| Checked | Name | Title |
|---|
| ☐ | SV-239072r717090_rule | The Photon operating system must be configured to offload audit logs to a syslog server. |
| ☐ | SV-239073r675027_rule | The Photon operating system must audit all account creations. |
| ☐ | SV-239074r675030_rule | The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur. |
| ☐ | SV-239075r675033_rule | The Photon operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting SSH access. |
| ☐ | SV-239076r675036_rule | The Photon operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. |
| ☐ | SV-239077r675039_rule | The Photon operating system must set a session inactivity timeout of 15 minutes or less. |
| ☐ | SV-239078r675042_rule | The Photon operating system must have the sshd SyslogFacility set to "authpriv". |
| ☐ | SV-239079r675045_rule | The Photon operating system must have sshd authentication logging enabled. |
| ☐ | SV-239080r675048_rule | The Photon operating system must have the sshd LogLevel set to "INFO". |
| ☐ | SV-239081r675051_rule | The Photon operating system must configure sshd to use approved encryption algorithms. |
| ☐ | SV-239082r675054_rule | The Photon operating system must configure auditd to log to disk. |
| ☐ | SV-239083r675057_rule | The Photon operating system must configure auditd to use the correct log format. |
| ☐ | SV-239084r675060_rule | The Photon operating system must be configured to audit the execution of privileged functions. |
| ☐ | SV-239085r675063_rule | The Photon operating system audit log must log space limit problems to syslog. |
| ☐ | SV-239086r675066_rule | The Photon operating system audit log must attempt to log audit failures to syslog. |
| ☐ | SV-239087r675069_rule | The Photon operating system audit log must have correct permissions. |
| ☐ | SV-239088r675072_rule | The Photon operating system audit log must be owned by root. |
| ☐ | SV-239089r675075_rule | The Photon operating system audit log must be group-owned by root. |
| ☐ | SV-239090r675078_rule | The Photon operating system must have the auditd service running. |
| ☐ | SV-239091r675081_rule | The Photon operating system must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. |
| ☐ | SV-239092r675084_rule | The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur. |
| ☐ | SV-239093r675087_rule | The Photon operating system must enforce password complexity by requiring that at least one uppercase character be used. |
| ☐ | SV-239094r717043_rule | The Photon operating system must enforce password complexity by requiring that at least one lowercase character be used. |
| ☐ | SV-239095r675093_rule | The Photon operating system must enforce password complexity by requiring that at least one numeric character be used. |
| ☐ | SV-239096r675096_rule | The Photon operating system must require that new passwords are at least four characters different from the old password. |
| ☐ | SV-239097r675099_rule | The Photon operating system must store only encrypted representations of passwords. |
| ☐ | SV-239098r675102_rule | The Photon operating system must store only encrypted representations of passwords. |
| ☐ | SV-239099r675105_rule | The Photon operating system must be configured so that passwords for new users are restricted to a 24-hour minimum lifetime. |
| ☐ | SV-239100r675108_rule | The Photon operating system must be configured so that passwords for new users are restricted to a 90-day maximum lifetime. |
| ☐ | SV-239101r675111_rule | The Photon operating system must prohibit password reuse for a minimum of five generations. |
| ☐ | SV-239102r675114_rule | The Photon operating system must ensure old passwords are being stored. |
| ☐ | SV-239103r675117_rule | The Photon operating system must enforce a minimum eight-character password length. |
| ☐ | SV-239104r675120_rule | The Photon operating system must only allow installation of packages signed by VMware. |
| ☐ | SV-239105r675123_rule | The Photon operating system must disable the loading of unnecessary kernel modules. |
| ☐ | SV-239106r675126_rule | The Photon operating system must not have Duplicate User IDs (UIDs). |
| ☐ | SV-239107r675129_rule | The Photon operating system must configure sshd to disallow root logins. |
| ☐ | SV-239108r675132_rule | The Photon operating system must disable new accounts immediately upon password expiration. |
| ☐ | SV-239109r675135_rule | The Photon operating system must use TCP syncookies. |
| ☐ | SV-239110r675138_rule | The Photon operating system must configure sshd to disconnect idle SSH sessions. |
| ☐ | SV-239111r675141_rule | The Photon operating system must configure sshd to disconnect idle SSH sessions. |
| ☐ | SV-239112r675144_rule | The Photon operating system must configure rsyslog to offload system logs to a central server. |
| ☐ | SV-239113r675147_rule | The Photon operating system /var/log directory must be owned by root. |
| ☐ | SV-239114r675150_rule | The Photon operating system messages file must be owned by root. |
| ☐ | SV-239115r675153_rule | The Photon operating system messages file must have mode 0640 or less permissive. |
| ☐ | SV-239116r675156_rule | The Photon operating system must audit all account modifications. |
| ☐ | SV-239117r675159_rule | The Photon operating system must audit all account disabling actions. |
| ☐ | SV-239118r675162_rule | The Photon operating system must audit all account removal actions. |
| ☐ | SV-239119r675165_rule | The Photon operating system must initiate auditing as part of the boot process. |
| ☐ | SV-239120r675168_rule | The Photon operating system audit files and directories must have correct permissions. |
| ☐ | SV-239121r675171_rule | The Photon operating system audit files and directories must have correct permissions. |
| ☐ | SV-239122r675174_rule | The Photon operating system must protect audit tools from unauthorized modification. |
| ☐ | SV-239123r675177_rule | The Photon operating system must enforce password complexity by requiring that at least one special character be used. |
| ☐ | SV-239124r675180_rule | The Photon operating system package files must not be modified. |
| ☐ | SV-239125r675183_rule | The Photon operating system must set an inactivity timeout value for non-interactive sessions. |
| ☐ | SV-239126r675186_rule | The Photon operating system must configure sshd with a specific ListenAddress. |
| ☐ | SV-239127r675189_rule | The Photon operating system must audit the execution of privileged functions. |
| ☐ | SV-239128r675192_rule | The Photon operating system must configure auditd to keep five rotated log files. |
| ☐ | SV-239129r675195_rule | The Photon operating system must configure auditd to keep five rotated log files. |
| ☐ | SV-239130r675198_rule | The Photon operating system must configure a cron job to rotate auditd logs daily. |
| ☐ | SV-239131r675201_rule | The Photon operating system must configure auditd to log space limit problems to syslog. |
| ☐ | SV-239132r675204_rule | The Photon operating system must be configured to synchronize with an approved DoD time source. |
| ☐ | SV-239133r675207_rule | The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. |
| ☐ | SV-239134r675210_rule | The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. |
| ☐ | SV-239135r675213_rule | The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. |
| ☐ | SV-239136r675216_rule | The Photon operating system must require users to reauthenticate for privilege escalation. |
| ☐ | SV-239137r675219_rule | The Photon operating system must prohibit the use of cached authenticators after one day. |
| ☐ | SV-239138r675222_rule | The Photon operating system must configure sshd to use preferred ciphers. |
| ☐ | SV-239139r675225_rule | The Photon operating system must use OpenSSH for remote maintenance sessions. |
| ☐ | SV-239140r675228_rule | The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution. |
| ☐ | SV-239141r675231_rule | The Photon operating system must remove all software components after updated versions have been installed. |
| ☐ | SV-239142r675234_rule | The Photon operating system must generate audit records when the sudo command is used. |
| ☐ | SV-239143r675237_rule | The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur. |
| ☐ | SV-239144r675240_rule | The Photon operating system must audit the insmod module. |
| ☐ | SV-239145r675243_rule | The Photon operating system auditd service must generate audit records for all account creations, modifications, disabling, and termination events. |
| ☐ | SV-239146r675246_rule | The Photon operating system must use the pam_cracklib module. |
| ☐ | SV-239147r675249_rule | The Photon operating system must set the FAIL_DELAY parameter. |
| ☐ | SV-239148r675252_rule | The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. |
| ☐ | SV-239149r675255_rule | The Photon operating system must ensure audit events are flushed to disk at proper intervals. |
| ☐ | SV-239150r675258_rule | The Photon operating system must ensure root $PATH entries are appropriate. |
| ☐ | SV-239151r675261_rule | The Photon operating system must create a home directory for all new local interactive user accounts. |
| ☐ | SV-239152r675264_rule | The Photon operating system must disable the debug-shell service. |
| ☐ | SV-239153r675267_rule | The Photon operating system must configure a secure umask for all shells. |
| ☐ | SV-239154r675270_rule | The Photon operating system must configure sshd to disallow Generic Security Service Application Program Interface (GSSAPI) authentication. |
| ☐ | SV-239155r675273_rule | The Photon operating system must configure sshd to disable environment processing. |
| ☐ | SV-239156r675276_rule | The Photon operating system must configure sshd to disable X11 forwarding. |
| ☐ | SV-239157r675279_rule | The Photon operating system must configure sshd to perform strict mode checking of home directory configuration files. |
| ☐ | SV-239158r675282_rule | The Photon operating system must configure sshd to disallow Kerberos authentication. |
| ☐ | SV-239159r675285_rule | The Photon operating system must configure sshd to use privilege separation. |
| ☐ | SV-239160r675288_rule | The Photon operating system must configure sshd to disallow authentication with an empty password. |
| ☐ | SV-239161r675291_rule | The Photon operating system must configure sshd to disallow compression of the encrypted session stream. |
| ☐ | SV-239162r675294_rule | The Photon operating system must configure sshd to display the last login immediately after authentication. |
| ☐ | SV-239163r675297_rule | The Photon operating system must configure sshd to ignore user-specific trusted hosts lists. |
| ☐ | SV-239164r675300_rule | The Photon operating system must configure sshd to ignore user-specific known_host files. |
| ☐ | SV-239165r675303_rule | The Photon operating system must configure sshd to limit the number of allowed login attempts per connection. |
| ☐ | SV-239166r675306_rule | The Photon operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line. |
| ☐ | SV-239167r675309_rule | The Photon operating system must be configured so that the /etc/skel default scripts are protected from unauthorized modification. |
| ☐ | SV-239168r675312_rule | The Photon operating system must be configured so that the /root path is protected from unauthorized access. |
| ☐ | SV-239169r675315_rule | The Photon operating system must be configured so that all global initialization scripts are protected from unauthorized modification. |
| ☐ | SV-239170r675318_rule | The Photon operating system must be configured so that all system startup scripts are protected from unauthorized modification. |
| ☐ | SV-239171r675321_rule | The Photon operating system must be configured so that all files have a valid owner and group owner. |
| ☐ | SV-239172r675324_rule | The Photon operating system must be configured so that the /etc/cron.allow file is protected from unauthorized modification. |
| ☐ | SV-239173r675327_rule | The Photon operating system must be configured so that all cron jobs are protected from unauthorized modification. |
| ☐ | SV-239174r675330_rule | The Photon operating system must be configured so that all cron paths are protected from unauthorized modification. |
| ☐ | SV-239175r675333_rule | The Photon operating system must not forward IPv4 or IPv6 source-routed packets. |
| ☐ | SV-239176r675336_rule | The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. |
| ☐ | SV-239177r675339_rule | The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted. |
| ☐ | SV-239178r675342_rule | The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. |
| ☐ | SV-239179r675345_rule | The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects. |
| ☐ | SV-239180r675348_rule | The Photon operating system must log IPv4 packets with impossible addresses. |
| ☐ | SV-239181r675351_rule | The Photon operating system must use a reverse-path filter for IPv4 network traffic. |
| ☐ | SV-239182r675354_rule | The Photon operating system must not perform multicast packet forwarding. |
| ☐ | SV-239183r675357_rule | The Photon operating system must not perform IPv4 packet forwarding. |
| ☐ | SV-239184r675360_rule | The Photon operating system must send TCP timestamps. |
| ☐ | SV-239185r675363_rule | The Photon OS must not have the xinetd service enabled. |
| ☐ | SV-239186r675366_rule | The Photon operating system must be configured to protect the SSH public host key from unauthorized modification. |
| ☐ | SV-239187r675369_rule | The Photon operating system must be configured to protect the SSH private host key from unauthorized access. |
| ☐ | SV-239188r675372_rule | The Photon operating system must enforce password complexity on the root account. |
| ☐ | SV-239189r675375_rule | The Photon operating system must protect all boot configuration files from unauthorized access. |
| ☐ | SV-239190r675378_rule | The Photon operating system must protect sshd configuration from unauthorized access. |
| ☐ | SV-239191r675381_rule | The Photon operating system must protect all sysctl configuration files from unauthorized access. |
| ☐ | SV-239192r675384_rule | The Photon operating system must ship vCenter SSO logs via rsyslog. |
| ☐ | SV-239193r675387_rule | The Photon operating system must set the UMASK parameter correctly. |
| ☐ | SV-239194r675390_rule | The Photon operating system must configure sshd to disallow HostbasedAuthentication. |
| ☐ | SV-239195r675393_rule | The Photon operating system must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
STIGQter: STIG Summary: