Scribd Logo
Upload

Welcome to Scribd!

  • Kynlmprmon01 04212022-115554

    Uploaded by

    Jordann Gomez
    27 views6 pages

    Original Title

    kynlmprmon01_04212022-115554

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    27 views6 pages

    Kynlmprmon01 04212022-115554

    Uploaded by

    Jordann Gomez

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    Global Technology Services

    HCLauncher Compliancy Report

    Report generated on:

    Thu, 21 Apr 2022 11:55 (Eastern Standard Time) Thu, 21 Apr 2022 15:55 (UTC)

    Server :

    kynlmprmon01(10.28.20.234)

    OS :

    Linux

    Policy :

    SUDO-UNIX-CSD-4.0C

    copyright © IBM 2018 , portions copyright © Free Software Foundation, Inc.(http://fsf.org/) , 2007
    SUMMARY

    Rule ID Rule title Priority Status


    1 Logging/SUDO Log File Exists normal Passed
    2 Logging/SUDO Logging Enabled normal Passed
    3 System Controls/SUDO ALL Access Allowed normal Passed
    4 System Controls/SUDO Commands Allowing Shell Escape normal Passed
    NOEXEC
    5 System Controls/SUDO EnvFile normal Passed
    7 protecting Resources-OSRs/SUDO Command Group Permissions normal Passed
    8 protecting Resources-OSRs/SUDO Command WW Permissions normal Passed
    9 protecting Resources-OSRs/SUDO Config File Ownership normal Passed
    10 protecting Resources-OSRs/SUDO Config File Permissions normal Passed
    11 protecting Resources-OSRs/SUDO Env File Restriction normal Passed
    12 protecting Resources-OSRs/SUDO Full Path Restriction normal FAILED
    13 protecting Resources-OSRs/SUDO Includedir Full Path Restriction normal Passed
    14 protecting Resources-OSRs/SUDO Includedir Ownership normal Passed
    15 protecting Resources-OSRs/SUDO Includedir Perms normal Passed

    RULE DETAILS
    RuleID :1 (Compliant)

    ➣ Logging_SUDO_Log_File_Exists.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=Logging/SUDO Log File Exists
    description=ZY.1.2.2 Sudo-specific Log File. If a sudo-specific log file is used, the
    file must exist
    priority=normal
    expected=
    Back to SUMMARY
    RuleID : 2 (Compliant)

    ➣ Logging_SUDO_Logging_Enabled.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=Logging/SUDO Logging Enabled
    description=ZY.1.2.1 Sudo Logging, must not be disabled. The following is NOT allowed
    in the sudo configuration file: !logfile
    priority=normal
    expected=
    Back to SUMMARY
    RuleID : 3 (Compliant)
    ➣ System_Controls_SUDO_ALL_Access_Allowed.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=System Controls/SUDO ALL Access Allowed
    description=ZY.1.4.3.3 Preventing Nested Sudo invocation. The sudo configuration file
    must prevent users from using sudo to invoke sudo. The following must be the last
    effective line in the sudo configuration file: ALL ALL=!SUDOSUDO.
    priority=normal
    expected=
    Back to SUMMARY
    RuleID : 4 (Compliant)

    ➣ System_Controls_SUDO_Commands_Allowing_Shell_Escape_NOEXEC.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=System Controls/SUDO Commands Allowing Shell Escape NOEXEC
    description=ZY.1.4.2.0, ZY.1.4.2.1, ZY.1.4.2.2 Commands which allow shell escape.
    Verifies SUDO commands allowing Shell Escape have NOEXEC function implemented.
    priority=normal
    expected=
    Back to SUMMARY
    RuleID : 5 (Compliant)

    ➣ System_Controls_SUDO_EnvFile.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=System Controls/SUDO EnvFile
    description=The sudo configuration file must contain the statement Defaults
    env_file=/etc/sudo.env. The sudo environment control file /etc/sudo.env must contain
    the entries: SMIT_SHELL=n SMIT_SEMI_COLON=n SMIT_QUOTE=n /etc/sudo.env file's content
    should be checked manually.
    priority=normal
    expected=
    Back to SUMMARY
    RuleID : 7 (Compliant)

    ➣ protecting_Resources-OSRs_SUDO_Command_Group_Permissions.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=protecting Resources-OSRs/SUDO Command Group Permissions
    description=ZY.1.8.2.3 Protection requirements for system facility entries executing
    with privilege authority. Each active entry's file/command/script executed, and all
    existing directories in its path, must have settings for "group" of r-x or more
    stringent, if owned by groups considered to be default groups for general users.
    priority=normal
    expected=Builtin Commands='sudoedit'
    Back to SUMMARY
    RuleID : 8 (Compliant)

    ➣ protecting_Resources-OSRs_SUDO_Command_WW_Permissions.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=protecting Resources-OSRs/SUDO Command WW Permissions
    description=ZY.1.8.2.2 Protection requirements for system facility entries executing
    with privilege authority. Each active entry's file/command/script executed, and all
    directories in its path, must have settings for "other" of r-x or more stringent.
    priority=normal
    expected=AIX
    directories='/usr/sbin','/usr/etc','/usr','/usr/share','/var/adm','/usr/share/dict','/e
    tc/locks','/etc/security','/','/etc','/bin','/usr/bin','/tmp','/var/tmp','/var':Linux
    directories='/etc','/var','/usr','/var/log','/var/tmp','/':Solaris
    directories='/platform','/sbin','/usr/sbin','/usr/bin','/var/log','/var/adm','/bin','/e
    tc','/kernel','/lib':Builtin Commands='sudoedit'
    Back to SUMMARY
    RuleID : 9 (Compliant)

    ➣ protecting_Resources-OSRs_SUDO_Config_File_Ownership.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=protecting Resources-OSRs/SUDO Config File Ownership
    description=ZY.1.8.1 Sudo configuration file File must be owned by root, and must not
    be world-writable.
    priority=normal
    expected=
    Back to SUMMARY
    RuleID : 10 (Compliant)

    ➣ protecting_Resources-OSRs_SUDO_Config_File_Permissions.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=protecting Resources-OSRs/SUDO Config File Permissions
    description=ZY.1.8.1 Sudo configuration file File must be owned by root, and must not
    be world-writable.
    priority=normal
    expected=
    Back to SUMMARY
    RuleID : 11 (Compliant)
    ➣ protecting_Resources-OSRs_SUDO_Env_File_Restriction.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=protecting Resources-OSRs/SUDO Env File Restriction
    description=Any file referenced by a env_file directive in the /etc/sudoers Each file
    named must be owned by root, have 'group' which is one of the OS accepted OSR groups,
    and and must not be world writable.
    priority=normal
    expected=AIX Privileged
    Groups='system','uucp','adm','audit','bin','cron','ecs','hacmp','haemrm','imnadm','ipse
    c','ldap','Ip','mail','pconsole','printq','security','shutdown','snapp','sys':Solaris
    Privileged
    Groups='mail','smmsp','root','adm','bin','cimsrvr','daemon','ftp','gdm','imnadm','lp','
    mysql','netadm','nuucp','openldap','pkg5srv','postgres','slocate','sms','sys','sysadmin
    ','tty','upnp','uucp','webservd','xvm':HPUX Privileged
    Groups='adm','bin','cimsrvr','daemon','imnadm','lp','mail','nogroup','nuucp','root','sy
    s','tty'
    Back to SUMMARY
    RuleID :12 (Non Compliant)

    ➣ protecting_Resources-OSRs_SUDO_Full_Path_Restriction
    Full path must be used in /etc/sudoers.d/123_AE_GLB for: IBM_NONE_EDITOR (Cmnd_alias: )
    Full path must be used in /etc/sudoers.d/123_AE_GLB for: IBM_NONE_SA (Cmnd_alias: )
    Full path must be used in /etc/sudoers.d/123_AE_GLB for: IBM_SHELLESCAPE_ALL
    (Cmnd_alias: )
    Full path must be used in /etc/sudoers.d/123_AE_GLB for: IBM_SHELLS_ALL (Cmnd_alias:
    IBM_UNIX_AE_BAU_CMDS)
    Full path must be used in /etc/sudoers for: SUDOSUDO (Cmnd_alias: )

    ➣ protecting_Resources-OSRs_SUDO_Full_Path_Restriction.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=protecting Resources-OSRs/SUDO Full Path Restriction
    description=ZY.1.8.2.1 Protection requirements for system facility entries executing
    with privilege authority. Each active entry must specify full path of the
    file/command/script to be executed.
    priority=normal
    expected=Builtin Commands='sudoedit'
    Back to SUMMARY
    RuleID : 13 (Compliant)
    ➣ protecting_Resources-OSRs_SUDO_Includedir_Full_Path_Restriction.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=protecting Resources-OSRs/SUDO Includedir Full Path Restriction
    description=Each file named must specify the full path of the included file.
    priority=normal
    expected=Builtin Commands='sudoedit'
    Back to SUMMARY
    RuleID : 14 (Compliant)

    ➣ protecting_Resources-OSRs_SUDO_Includedir_Ownership.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=protecting Resources-OSRs/SUDO Includedir Ownership
    description=Each directory and file which is not an OS OSR must be owned by root and
    have permissions of 700. OS OSR may be owned and with permissions as allowed by the OS
    OSR requirements.
    priority=normal
    expected=
    Back to SUMMARY
    RuleID : 15 (Compliant)

    ➣ protecting_Resources-OSRs_SUDO_Includedir_Perms.rule
    [metadata]
    policy=SUDO-UNIX-CSD-4.0C
    rule=protecting Resources-OSRs/SUDO Includedir Perms
    description=For each directory named all existing directories in its path must have
    settings for "other" of r-x or more stringent. For each file named all existing
    directories in its path must have settings for "other" of r-x or more stringent.
    priority=normal
    expected=
    Back to SUMMARY

    You might also like