SSH configuration
-[CIS - RHEL5 2.3 - SSH Configuration - Protocol version 1 enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1;
+# 1.1.5 Build considerations - Partition scheme.
+[CIS - RHEL5 - - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 1.1.5 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r^# && !r:/var;
 
-[CIS - RHEL5 2.3 - SSH Configuration - IgnoreRHosts disabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no;
+# 1.1.6 bind mount /var/tmp to /tmp
+[CIS - RHEL5 - - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 1.1.6 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> r:^# && !r:/var/tmp && !r:bind;
 
-[CIS - RHEL5 2.3 - SSH Configuration - Empty passwords permitted] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes;
+# 1.1.7 /var/log: partition
+[CIS - RHEL5 - - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 1.1.7 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> ^# && !r:/var/log;
 
-[CIS - RHEL5 2.3 - SSH Configuration - Host based authentication enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes;
+# 1.1.8 /var/log/audit: partition
+[CIS - RHEL5 - - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 1.1.8 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> ^# && !r:/var/log/audit;
 
-[CIS - RHEL5 2.3 - SSH Configuration - Root login allowed] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes;
+# 1.1.9 /home: partition
+[CIS - RHEL5 - - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 1.1.9 Debian RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> ^# && !r:/home;
+
+# 1.1.10 /home: nodev
+[CIS - RHEL5 - 1.1.10 -  Partition /home without 'nodev' set {CIS: 1.1.10 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/home && !r:nodev;
+
+# 1.1.11 nodev on removable media partitions (not scored)
+[CIS - RHEL5 - 1.1.11 - Removable partition /media without 'nodev' set {CIS: 1.1.11 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/media && !r:nodev;
+
+# 1.1.12 noexec on removable media partitions (not scored)
+[CIS - RHEL5 - 1.1.12 - Removable partition /media without 'noexec' set {CIS: 1.1.12 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/media && !r:noexec;
+
+# 1.1.13 nosuid on removable media partitions (not scored)
+[CIS - RHEL5 - 1.1.13 - Removable partition /media without 'nosuid' set {CIS: 1.1.13 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/media && !r:nosuid;
+
+# 1.1.14 /dev/shm: nodev
+[CIS - RHEL5 - 1.1.11 - /dev/shm without 'nodev' set {CIS: 1.1.14 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev;
+
+# 1.1.15 /dev/shm: nosuid
+[CIS - RHEL5 - 1.1.11 - /dev/shm without 'nosuid' set {CIS: 1.1.15 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid;
+
+# 1.1.16 /dev/shm: noexec
+[CIS - RHEL5 - 1.1.11 - /dev/shm without 'noexec' set {CIS: 1.1.16 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec;
+
+# 1.1.17 sticky bit on world writable directories (Scored)
+# TODO
 
+# 1.1.18 disable cramfs (not scored)
 
+# 1.1.19 disable freevxfs (not scored)
+
+# 1.1.20 disable jffs2 (not scored)
+
+# 1.1.21 disable hfs (not scored)
+
+# 1.1.22 disable hfsplus (not scored)
+
+# 1.1.23 disable squashfs (not scored)
+
+# 1.1.24 disable udf (not scored)
+
+
+##########################################
+# 1.2 Software Updates
+##########################################
+
+# 1.2.1 Configure rhn updates (not scored)
+
+# 1.2.2 verify  RPM gpg keys  (Scored)
+# TODO
+
+# 1.2.3 verify gpgcheck enabled (Scored)
+# TODO
+
+# 1.2.4 Disable rhnsd (not scored)
+
+# 1.2.5 Disable yum-updatesd (Scored)
+[CIS - RHEL5 - 1.2.5 - yum-updatesd not Disabled {CIS: 1.2.5 RHEL5} {PCI_DSS: 6.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec;
+p:yum-updatesd;
+
+# 1.2.6 Obtain updates with yum (not scored)
+
+# 1.2.7 Verify package integrity (not scored)
+
+
+###############################################
+# 1.3 Advanced Intrusion Detection Environment
+###############################################
+#
+# Skipped, this control is obsoleted by OSSEC
+#
 
-# Section 2.4 Enable system accounting
-#[CIS - RHEL5 2.4 - System Accounting - Sysstat not installed] [all] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-#f:!/var/log/sa;
 
+###############################################
+# 1.4 Configure SELinux
+###############################################
+
+# 1.4.1 enable selinux in /etc/grub.conf
+[CIS - RHEL5 - 1.4.1 - SELinux Disabled in /etc/grub.conf {CIS: 1.4.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/grub.conf -> !r:selinux=0;
+
+# 1.4.2 Set selinux state
+[CIS - RHEL5 - 1.4.2 - SELinux not set to enforcing {CIS: 1.4.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/selinux/config -> r:SELINUX=enforcing;
+
+# 1.4.3 Set seliux policy
+[CIS - RHEL5 - 1.4.3 - SELinux policy not set to targeted {CIS: 1.4.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/selinux/config -> r:SELINUXTYPE=targeted;
+
+# 1.4.4 Remove SETroubleshoot
+[CIS - RHEL5 - 1.4.4 - SELinux setroubleshoot enabled {CIS: 1.4.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dsetroubleshoot$;
+
+# 1.4.5 Disable MCS Translation service mcstrans
+[CIS - RHEL5 - 1.4.5 - SELinux mctrans enabled {CIS: 1.4.5 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dmctrans$;
+
+# 1.4.6 Check for unconfined daemons
+# TODO
+
+
+###############################################
+# 1.5  Secure Boot Settings
+###############################################
+
+# 1.5.1 Set User/Group Owner on /etc/grub.conf
+# TODO (no mode tests)
+
+# 1.5.2 Set Permissions on /etc/grub.conf (Scored)
+# TODO (no mode tests)
+
+# 1.5.3 Set Boot Loader Password (Scored)
+[CIS - RHEL5 - 1.5.3 - GRUB Password not set {CIS: 1.5.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/boot/grub/menu.lst -> !r:^# && !r:password;
+
+# 1.5.4 Require Authentication for Single-User Mode (Scored)
+[CIS - RHEL5 - 1.5.4 - Authentication for single user mode not enabled {CIS: 1.5.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/inittab -> !r:^# && r:S:wait;
+
+# 1.5.5 Disable Interactive Boot (Scored)
+[CIS - RHEL5 - 1.5.5 - Interactive Boot not disabled {CIS: 1.5.5 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/sysconfig/init -> !r:^# && r:PROMPT=no;
+
+
+
+###############################################
+# 1.6  Additional Process Hardening
+###############################################
+
+# 1.6.1 Restrict Core Dumps (Scored)
+[CIS - RHEL5 - 1.6.1 - Interactive Boot not disabled {CIS: 1.6.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0;
+
+# 1.6.2 Configure ExecShield (Scored)
+[CIS - RHEL5 - 1.6.2 - ExecShield not enabled  {CIS: 1.6.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/proc/sys/kernel/exec-shield -> 0;
+
+# 1.6.3 Enable Randomized Virtual Memory Region Placement (Scored)
+[CIS - RHEL5 - 1.6.3 - Randomized Virtual Memory Region Placement not enabled  {CIS: 1.6.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/proc/sys/kernel/randomize_va_space -> 0;
+
+# 1.6.4 Enable XD/NX Support on 32-bit x86 Systems (Scored)
+# TODO
+
+# 1.6.5 Disable Prelink (Scored)
+[CIS - RHEL5 - 1.6.5 - Prelink not disabled {CIS: 1.6.5 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/sysconfig/prelink -> !r:PRELINKING=no;
+
+
+###############################################
+# 1.7  Use the Latest OS Release
+###############################################
+
+
+###############################################
+# 2 OS Services
+###############################################
+
+###############################################
+# 2.1 Remove Legacy Services
+###############################################
+
+# 2.1.1 Remove telnet-server (Scored)
+# TODO: detect it is installed at all
+[CIS - RHEL5 - 2.1.1 - Telnet enabled on xinetd {CIS: 2.1.1 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no;
+
+
+# 2.1.2 Remove telnet Clients (Scored)
+# TODO
+
+# 2.1.3 Remove rsh-server (Scored)
+[CIS - RHEL5 - 2.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 2.1.3 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no;
+f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no;
+f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no;
+
+# 2.1.4 Remove rsh (Scored)
+# TODO
+
+# 2.1.5 Remove NIS Client (Scored)
+[CIS - RHEL5 - 2.1.5 - Disable standard boot services - NIS (client) Enabled {CIS: 2.1.5 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dypbind$;
+
+# 2.1.6 Remove NIS Server (Scored)
+[CIS - RHEL5 - 2.1.5 - Disable standard boot services - NIS (server) Enabled {CIS: 2.1.6 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dypserv$;
 
+# 2.1.7 Remove tftp (Scored)
+# TODO
 
-# Section 3 - Minimize xinetd services
-[CIS - RHEL5 3.3 - Telnet enabled on xinetd] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/xinetd.c/telnet -> !r:^# && r:disable && r:no;
+# 2.1.8 Remove tftp-server (Scored)
+[CIS - RHEL5 - 2.1.8 - tftpd enabled on xinetd {CIS: 2.1.8 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no;
 
-[CIS - RHEL5 3.4 - VSFTP enabled on xinetd] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/xinetd.c/vsftpd -> !r:^# && r:disable && r:no;
+# 2.1.9 Remove talk (Scored)
+# TODO
 
-[CIS - RHEL5 3.5 - rsh/rlogin/rcp enabled on xinetd] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/xinetd.c/rlogin -> !r:^# && r:disable && r:no;
-f:/etc/xinetd.c/rsh -> !r:^# && r:disable && r:no;
-f:/etc/xinetd.c/shell -> !r:^# && r:disable && r:no;
+# 2.1.10 Remove talk-server (Scored)
+[CIS - RHEL5 - 2.1.10 - talk enabled on xinetd {CIS: 2.1.10 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no;
 
-[CIS - RHEL5 3.6 - tftpd enabled on xinetd] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/xinetd.c/tftpd -> !r:^# && r:disable && r:no;
+# 2.1.11 Remove xinetd (Scored)
+# TODO
 
-[CIS - RHEL5 3.7 - imap enabled on xinetd] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/xinetd.c/cyrus-imapd -> !r:^# && r:disable && r:no;
+# 2.1.12 Disable chargen-dgram (Scored)
+# TODO
 
-[CIS - RHEL5 3.8 - pop3 enabled on xinetd] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/xinetd.c/dovecot -> !r:^# && r:disable && r:no;
+# 2.1.13 Disable chargen-stream (Scored)
+# TODO
 
+# 2.1.14 Disable daytime-dgram (Scored)
+# TODO
 
+# 2.1.15 Disable daytime-stream (Scored)
+# TODO
 
-# Section 4 - Minimize boot services
-[CIS - RHEL5 4.1 - Set daemon umask - Default umask is higher than 027] [all] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+# 2.1.16 Disable echo-dgram (Scored)
+# TODO
+
+# 2.1.17 Disable echo-stream (Scored)
+# TODO
+
+# 2.1.18 Disable tcpmux-server (Scored)
+# TODO
+
+
+###############################################
+# 3 Special Purpose Services
+###############################################
+
+###############################################
+# 3.1 Disable Avahi Server
+###############################################
+
+# 3.1.1 Disable Avahi Server (Scored)
+[CIS - RHEL5 - 3.1.1 - Avahi daemon not disabled {CIS: 3.1.1 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+p:avahi-daemon;
+
+# 3.1.2 Service Only via Required Protocol (Not Scored)
+# TODO
+
+# 3.1.3 Check Responses TTL Field (Scored)
+# TODO
+
+# 3.1.4 Prevent Other Programs from Using Avahi’s Port (Not Scored)
+# TODO
+
+# 3.1.5 Disable Publishing (Not Scored)
+
+# 3.1.6 Restrict Published Information (if publishing is required) (Not scored)
+
+# 3.2 Set Daemon umask (Scored)
+[CIS - RHEL5 - 3.2 - Set daemon umask - Default umask is higher than 027 {CIS: 3.2 RHEL5}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 f:/etc/init.d/functions -> !r:^# && r:^umask && <:umask 027;
 
-[CIS - RHEL5 4.4 - GUI login enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+# 3.3 Remove X Windows (Scored)
+[CIS - RHEL5 - 3.3 - X11 not disabled {CIS: 3.3 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 f:/etc/inittab -> !r:^# && r:id:5;
 
-[CIS - RHEL5 4.7 - Disable standard boot services - Samba Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-d:$rc_dirs -> ^S\d\dsamba$;
-d:$rc_dirs -> ^S\d\dsmb$;
+# 3.4 Disable Print Server - CUPS (Not Scored)
 
-[CIS - RHEL5 4.8 - Disable standard boot services - NFS Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+# 3.5 Remove DHCP Server (Not Scored)
+# TODO
+
+# 3.6 Configure Network Time Protocol (NTP) (Scored)
+#[CIS - RHEL5 - 3.6 - NTPD not disabled {CIS: 3.6 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+# TODO.
+
+# 3.7 Remove LDAP (Not Scored)
+
+# 3.8 Disable NFS and RPC (Not Scored)
+[CIS - RHEL5 - 3.8 - Disable standard boot services - NFS Enabled {CIS: 3.8 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 d:$rc_dirs -> ^S\d\dnfs$;
 d:$rc_dirs -> ^S\d\dnfslock$;
 
-[CIS - RHEL5 4.10 - Disable standard boot services - NIS Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-d:$rc_dirs -> ^S\d\dypbind$;
-d:$rc_dirs -> ^S\d\dypserv$;
+# 3.9 Remove DNS Server (Not Scored)
+# TODO
 
-[CIS - RHEL5 4.13 - Disable standard boot services - NetFS Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-d:$rc_dirs -> ^S\d\dnetfs$;
+# 3.10 Remove FTP Server (Not Scored)
+[CIS - RHEL5 - 3.10 - VSFTP enabled on xinetd {CIS: 3.10 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no;
+
+# 3.11 Remove HTTP Server (Not Scored)
+[CIS - RHEL5 - 3.11 - Disable standard boot services - Apache web server Enabled {CIS: 3.11 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dhttpd$;
+
+# 3.12 Remove Dovecot (IMAP and POP3 services) (Not Scored)
+[CIS - RHEL5 - 3.12 - imap enabled on xinetd {CIS: 3.12 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no;
+
+[CIS - RHEL5 - 3.12 - pop3 enabled on xinetd {CIS: 3.12 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no;
 
-[CIS - RHEL5 4.15 - Disable standard boot services - Apache web server Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-d:$rc_dirs -> ^S\d\dapache$;
+# 3.13 Remove Samba (Not Scored)
+[CIS - RHEL5 - 3.13 - Disable standard boot services - Samba Enabled {CIS: 3.13 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dsamba$;
+d:$rc_dirs -> ^S\d\dsmb$;
+
+# 3.14 Remove HTTP Proxy Server (Not Scored)
+[CIS - RHEL5 - 3.14 - Disable standard boot services - Squid Enabled {CIS: 3.14 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dsquid$;
 
-[CIS - RHEL5 4.16 - Disable standard boot services - SNMPD process Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+# 3.15 Remove SNMP Server (Not Scored)
+[CIS - RHEL5 - 3.15 - Disable standard boot services - SNMPD process Enabled {CIS: 3.15 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 d:$rc_dirs -> ^S\d\dsnmpd$;
 
-[CIS - RHEL5 4.17 - Disable standard boot services - DNS server Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-d:$rc_dirs -> ^S\d\dnamed$;
+# 3.16 Configure Mail Transfer Agent for Local-Only Mode (Scored)
+# TODO
 
-[CIS - RHEL5 4.18 - Disable standard boot services - MySQL server Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-d:$rc_dirs -> ^S\d\dmysqld$;
 
-[CIS - RHEL5 4.18 - Disable standard boot services - PostgreSQL server Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-d:$rc_dirs -> ^S\d\dpostgresql$;
+###############################################
+# 4 Network Configuration and Firewalls
+###############################################
 
-[CIS - RHEL5 4.19 - Disable standard boot services - Squid Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-d:$rc_dirs -> ^S\d\dsquid$;
+###############################################
+# 4.1 Modify Network Parameters (Host Only)
+###############################################
 
-[CIS - RHEL5 4.20 - Disable standard boot services - Kudzu hardware detection Enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-d:$rc_dirs -> ^S\d\dkudzu$;
+# 4.1.1 Disable IP Forwarding (Scored)
+[CIS - RHEL5 - 4.1.1 - Network parameters - IP Forwarding enabled {CIS: 4.1.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/proc/sys/net/ipv4/ip_forward -> 1;
+f:/proc/sys/net/ipv6/ip_forward -> 1;
 
+# 4.1.2 Disable Send Packet Redirects (Scored)
+[CIS - RHEL5 - 4.1.2 - Network parameters - IP send redirects enabled {CIS: 4.1.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/proc/sys/net/ipv4/conf/all/send_redirects -> 0;
+f:/proc/sys/net/ipv4/conf/default/send_redirects -> 0;
 
 
-# Section 5 - Kernel tuning
-[CIS - RHEL5 5.1 - Network parameters - Source routing accepted] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+###############################################
+# 4.2 Modify Network Parameters (Host and Router)
+###############################################
+
+# 4.2.1 Disable Source Routed Packet Acceptance (Scored)
+[CIS - RHEL5 - 4.2.1 - Network parameters - Source routing accepted {CIS: 4.2.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1;
 
-[CIS - RHEL5 5.1 - Network parameters - ICMP redirects accepted] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+# 4.2.2 Disable ICMP Redirect Acceptance (Scored)
+[CIS - RHEL5 - 4.2.2 - Network parameters - ICMP redirects accepted {CIS: 4.2.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1;
+f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1;
 
-[CIS - RHEL5 5.1 - Network parameters - ICMP secure redirects accepted] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+# 4.2.3 Disable Secure ICMP Redirect Acceptance (Scored)
+[CIS - RHEL5 - 4.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 4.2.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1;
+f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1;
+
+# 4.2.4 Log Suspicious Packets (Scored)
+[CIS - RHEL5 - 4.2.4 - Network parameters - martians not logged {CIS: 4.2.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/proc/sys/net/ipv4/conf/all/log_martians -> 0;
 
-[CIS - RHEL5 5.1 - Network parameters - ICMP broadcasts accepted] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+# 4.2.5 Enable Ignore Broadcast Requests (Scored)
+[CIS - RHEL5 - 4.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 4.2.5 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0;
 
-[CIS - RHEL5 5.2 - Network parameters - IP Forwarding enabled] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/proc/sys/net/ipv4/ip_forward -> 1;
-f:/proc/sys/net/ipv6/ip_forward -> 1;
+# 4.2.6 Enable Bad Error Message Protection (Scored)
+[CIS - RHEL5 - 4.2.6 - Network parameters - Bad error message protection not enabled {CIS: 4.2.6 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0;
 
+# 4.2.7 Enable RFC-recommended Source Route Validation (Scored)
+[CIS - RHEL5 - 4.2.7 - Network parameters - RFC Source route validation not enabled  {CIS: 4.2.7 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0;
+f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0;
 
+# 4.2.8 Enable TCP SYN Cookies (Scored)
+[CIS - RHEL5 - 4.2.8 - Network parameters - SYN Cookies not enabled  {CIS: 4.2.8 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/proc/sys/net/ipv4/tcp_syncookies -> 0;
 
-# Section 7 - Permissions
-[CIS - RHEL5 7.2 - Removable partition /media without 'nodev' set] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/fstab -> !r:^# && r:/media && !r:nodev;
 
-[CIS - RHEL5 7.2 - Removable partition /media without 'nosuid' set] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/fstab -> !r:^# && r:/media && !r:nosuid;
+###############################################
+# 4.3 Wireless Networking
+###############################################
 
-[CIS - RHEL5 7.3 - User-mounted removable partition allowed on the console] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/security/console.perms -> r:^<console>  \d+ <cdrom>;
-f:/etc/security/console.perms -> r:^<console>  \d+ <floppy>;
+# 4.3.1 Deactivate Wireless Interfaces (Not Scored)
 
 
+###############################################
+# 4.4 Disable ipv6
+###############################################
 
-# Section 8 - Access and authentication
-[CIS - RHEL5 8.7 - GRUB Password not set] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/boot/grub/menu.lst -> !r:^# && !r:password;
+###############################################
+# 4.4.1 Configure IPv6
+###############################################
 
-[CIS - RHEL5 9.2 - Account with empty password present] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
-f:/etc/shadow -> r:^\w+::;
+# 4.4.1.1 Disable IPv6 Router Advertisements (Not Scored)
+
+# 4.4.1.2 Disable IPv6 Redirect Acceptance (Not Scored)
+
+# 4.4.2 Disable IPv6 (Not Scored)
+
+
+###############################################
+# 4.5 Install TCP Wrappers
+###############################################
+
+# 4.5.1 Install TCP Wrappers (Not Scored)
+
+# 4.5.2 Create /etc/hosts.allow (Not Scored)
+
+# 4.5.3 Verify Permissions on /etc/hosts.allow (Scored)
+# TODO
+
+# 4.5.4 Create /etc/hosts.deny (Not Scored)
+
+# 4.5.5 Verify Permissions on /etc/hosts.deny (Scored)
+# TODO
+
+
+###############################################
+# 4.6 Uncommon Network Protocols
+###############################################
+
+# 4.6.1 Disable DCCP (Not Scored)
+
+# 4.6.2 Disable SCTP (Not Scored)
+
+# 4.6.3 Disable RDS (Not Scored)
+
+# 4.6.4 Disable TIPC (Not Scored)
+
+# 4.7 Enable IPtables (Scored)
+# TODO
+
+# 4.8 Enable IP6tables (Not Scored)
+
+
+###############################################
+# 5 Logging and Auditing
+###############################################
+
+###############################################
+# 5.1 Configure Syslog
+###############################################
+
+# 5.1.1 Configure /etc/syslog.conf (Not Scored)
+
+# 5.1.2 Create and Set Permissions on syslog Log Files (Scored)
+
+# 5.1.3 Configure syslog to Send Logs to a Remote Log Host (Scored)
+
+# 5.1.4 Accept Remote syslog Messages Only on Designated Log Hosts (Not Scored)
+
+
+###############################################
+# 5.2 Configure rsyslog
+###############################################
+
+# 5.2.1 Install the rsyslog package (Not Scored)
+
+# 5.2.2 Activate the rsyslog Service (Not Scored)
 
-[CIS - RHEL5 SN.11 - Non-root account with uid 0] [any] [http://www.ossec.net/wiki/index.php/CIS_RHEL5]
+# 5.2.3 Configure /etc/rsyslog.conf (Not Scored)
+
+# 5.2.4 Create and Set Permissions on rsyslog Log Files (Not Scored)
+
+# 5.2.5 Configure rsyslog to Send Logs to a Remote Log Host (Not Scored)
+
+# 5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored)
+
+
+###############################################
+# 5.3 Configure System Accounting (auditd)
+###############################################
+
+###############################################
+# 5.3.1 Configure Data Retention
+###############################################
+
+# 5.3.1.1 Configure Audit Log Storage Size (Not Scored)
+
+# 5.3.1.2 Disable System on Audit Log Full (Not Scored)
+
+# 5.3.1.3 Keep All Auditing Information (Scored)
+
+# 5.3.2 Enable auditd Service (Scored)
+
+# 5.3.3 Configure Audit Log Storage Size (Not Scored)
+
+# 5.3.4 Disable System on Audit Log Full (Not Scored)
+
+# 5.3.5 Keep All Auditing Information (Scored)
+
+# 5.3.6 Enable Auditing for Processes That Start Prior to auditd (Scored)
+
+# 5.3.7 Record Events That Modify Date and Time Information (Scored)
+
+# 5.3.8 Record Events That Modify User/Group Information (Scored)
+
+# 5.3.9 Record Events That Modify the System’s Network Environment (Scored)
+
+# 5.3.10 Record Events That Modify the System’s Mandatory Access Controls (Scored)
+
+# 5.3.11 Collect Login and Logout Events (Scored)
+
+# 5.3.12 Collect Session Initiation Information (Scored)
+
+# 5.3.13 Collect Discretionary Access Control Permission Modification Events (Scored)
+
+# 5.3.14 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored)
+
+# 5.3.15 Collect Use of Privileged Commands (Scored)
+
+# 5.3.16 Collect Successful File System Mounts (Scored)
+
+# 5.3.17 Collect File Deletion Events by User (Scored)
+
+# 5.3.18 Collect Changes to System Administration Scope (sudoers) (Scored)
+
+# 5.3.19 Collect System Administrator Actions (sudolog) (Scored)
+
+# 5.3.20 Collect Kernel Module Loading and Unloading (Scored)
+
+# 5.3.21 Make the Audit Configuration Immutable (Scored)
+
+# 5.4 Configure logrotate (Not Scored)
+
+
+###############################################
+# 6 System Access, Authentication and Authorization
+###############################################
+
+###############################################
+# 6.1 Configure cron and anacron
+###############################################
+
+# 6.1.1 Enable anacron Daemon (Scored)
+
+# 6.1.2 Enable cron Daemon (Scored)
+
+# 6.1.3 Set User/Group Owner and Permission on /etc/anacrontab (Scored)
+
+# 6.1.4 Set User/Group Owner and Permission on /etc/crontab (Scored)
+
+# 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly (Scored)
+
+# 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily (Scored)
+
+# 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored)
+
+# 6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored)
+
+# 6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored)
+
+# 6.1.10 Restrict at Daemon (Scored)
+
+# 6.1.11 Restrict at/cron to Authorized Users (Scored)
+
+###############################################
+# 6.1 Configure SSH
+###############################################
+
+# 6.2.1 Set SSH Protocol to 2 (Scored)
+[CIS - RHEL5 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1;
+
+# 6.2.2 Set LogLevel to INFO (Scored)
+
+# 6.2.3 Set Permissions on /etc/ssh/sshd_config (Scored)
+
+# 6.2.4 Disable SSH X11 Forwarding (Scored)
+
+# 6.2.5 Set SSH MaxAuthTries to 4 or Less (Scored)
+
+# 6.2.6 Set SSH IgnoreRhosts to Yes (Scored)
+[CIS - RHEL5 - 6.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 6.2.6 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no;
+
+# 6.2.7 Set SSH HostbasedAuthentication to No (Scored)
+[CIS - RHEL5 - 6.2.7 - SSH Configuration - Host based authentication enabled {CIS: 6.2.7 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes;
+
+# 6.2.8 Disable SSH Root Login (Scored)
+[CIS - RHEL5 - 6.2.8 - SSH Configuration - Root login allowed {CIS: 6.2.8 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes;
+
+# 6.2.9 Set SSH PermitEmptyPasswords to No (Scored)
+[CIS - RHEL5 - 6.2.9 - SSH Configuration - Empty passwords permitted {CIS: 6.2.9 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes;
+
+# 6.2.10 Do Not Allow Users to Set Environment Options (Scored)
+
+# 6.2.11 Use Only Approved Ciphers in Counter Mode (Scored)
+
+# 6.2.12 Set Idle Timeout Interval for User Login (Not Scored)
+
+# 6.2.13 Limit Access via SSH (Scored)
+
+# 6.2.14 Set SSH Banner (Scored)
+
+# 6.2.15 Enable SSH UsePrivilegeSeparation (Scored)
+
+
+###############################################
+# 6.3 Configure PAM
+###############################################
+
+# 6.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored)
+
+# 6.3.2 Set Lockout for Failed Password Attempts (Not Scored)
+
+# 6.3.3 Use pam_deny.so to Deny Services (Not Scored)
+
+# 6.3.4 Upgrade Password Hashing Algorithm to SHA-512 (Scored)
+
+# 6.3.5 Limit Password Reuse (Scored)
+
+# 6.3.6 Remove the pam_ccreds Package (Scored)
+
+# 6.4 Restrict root Login to System Console (Not Scored)
+
+# 6.5 Restrict Access to the su Command (Scored)
+
+
+###############################################
+# 7 User Accounts and Environment
+###############################################
+
+###############################################
+# 7.1 Set Shadow Password Suite Parameters (/etc/login.defs)
+###############################################
+
+# 7.1.1 Set Password Expiration Days (Scored)
+
+# 7.1.2 Set Password Change Minimum Number of Days (Scored)
+
+# 7.1.3 Set Password Expiring Warning Days (Scored)
+
+# 7.2 Disable System Accounts (Scored)
+
+# 7.3 Set Default Group for root Account (Scored)
+
+# 7.4 Set Default umask for Users (Scored)
+
+# 7.5 Lock Inactive User Accounts (Scored)
+
+
+###############################################
+# 8 Warning Banners
+###############################################
+
+###############################################
+# 8.1 Warning Banners for Standard Login Services
+###############################################
+
+# 8.1.1 Set Warning Banner for Standard Login Services (Scored)
+
+# 8.1.2 Remove OS Information from Login Warning Banners (Scored)
+
+# 8.2 Set GNOME Warning Banner (Not Scored)
+
+
+###############################################
+# 9 System Maintenance
+###############################################
+
+###############################################
+# 9.1 Verify System File Permissions
+###############################################
+
+# 9.1.1 Verify System File Permissions (Not Scored)
+
+# 9.1.2 Verify Permissions on /etc/passwd (Scored)
+
+# 9.1.3 Verify Permissions on /etc/shadow (Scored)
+
+# 9.1.4 Verify Permissions on /etc/gshadow (Scored)
+
+# 9.1.5 Verify Permissions on /etc/group (Scored)
+
+# 9.1.6 Verify User/Group Ownership on /etc/passwd (Scored)
+
+# 9.1.7 Verify User/Group Ownership on /etc/shadow (Scored)
+
+# 9.1.8 Verify User/Group Ownership on /etc/gshadow (Scored)
+
+# 9.1.9 Verify User/Group Ownership on /etc/group (Scored)
+
+# 9.1.10 Find World Writable Files (Not Scored)
+
+# 9.1.11 Find Un-owned Files and Directories (Scored)
+
+# 9.1.12 Find Un-grouped Files and Directories (Scored)
+
+# 9.1.13 Find SUID System Executables (Not Scored)
+
+# 9.1.14 Find SGID System Executables (Not Scored)
+
+
+###############################################
+# 9.2 Review User and Group Settings
+###############################################
+
+# 9.2.1 Ensure Password Fields are Not Empty (Scored)
+
+# 9.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored)
+
+# 9.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored)
+
+# 9.2.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored)
+
+# 9.2.5 Verify No UID 0 Accounts Exist Other Than root (Scored)
+[CIS - RHEL5 - 9.2.5 - Non-root account with uid 0 {CIS: 9.2.5 RHEL5} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
 f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:;
 
+# 9.2.6 Ensure root PATH Integrity (Scored)
+
+# 9.2.7 Check Permissions on User Home Directories (Scored)
+
+# 9.2.8 Check User Dot File Permissions (Scored)
+
+# 9.2.9 Check Permissions on User .netrc Files (Scored)
+
+# 9.2.10 Check for Presence of User .rhosts Files (Scored)
+
+# 9.2.11 Check Groups in /etc/passwd (Scored)
+
+# 9.2.12 Check That Users Are Assigned Home Directories (Scored)
+
+# 9.2.13 Check That Defined Home Directories Exist (Scored)
+
+# 9.2.14 Check User Home Directory Ownership (Scored)
+
+# 9.2.15 Check for Duplicate UIDs (Scored)
+
+# 9.2.16 Check for Duplicate GIDs (Scored)
+
+# 9.2.17 Check That Reserved UIDs Are Assigned to System Accounts
 
-# EOF
+# 9.2.18 Check for Duplicate User Names (Scored)
+
+# 9.2.19 Check for Duplicate Group Names (Scored)
+
+# 9.2.20 Check for Presence of User .netrc Files (Scored)
+
+# 9.2.21 Check for Presence of User .forward Files (Scored)
+
+# Other/Legacy Tests
+[CIS - RHEL5 - X.X.X - Account with empty password present  {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/shadow -> r:^\w+::;
+
+[CIS - RHEL5 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+f:/etc/security/console.perms -> r:^<console>  \d+ <cdrom>;
+f:/etc/security/console.perms -> r:^<console>  \d+ <floppy>;
+
+[CIS - RHEL5 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dkudzu$;
+
+[CIS - RHEL5 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dpostgresql$;
+
+[CIS - RHEL5 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dmysqld$;
+
+[CIS - RHEL5 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dnamed$;
+
+[CIS - RHEL5 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf]
+d:$rc_dirs -> ^S\d\dnetfs$;