Skip navigation
1923 Views 2 Replies Latest reply: Jun 8, 2012 10:15 AM by AlbertRudolf RSS
AlbertRudolf Level 2 109 posts since
Nov 25, 2010
Currently Being Moderated

Jun 6, 2012 10:42 AM

Urgent: Policies for Unix and Linux



What CIDs should I use to enforce the following policies:


Password Policy
Enforce password history6 passwords remembered
Maximum password age30 days
Minimum passowrd age0 days
Minimum password length8 characters
Password must meet complexity requirementsEnabled
Store passwords using reversible encryptionDisabled
Account Lockout Policy
Account lockout duration0 minutes
Account lockout threshold5 invalid logon attempts
Reset account lockout counter after30 minutes
Settings do Event Viewer
Configurar o tamanho do Log Application para:32 MB
Configurar o tamanho do Log Security para:32 MB
Configurar o tamanho do Log System para:32 MB
Audit Policy
Audit account logon events * (Domain Controller)Success, Failure
Audit account managementSuccess, Failure
Audit directory service accessSuccess, Failure
Audit logon eventsSuccess, Failure
Audit object accessSuccess, Failure
Audit policy changeSuccess, Failure
Audit privilege useSuccess, Failure
Audit process trackingNot Defined
Audit system eventsSuccess, Failure
Session Timeout Setting
Screen SaverEnabled
Screen Saver executable nameEnabled (logon.scr)
Password protect the screen saverEnabled
Screen Saver timeoutEnabled (600 Seconds)


I need to implement those controls for the following OSs:.


Red Hat Enterprise Linux 3/4,Solaris 9.x,HPUX 11.iv1,AIX 5.x,Solaris 10.x,Red Hat Enterprise Linux 5.x,HPUX 11.iv2,Solaris 8.x,SUSE Linux Enterprise 9/10,CentOS 4.x,CentOS 5.x,Debian GNU/Linux 5.x,Ubuntu 8.x,Ubuntu 9.x,AIX 6.x,HPUX 11.iv3,SUSE Linux Enterprise 11.x,Solaris 11.x


Thanks in advance.




  • Caleb Corey Level 2 32 posts since
    Jul 27, 2010
    Currently Being Moderated
    Jun 7, 2012 4:46 PM (in response to AlbertRudolf)
    Urgent: Policies for Unix and Linux



    There are a number of issues at play here.  In order to identify the CIDs to use in your policies, you can search the list of controls (Policies -> Controls -> Search) within the QualysGuard UI.  This should help you find the CIDs for the items you need to verify compliance of.


    In addition, if you have multiple or many operating systems you need to be scanning against, ensure that when you are creating your policy you select all the applicable operating systems - when a control applies to more than one technology, it will be handled for each applicable technology you've selected when creating your policy.


    If you need more in-depth assistance, I would suggest you get in touch with your Technical Account Manager; they can often be very helpful with setup and rollout-type issues.


    In addition, if you expect to be doing a great deal of work with the compliance module, I heartily recommend that you sign up for one of our Policy Compliance training classes; these are offered to customrs at no charge and provide a wealth of valuable information.


    -Caleb Corey

    Technical Support Engineer

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 10 points
  • Helpful Answers - 6 points