
Common Scan Findings
There is frequently more than one way to achieve a given hardening-recommendation. As such, generic security scanners may produce alerts/findings that are at odds with the actual system state implemented by Watchmaker. The following are frequently-cited findings and explanations for why a scanner may alert on the Watchmaker-managed configuration-state.
Common Scan Findings for EL7
- Findings Summary-Table
- Use Only FIPS 140-2 Validated Ciphers
- Use Only FIPS 140-2 Validated MACs
- Modify the System Login Banner
- Enable Smart Card Login
- Configure the Firewalld Ports
- Set Default firewalld Zone for Incoming Packets
- Disable Kernel Parameter for IP Forwarding
- The Installed Operating System Is Vendor Supported
- Install McAfee Virus Scanning Software
- Enable FIPS Mode in GRUB2
- Configure AIDE to Use FIPS 140-2 for Validating Hashes
- Verify and Correct Ownership with RPM
- Verify and Correct File Permissions with RPM
- Ensure Users Re-Authenticate for Privilege Escalation - sudo NOPASSWD
- Operating system must display the date and time of the last successful account logon upon logon