Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
You regularly audit your system for dormant accounts and disable any that have not been used for a specified period.
File systems are adequately backed up and archived.
Log files are regularly monitored for successful and unsuccessful su attempts.
Log files are regularly monitored for repeated login failures.
Log files are regularly monitored for LOGIN REFUSED messages.
Quotas are used or are not required as a matter of policy.
There are no shared accounts.
There are no guest accounts.
special groups (such as the "wheel" group under SunOS) are used to restrict which users have access to root.
All default vendor accounts shipped with the Operating System are disabled.
All accounts that have no password which execute a command are removed.
'.' is NOT in the Root search path.
Root's login files do not source any other files not owned by root or which are group or world writable.
Root cron job files do not source any other files not owned by root or which are group or world writable.
Absolute pathnames are used in ALL Root scripts, programs, and whenever Root issues a command.
IP forwarding is disabled.
The '/etc/fbtab' file exists and has been properly configured or this is not a Sun computer.
all files and directories under '/usr/kvm/sys/' are not writable by group or world.
You periodically run the CERT tool 'cpm' to check if your system is running in promiscuous mode.
You have disabled the /dev/nit interface.
With maximum value of