50549	low	The xinetd service must be uninstalled if no network services utilizing it are enabled.
50551	high	The telnet-server package must not be installed.
50553	high	The telnet daemon must not be running.
50555	high	The rsh-server package must not be installed.
50557	high	The rshd service must not be running.
50559	high	The rexecd service must not be running.
50561	high	The rlogind service must not be running.
50563	medium	The ypserv package must not be installed.
50567	medium	The tftp-server package must not be installed.
50571	medium	The cron service must be running.
50573	high	The SSH daemon must be configured to use only the SSHv2 protocol.
50575	low	The SSH daemon must set a timeout interval on idle sessions.
50577	low	The SSH daemon must set a timeout count on idle sessions.
50579	medium	The SSH daemon must ignore .rhosts files.
50581	medium	The SSH daemon must not allow host-based authentication.
50591	low	The system package management tool must verify group-ownership on all files and directories associated with packages.
50593	low	The system package management tool must verify ownership on all files and directories associated with packages.
50609	medium	The operating system, upon successful logon, must display to the user the date and time of the last logon or access via ssh.
50643	medium	There must be no .netrc files on the system.
50647	medium	The system must not accept IPv4 source-routed packets by default.
50655	low	The system must ignore IPv4 ICMP redirect messages.
50657	low	The system must not respond to ICMPv4 sent to a broadcast address.
50663	low	The system must ignore ICMPv4 bogus error responses.
50667	low	The system default umask in /etc/login.defs must be 077.
50669	low	The system default umask in /etc/profile must be 077.
50683	medium	The system must be configured to use TCP syncookies.
50685	medium	The system must use a reverse-path filter for IPv4 network traffic when possible on all interfaces.
50699	medium	The system must use a reverse-path filter for IPv4 network traffic when possible by default.
50721	medium	The system must prevent the root account from logging in from virtual consoles.
50725	low	The system must prevent the root account from logging in from serial consoles.
50731	medium	Default system accounts, other than root, must be locked.
50741	medium	The /etc/passwd file must not contain password hashes.
50747	medium	The root account must be the only account having a UID of 0.
50753	medium	The /etc/shadow file must be owned by root.
50755	medium	The /etc/shadow file must be group-owned by root.
50757	medium	The /etc/shadow file must have mode 0000.
50759	medium	The /etc/gshadow file must be owned by root.
50763	medium	The /etc/gshadow file must be group-owned by root.
50765	medium	The /etc/gshadow file must have mode 0000.
50769	medium	The /etc/passwd file must be owned by root.
50771	medium	The /etc/passwd file must be group-owned by root.
50773	medium	The /etc/passwd file must have mode 0644 or less permissive.
50775	medium	The /etc/group file must be owned by root.
50777	medium	The /etc/group file must be group-owned by root.
50779	medium	The /etc/group file must have mode 0644 or less permissive.
50783	medium	Library files must have mode 0755 or less permissive.
50785	medium	Library files must be owned by root.
50787	medium	All system command files must have mode 755 or less permissive.
50789	medium	All system command files must be owned by root.
50801	high	The SSH daemon must not allow authentication using an empty password.
50805	low	The SSH daemon must not permit user environment settings.
50821	low	The openldap-servers package must not be installed unless required.
50831	low	The Automatic Bug Reporting Tool (abrtd) service must not be running.
50837	low	The ntpdate service must not be running.
50839	low	The oddjobd service must not be running.
50841	low	The qpidd service must not be running.
50843	low	The rdisc service must not be running.
50871	medium	There must be no world-writable files on the system.
50881	medium	The sendmail package must be removed.
50883	low	The netconsole service must be disabled unless required.
50885	medium	X Windows must not be enabled unless required.
50903	medium	The operating system must connect to external networks or information systems only through managed IPv4 interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.
50927	medium	The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (login.defs).
50933	medium	The system boot loader configuration file(s) must be owned by root.
50939	medium	The system boot loader configuration file(s) must be group-owned by root.
50943	medium	The system boot loader configuration file(s) must have mode 0600 or less permissive.
50953	low	The system must allow locking of the console screen in text mode.
50957	medium	The system must implement virtual address space randomization.
50969	medium	The system must not accept IPv4 source-routed packets on any interface.
50971	medium	The system must not accept ICMPv4 redirect packets on any interface.
50973	low	All GIDs referenced in /etc/passwd must be defined in /etc/group.
50985	low	All accounts on the system must have unique user or account names.
51007	medium	All rsyslog-generated log files must be owned by root.
51009	medium	All rsyslog-generated log files must be group-owned by root.
51013	medium	All rsyslog-generated log files must have mode 0600 or less permissive.
51041	low	Process core dumps must be disabled unless needed.
51115	low	The system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements.
51423	low	All public directories must be owned by a system account.
