2 Replies Latest reply: Jun 8, 2012 10:15 AM by AlbertRudolf RSS

Urgent: Policies for Unix and Linux




What CIDs should I use to enforce the following policies:


Password Policy
Enforce password history6 passwords remembered
Maximum password age30 days
Minimum passowrd age0 days
Minimum password length8 characters
Password must meet complexity requirementsEnabled
Store passwords using reversible encryptionDisabled
Account Lockout Policy
Account lockout duration0 minutes
Account lockout threshold5 invalid logon attempts
Reset account lockout counter after30 minutes
Settings do Event Viewer
Configurar o tamanho do Log Application para:32 MB
Configurar o tamanho do Log Security para:32 MB
Configurar o tamanho do Log System para:32 MB
Audit Policy
Audit account logon events * (Domain Controller)Success, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit process trackingNot Defined
Audit system eventsSuccess, Failure
Session Timeout Setting
Screen SaverEnabled
Screen Saver executable nameEnabled (logon.scr)
Password protect the screen saverEnabled
Screen Saver timeoutEnabled (600 Seconds)


I need to implement those controls for the following OSs:.


Red Hat Enterprise Linux 3/4,Solaris 9.x,HPUX 11.iv1,AIX 5.x,Solaris 10.x,Red Hat Enterprise Linux 5.x,HPUX 11.iv2,Solaris 8.x,SUSE Linux Enterprise 9/10,CentOS 4.x,CentOS 5.x,Debian GNU/Linux 5.x,Ubuntu 8.x,Ubuntu 9.x,AIX 6.x,HPUX 11.iv3,SUSE Linux Enterprise 11.x,Solaris 11.x


Thanks in advance.




  • Urgent: Policies for Unix and Linux
    Caleb Corey



    There are a number of issues at play here.  In order to identify the CIDs to use in your policies, you can search the list of controls (Policies -> Controls -> Search) within the QualysGuard UI.  This should help you find the CIDs for the items you need to verify compliance of.


    In addition, if you have multiple or many operating systems you need to be scanning against, ensure that when you are creating your policy you select all the applicable operating systems - when a control applies to more than one technology, it will be handled for each applicable technology you've selected when creating your policy.


    If you need more in-depth assistance, I would suggest you get in touch with your Technical Account Manager; they can often be very helpful with setup and rollout-type issues.


    In addition, if you expect to be doing a great deal of work with the compliance module, I heartily recommend that you sign up for one of our Policy Compliance training classes; these are offered to customrs at no charge and provide a wealth of valuable information.


    -Caleb Corey

    Technical Support Engineer

    • Re: Urgent: Policies for Unix and Linux





      Thanks for your answer.




      I have already runned the online PC course, however, my problem are related to specific policies and not to the PC module as a whole.


      I think my local support might be able to help me.




      Thank you very much!




      T-Systems do Brasil Ltda.


      Process & Quality Management


      Albert Rudolf Lind Neto

      Rua Baffin, 32 - 5o. andar

      09725-060 - Jd. Maria Adelaide - São Bernardo do Campo, SP

      + 55 11 2596-7438

      E-mail: albert.rudolf@t-systems.com.br <mailto:albert.rudolf@t-systems.com.br>

      Internet: www.t-systems.com.br <http://www.t-systems.com.br/>




      Notice: This transmittal and/or attachments may be privileged or confidential.


      If you are not the intended recipient, you are hereby notified that you have received this transmittal in error; any review, dissemination,


      or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.






      De: Caleb Corey community@qualys.com

      Enviada em: quinta-feira, 7 de junho de 2012 20:46

      Para: Albert Rudolf Lind Neto

      Assunto: - Re: Urgent: Policies for Unix and Linux





      Qualys Community <https://community.qualys.com/index.jspa>



      Re: Urgent: Policies for Unix and Linux



      created by Caleb Corey <https://community.qualys.com/people/ccorey>  in QualysGuard PC - View the full discussion <https://community.qualys.com/message/14636#14636