2 Replies Latest reply on Jun 8, 2012 10:15 AM by AlbertRudolf

    Urgent: Policies for Unix and Linux

    AlbertRudolf Level 2



      What CIDs should I use to enforce the following policies:


      Password Policy
      Enforce password history6 passwords remembered
      Maximum password age30 days
      Minimum passowrd age0 days
      Minimum password length8 characters
      Password must meet complexity requirementsEnabled
      Store passwords using reversible encryptionDisabled
      Account Lockout Policy
      Account lockout duration0 minutes
      Account lockout threshold5 invalid logon attempts
      Reset account lockout counter after30 minutes
      Settings do Event Viewer
      Configurar o tamanho do Log Application para:32 MB
      Configurar o tamanho do Log Security para:32 MB
      Configurar o tamanho do Log System para:32 MB
      Audit Policy
      Audit account logon events * (Domain Controller)Success, Failure
      Audit account managementSuccess, Failure
      Audit directory service accessSuccess, Failure
      Audit logon eventsSuccess, Failure
      Audit object accessSuccess, Failure
      Audit policy changeSuccess, Failure
      Audit privilege useSuccess, Failure
      Audit process trackingNot Defined
      Audit system eventsSuccess, Failure
      Session Timeout Setting
      Screen SaverEnabled
      Screen Saver executable nameEnabled (logon.scr)
      Password protect the screen saverEnabled
      Screen Saver timeoutEnabled (600 Seconds)


      I need to implement those controls for the following OSs:.


      Red Hat Enterprise Linux 3/4,Solaris 9.x,HPUX 11.iv1,AIX 5.x,Solaris 10.x,Red Hat Enterprise Linux 5.x,HPUX 11.iv2,Solaris 8.x,SUSE Linux Enterprise 9/10,CentOS 4.x,CentOS 5.x,Debian GNU/Linux 5.x,Ubuntu 8.x,Ubuntu 9.x,AIX 6.x,HPUX 11.iv3,SUSE Linux Enterprise 11.x,Solaris 11.x


      Thanks in advance.




        • Urgent: Policies for Unix and Linux
          Caleb Corey Level 2



          There are a number of issues at play here.  In order to identify the CIDs to use in your policies, you can search the list of controls (Policies -> Controls -> Search) within the QualysGuard UI.  This should help you find the CIDs for the items you need to verify compliance of.


          In addition, if you have multiple or many operating systems you need to be scanning against, ensure that when you are creating your policy you select all the applicable operating systems - when a control applies to more than one technology, it will be handled for each applicable technology you've selected when creating your policy.


          If you need more in-depth assistance, I would suggest you get in touch with your Technical Account Manager; they can often be very helpful with setup and rollout-type issues.


          In addition, if you expect to be doing a great deal of work with the compliance module, I heartily recommend that you sign up for one of our Policy Compliance training classes; these are offered to customrs at no charge and provide a wealth of valuable information.


          -Caleb Corey

          Technical Support Engineer