What CIDs should I use to enforce the following policies:
|Enforce password history||6 passwords remembered|
|Maximum password age||30 days|
|Minimum passowrd age||0 days|
|Minimum password length||8 characters|
|Password must meet complexity requirements||Enabled|
|Store passwords using reversible encryption||Disabled|
|Account Lockout Policy|
|Account lockout duration||0 minutes|
|Account lockout threshold||5 invalid logon attempts|
|Reset account lockout counter after||30 minutes|
|Settings do Event Viewer|
|Configurar o tamanho do Log Application para:||32 MB|
|Configurar o tamanho do Log Security para:||32 MB|
|Configurar o tamanho do Log System para:||32 MB|
|Audit account logon events * (Domain Controller)||Success, Failure|
|Audit account management||Success, Failure|
|Audit directory service access||Success, Failure|
|Audit logon events||Success, Failure|
|Audit object access||Success, Failure|
|Audit policy change||Success, Failure|
|Audit privilege use||Success, Failure|
|Audit process tracking||Not Defined|
|Audit system events||Success, Failure|
|Session Timeout Setting|
|Screen Saver executable name||Enabled (logon.scr)|
|Password protect the screen saver||Enabled|
|Screen Saver timeout||Enabled (600 Seconds)|
I need to implement those controls for the following OSs:.
Red Hat Enterprise Linux 3/4,Solaris 9.x,HPUX 11.iv1,AIX 5.x,Solaris 10.x,Red Hat Enterprise Linux 5.x,HPUX 11.iv2,Solaris 8.x,SUSE Linux Enterprise 9/10,CentOS 4.x,CentOS 5.x,Debian GNU/Linux 5.x,Ubuntu 8.x,Ubuntu 9.x,AIX 6.x,HPUX 11.iv3,SUSE Linux Enterprise 11.x,Solaris 11.x
Thanks in advance.
There are a number of issues at play here. In order to identify the CIDs to use in your policies, you can search the list of controls (Policies -> Controls -> Search) within the QualysGuard UI. This should help you find the CIDs for the items you need to verify compliance of.
In addition, if you have multiple or many operating systems you need to be scanning against, ensure that when you are creating your policy you select all the applicable operating systems - when a control applies to more than one technology, it will be handled for each applicable technology you've selected when creating your policy.
If you need more in-depth assistance, I would suggest you get in touch with your Technical Account Manager; they can often be very helpful with setup and rollout-type issues.
In addition, if you expect to be doing a great deal of work with the compliance module, I heartily recommend that you sign up for one of our Policy Compliance training classes; these are offered to customrs at no charge and provide a wealth of valuable information.
Technical Support Engineer
Thanks for your answer.
I have already runned the online PC course, however, my problem are related to specific policies and not to the PC module as a whole.
I think my local support might be able to help me.
Thank you very much!
T-Systems do Brasil Ltda.
Process & Quality Management
Albert Rudolf Lind Neto
Rua Baffin, 32 - 5o. andar
09725-060 - Jd. Maria Adelaide - São Bernardo do Campo, SP
+ 55 11 2596-7438
Internet: www.t-systems.com.br <http://www.t-systems.com.br/>
Notice: This transmittal and/or attachments may be privileged or confidential.
If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination,
or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.
De: Caleb Corey email@example.com
Enviada em: quinta-feira, 7 de junho de 2012 20:46
Para: Albert Rudolf Lind Neto
Qualys Community <https://community.qualys.com/index.jspa>
Re: Urgent: Policies for Unix and Linux