# Lynis Report report_version_major=1 report_version_minor=0 report_datetime_start=2022-01-07 22:18:01 auditor=[Not Specified] lynis_version=3.0.1 os=Linux os_name=CentOS Linux os_fullname=CentOS Linux 7 (Core) os_version=7 linux_version=CentOS os_kernel_version=3.10.0 os_kernel_version_full=3.10.0-1160.45.1.el7.x86_64 hostname=creasing1 test_category=all test_group=all plugin_directory=./plugins lynis_update_available=-1 suggestion[]=LYNIS|This release is more than 4 months old. Check the website or GitHub to see if there is an update available.|-|-| binaries_count=1189 binaries_suid_count=/usr/bin/chage /usr/bin/chfn /usr/bin/chsh /usr/bin/crontab /usr/bin/gpasswd /usr/bin/mount /usr/bin/newgrp /usr/bin/passwd /usr/bin/pkexec /usr/bin/sg /usr/bin/su /usr/bin/sudo /usr/bin/sudoedit /usr/bin/umount /usr/sbin/mount.nfs /usr/sbin/mount.nfs4 /usr/sbin/pam_timestamp_check /usr/sbin/umount.nfs /usr/sbin/umount.nfs4 /usr/sbin/unix_chkpwd /usr/sbin/usernetctl binaries_sgid_count=/usr/bin/ssh-agent /usr/bin/wall /usr/bin/write /usr/sbin/netreport /usr/sbin/postdrop /usr/sbin/postqueue binary_paths=/usr/bin,/usr/sbin vm=1 vmtype=kvm container=0 systemd=1 plugin_enabled_phase1[]=pam|1.0.5| authentication_two_factor_enabled=0 authentication_two_factor_required=0 minimum_password_length=8 password_strength_tested=1 min_password_class=ignored password_max_digital_credit=0 password_max_l_credit=0 password_max_other_credit=0 password_max_u_credit=0 max_password_retry=3 plugin_enabled_phase1[]=systemd|1.0.4| systemctl_exit_code=0 systemd_version=219 systemd_builtin_components=+PAM,+AUDIT,+SELINUX,+IMA,-APPARMOR,+SMACK,+SYSVINIT,+UTMP,+LIBCRYPTSETUP,+GCRYPT,+GNUTLS,+ACL,+XZ,+LZ4,-SECCOMP,+BLKID,+ELFUTILS,+KMOD,+IDN systemd_unit_file[]=proc-sys-fs-binfmt_misc.automount|static| systemd_unit_file[]=dev-hugepages.mount|static| systemd_unit_file[]=dev-mqueue.mount|static| systemd_unit_file[]=proc-fs-nfsd.mount|static| systemd_unit_file[]=proc-sys-fs-binfmt_misc.mount|static| systemd_unit_file[]=sys-fs-fuse-connections.mount|static| systemd_unit_file[]=sys-kernel-config.mount|static| systemd_unit_file[]=sys-kernel-debug.mount|static| systemd_unit_file[]=tmp.mount|disabled| systemd_unit_file[]=var-lib-nfs-rpc_pipefs.mount|static| systemd_unit_file[]=brandbot.path|disabled| systemd_unit_file[]=systemd-ask-password-console.path|static| systemd_unit_file[]=systemd-ask-password-plymouth.path|static| systemd_unit_file[]=systemd-ask-password-wall.path|static| systemd_unit_file[]=session-22.scope|static| systemd_unit_file[]=session-45.scope|static| systemd_unit_file[]=session-65.scope|static| systemd_unit_file[]=arp-ethers.service|disabled| systemd_unit_file[]=auditd.service|enabled| systemd_unit_file[]=auth-rpcgss-module.service|static| systemd_unit_file[]=autofs.service|disabled| systemd_unit_file[]=autovt@.service|enabled| systemd_unit_file[]=blk-availability.service|disabled| systemd_unit_file[]=brandbot.service|static| systemd_unit_file[]=console-getty.service|disabled| systemd_unit_file[]=console-shell.service|disabled| systemd_unit_file[]=container-getty@.service|static| systemd_unit_file[]=cpupower.service|disabled| systemd_unit_file[]=crond.service|enabled| systemd_unit_file[]=dbus-org.freedesktop.hostname1.service|static| systemd_unit_file[]=dbus-org.freedesktop.import1.service|static| systemd_unit_file[]=dbus-org.freedesktop.locale1.service|static| systemd_unit_file[]=dbus-org.freedesktop.login1.service|static| systemd_unit_file[]=dbus-org.freedesktop.machine1.service|static| systemd_unit_file[]=dbus-org.freedesktop.timedate1.service|static| systemd_unit_file[]=dbus.service|static| systemd_unit_file[]=debug-shell.service|disabled| systemd_unit_file[]=dm-event.service|static| systemd_unit_file[]=dracut-cmdline.service|static| systemd_unit_file[]=dracut-initqueue.service|static| systemd_unit_file[]=dracut-mount.service|static| systemd_unit_file[]=dracut-pre-mount.service|static| systemd_unit_file[]=dracut-pre-pivot.service|static| systemd_unit_file[]=dracut-pre-trigger.service|static| systemd_unit_file[]=dracut-pre-udev.service|static| systemd_unit_file[]=dracut-shutdown.service|static| systemd_unit_file[]=ebtables.service|disabled| systemd_unit_file[]=emergency.service|static| systemd_unit_file[]=falcon-sensor.service|enabled| systemd_unit_file[]=firewalld.service|disabled| systemd_unit_file[]=fstrim.service|static| systemd_unit_file[]=getty@.service|enabled| systemd_unit_file[]=gssproxy.service|disabled| systemd_unit_file[]=halt-local.service|static| systemd_unit_file[]=initrd-cleanup.service|static| systemd_unit_file[]=initrd-parse-etc.service|static| systemd_unit_file[]=initrd-switch-root.service|static| systemd_unit_file[]=initrd-udevadm-cleanup-db.service|static| systemd_unit_file[]=iprdump.service|disabled| systemd_unit_file[]=iprinit.service|disabled| systemd_unit_file[]=iprupdate.service|disabled| systemd_unit_file[]=irqbalance.service|enabled| systemd_unit_file[]=kdump.service|disabled| systemd_unit_file[]=kmod-static-nodes.service|static| systemd_unit_file[]=lvm2-lvmetad.service|static| systemd_unit_file[]=lvm2-lvmpolld.service|static| systemd_unit_file[]=lvm2-monitor.service|enabled| systemd_unit_file[]=lvm2-pvscan@.service|static| systemd_unit_file[]=messagebus.service|static| systemd_unit_file[]=microcode.service|enabled| systemd_unit_file[]=NetworkManager-dispatcher.service|disabled| systemd_unit_file[]=NetworkManager-wait-online.service|disabled| systemd_unit_file[]=NetworkManager.service|disabled| systemd_unit_file[]=nfs-blkmap.service|disabled| systemd_unit_file[]=nfs-config.service|static| systemd_unit_file[]=nfs-idmap.service|static| systemd_unit_file[]=nfs-idmapd.service|static| systemd_unit_file[]=nfs-lock.service|static| systemd_unit_file[]=nfs-mountd.service|static| systemd_unit_file[]=nfs-rquotad.service|disabled| systemd_unit_file[]=nfs-secure.service|static| systemd_unit_file[]=nfs-server.service|disabled| systemd_unit_file[]=nfs-utils.service|static| systemd_unit_file[]=nfs.service|disabled| systemd_unit_file[]=nfslock.service|static| systemd_unit_file[]=ntpd.service|enabled| systemd_unit_file[]=ntpdate.service|disabled| systemd_unit_file[]=plymouth-halt.service|disabled| systemd_unit_file[]=plymouth-kexec.service|disabled| systemd_unit_file[]=plymouth-poweroff.service|disabled| systemd_unit_file[]=plymouth-quit-wait.service|disabled| systemd_unit_file[]=plymouth-quit.service|disabled| systemd_unit_file[]=plymouth-read-write.service|disabled| systemd_unit_file[]=plymouth-reboot.service|disabled| systemd_unit_file[]=plymouth-start.service|disabled| systemd_unit_file[]=plymouth-switch-root.service|static| systemd_unit_file[]=polkit.service|static| systemd_unit_file[]=postfix.service|enabled| systemd_unit_file[]=quotaon.service|static| systemd_unit_file[]=rc-local.service|static| systemd_unit_file[]=rdisc.service|disabled| systemd_unit_file[]=rescue.service|static| systemd_unit_file[]=rhel-autorelabel-mark.service|enabled| systemd_unit_file[]=rhel-autorelabel.service|enabled| systemd_unit_file[]=rhel-configure.service|enabled| systemd_unit_file[]=rhel-dmesg.service|enabled| systemd_unit_file[]=rhel-domainname.service|enabled| systemd_unit_file[]=rhel-import-state.service|enabled| systemd_unit_file[]=rhel-loadmodules.service|enabled| systemd_unit_file[]=rhel-readonly.service|enabled| systemd_unit_file[]=rpc-gssd.service|static| systemd_unit_file[]=rpc-rquotad.service|disabled| systemd_unit_file[]=rpc-statd-notify.service|static| systemd_unit_file[]=rpc-statd.service|static| systemd_unit_file[]=rpcbind.service|enabled| systemd_unit_file[]=rpcgssd.service|static| systemd_unit_file[]=rpcidmapd.service|static| systemd_unit_file[]=rsyslog.service|enabled| systemd_unit_file[]=selinux-policy-migrate-local-changes@.service|static| systemd_unit_file[]=serial-getty@.service|disabled| systemd_unit_file[]=sshd-keygen.service|static| systemd_unit_file[]=sshd.service|enabled| systemd_unit_file[]=sshd@.service|static| systemd_unit_file[]=sysstat.service|enabled| systemd_unit_file[]=systemd-ask-password-console.service|static| systemd_unit_file[]=systemd-ask-password-plymouth.service|static| systemd_unit_file[]=systemd-ask-password-wall.service|static| systemd_unit_file[]=systemd-backlight@.service|static| systemd_unit_file[]=systemd-binfmt.service|static| systemd_unit_file[]=systemd-bootchart.service|disabled| systemd_unit_file[]=systemd-firstboot.service|static| systemd_unit_file[]=systemd-fsck-root.service|static| systemd_unit_file[]=systemd-fsck@.service|static| systemd_unit_file[]=systemd-halt.service|static| systemd_unit_file[]=systemd-hibernate-resume@.service|static| systemd_unit_file[]=systemd-hibernate.service|static| systemd_unit_file[]=systemd-hostnamed.service|static| systemd_unit_file[]=systemd-hwdb-update.service|static| systemd_unit_file[]=systemd-hybrid-sleep.service|static| systemd_unit_file[]=systemd-importd.service|static| systemd_unit_file[]=systemd-initctl.service|static| systemd_unit_file[]=systemd-journal-catalog-update.service|static| systemd_unit_file[]=systemd-journal-flush.service|static| systemd_unit_file[]=systemd-journald.service|static| systemd_unit_file[]=systemd-kexec.service|static| systemd_unit_file[]=systemd-localed.service|static| systemd_unit_file[]=systemd-logind.service|static| systemd_unit_file[]=systemd-machine-id-commit.service|static| systemd_unit_file[]=systemd-machined.service|static| systemd_unit_file[]=systemd-modules-load.service|static| systemd_unit_file[]=systemd-nspawn@.service|disabled| systemd_unit_file[]=systemd-poweroff.service|static| systemd_unit_file[]=systemd-quotacheck.service|static| systemd_unit_file[]=systemd-random-seed.service|static| systemd_unit_file[]=systemd-readahead-collect.service|enabled| systemd_unit_file[]=systemd-readahead-done.service|indirect| systemd_unit_file[]=systemd-readahead-drop.service|enabled| systemd_unit_file[]=systemd-readahead-replay.service|enabled| systemd_unit_file[]=systemd-reboot.service|static| systemd_unit_file[]=systemd-remount-fs.service|static| systemd_unit_file[]=systemd-rfkill@.service|static| systemd_unit_file[]=systemd-shutdownd.service|static| systemd_unit_file[]=systemd-suspend.service|static| systemd_unit_file[]=systemd-sysctl.service|static| systemd_unit_file[]=systemd-timedated.service|static| systemd_unit_file[]=systemd-tmpfiles-clean.service|static| systemd_unit_file[]=systemd-tmpfiles-setup-dev.service|static| systemd_unit_file[]=systemd-tmpfiles-setup.service|static| systemd_unit_file[]=systemd-udev-settle.service|static| systemd_unit_file[]=systemd-udev-trigger.service|static| systemd_unit_file[]=systemd-udevd.service|static| systemd_unit_file[]=systemd-update-done.service|static| systemd_unit_file[]=systemd-update-utmp-runlevel.service|static| systemd_unit_file[]=systemd-update-utmp.service|static| systemd_unit_file[]=systemd-user-sessions.service|static| systemd_unit_file[]=systemd-vconsole-setup.service|static| systemd_unit_file[]=teamd@.service|static| systemd_unit_file[]=tuned.service|enabled| systemd_unit_file[]=wpa_supplicant.service|disabled| systemd_unit_file[]=-.slice|static| systemd_unit_file[]=machine.slice|static| systemd_unit_file[]=system.slice|static| systemd_unit_file[]=user-0.slice|static| systemd_unit_file[]=user.slice|static| systemd_unit_file[]=dbus.socket|static| systemd_unit_file[]=dm-event.socket|enabled| systemd_unit_file[]=lvm2-lvmetad.socket|enabled| systemd_unit_file[]=lvm2-lvmpolld.socket|enabled| systemd_unit_file[]=rpcbind.socket|enabled| systemd_unit_file[]=sshd.socket|disabled| systemd_unit_file[]=syslog.socket|static| systemd_unit_file[]=systemd-initctl.socket|static| systemd_unit_file[]=systemd-journald.socket|static| systemd_unit_file[]=systemd-shutdownd.socket|static| systemd_unit_file[]=systemd-udevd-control.socket|static| systemd_unit_file[]=systemd-udevd-kernel.socket|static| systemd_unit_file[]=basic.target|static| systemd_unit_file[]=bluetooth.target|static| systemd_unit_file[]=cryptsetup-pre.target|static| systemd_unit_file[]=cryptsetup.target|static| systemd_unit_file[]=ctrl-alt-del.target|disabled| systemd_unit_file[]=default.target|enabled| systemd_unit_file[]=emergency.target|static| systemd_unit_file[]=final.target|static| systemd_unit_file[]=getty-pre.target|static| systemd_unit_file[]=getty.target|static| systemd_unit_file[]=graphical.target|static| systemd_unit_file[]=halt.target|disabled| systemd_unit_file[]=hibernate.target|static| systemd_unit_file[]=hybrid-sleep.target|static| systemd_unit_file[]=initrd-fs.target|static| systemd_unit_file[]=initrd-root-fs.target|static| systemd_unit_file[]=initrd-switch-root.target|static| systemd_unit_file[]=initrd.target|static| systemd_unit_file[]=iprutils.target|disabled| systemd_unit_file[]=kexec.target|disabled| systemd_unit_file[]=local-fs-pre.target|static| systemd_unit_file[]=local-fs.target|static| systemd_unit_file[]=machines.target|disabled| systemd_unit_file[]=multi-user.target|enabled| systemd_unit_file[]=network-online.target|static| systemd_unit_file[]=network-pre.target|static| systemd_unit_file[]=network.target|static| systemd_unit_file[]=nfs-client.target|enabled| systemd_unit_file[]=nss-lookup.target|static| systemd_unit_file[]=nss-user-lookup.target|static| systemd_unit_file[]=paths.target|static| systemd_unit_file[]=poweroff.target|disabled| systemd_unit_file[]=printer.target|static| systemd_unit_file[]=reboot.target|disabled| systemd_unit_file[]=remote-cryptsetup.target|disabled| systemd_unit_file[]=remote-fs-pre.target|static| systemd_unit_file[]=remote-fs.target|enabled| systemd_unit_file[]=rescue.target|disabled| systemd_unit_file[]=rpc_pipefs.target|static| systemd_unit_file[]=rpcbind.target|static| systemd_unit_file[]=runlevel0.target|disabled| systemd_unit_file[]=runlevel1.target|disabled| systemd_unit_file[]=runlevel2.target|enabled| systemd_unit_file[]=runlevel3.target|enabled| systemd_unit_file[]=runlevel4.target|enabled| systemd_unit_file[]=runlevel5.target|static| systemd_unit_file[]=runlevel6.target|disabled| systemd_unit_file[]=shutdown.target|static| systemd_unit_file[]=sigpwr.target|static| systemd_unit_file[]=sleep.target|static| systemd_unit_file[]=slices.target|static| systemd_unit_file[]=smartcard.target|static| systemd_unit_file[]=sockets.target|static| systemd_unit_file[]=sound.target|static| systemd_unit_file[]=suspend.target|static| systemd_unit_file[]=swap.target|static| systemd_unit_file[]=sysinit.target|static| systemd_unit_file[]=system-update.target|static| systemd_unit_file[]=time-sync.target|static| systemd_unit_file[]=timers.target|static| systemd_unit_file[]=umount.target|static| systemd_unit_file[]=fstrim.timer|disabled| systemd_unit_file[]=systemd-readahead-done.timer|indirect| systemd_unit_file[]=systemd-tmpfiles-clean.timer|static| systemd_binaries=systemd-ac-power|systemd-activate|systemd-backlight|systemd-binfmt|systemd-bootchart|systemd-cgroups-agent|systemd-coredump|systemd-cryptsetup|systemd-fsck|systemd-hibernate-resume|systemd-hostnamed|systemd-importd|systemd-initctl|systemd-journald|systemd-localed|systemd-logind|systemd-machine-id-commit|systemd-machined|systemd-modules-load|systemd-pull|systemd-quotacheck|systemd-random-seed|systemd-readahead|systemd-remount-fs|systemd-reply-password|systemd-rfkill|systemd-shutdown|systemd-shutdownd|systemd-sleep|systemd-socket-proxyd|systemd-sysctl|systemd-timedated|systemd-udevd|systemd-update-done|systemd-update-utmp|systemd-user-sessions|systemd-vconsole-setup| journal_bootlogs=1 journal_oldest_bootdate=2022-01-07 journal_contains_errors=0 journal_disk_size=8.0M journal_meta_data=FilePath:/run/log/journal/fcce862aaab447c797e8c23943996fd8/system.journal,FileID:e68f5f19088f4a4e96bc410a8aefb00b,MachineID:fcce862aaab447c797e8c23943996fd8,BootID:24797aef48f4420c934ab06d1367fc4f,SequentialNumberID:e68f5f19088f4a4e96bc410a8aefb00b,State:ONLINE,CompatibleFlags:,IncompatibleFlags:COMPRESSED-XZ,Headersize:240,Arenasize:8388368,DataHashTableSize:88988,FieldHashTableSize:333,RotateSuggested:no,HeadSequentialNumber:1,TailSequentialNumber:1872,HeadRealtimeTimestamp:Fri2022-01-0719:11:32PST,TailRealtimeTimestamp:Fri2022-01-0722:18:01PST,TailMonotonicTimestamp:3h6min28.883s,Objects:7658,EntryObjects:1872,DataObjects:4124,DataHashTableFill:4.6%,FieldObjects:44,FieldHashTableFill:13.2%,TagObjects:0,EntryArrayObjects:1616,Diskusage:8.0M, systemd_status=degraded systemd_unit_not_found[]=sysroot.mount systemd_unit_not_found[]=display-manager.service systemd_unit_not_found[]=exim.service systemd_unit_not_found[]=ip6tables.service systemd_unit_not_found[]=ipset.service systemd_unit_not_found[]=iptables.service systemd_unit_not_found[]=lvm2-activation.service systemd_unit_not_found[]=nfs-secure-server.service systemd_unit_not_found[]=sendmail.service systemd_unit_not_found[]=sntp.service systemd_unit_not_found[]=syslog.service systemd_unit_not_found[]=systemd-sysusers.service systemd_unit_not_found[]=ypbind.service systemd_unit_not_found[]=yppasswdd.service systemd_unit_not_found[]=ypserv.service systemd_unit_not_found[]=ypxfrd.service systemd_unit_not_found[]=syslog.target systemd_service_not_found[]=display-manager.service systemd_service_not_found[]=exim.service systemd_service_not_found[]=ip6tables.service systemd_service_not_found[]=ipset.service systemd_service_not_found[]=iptables.service systemd_service_not_found[]=lvm2-activation.service systemd_service_not_found[]=nfs-secure-server.service systemd_service_not_found[]=sendmail.service systemd_service_not_found[]=sntp.service systemd_service_not_found[]=syslog.service systemd_service_not_found[]=systemd-sysusers.service systemd_service_not_found[]=ypbind.service systemd_service_not_found[]=yppasswdd.service systemd_service_not_found[]=ypserv.service systemd_service_not_found[]=ypxfrd.service journal_coredumps_lastday=0 plugins_enabled=1 hostid=b42431fc65aaf18571322b00c52b19228afaf2af hostid2=273f1fc85c27261a38f7587422b8dd2e1d9379e8eba183afe437621b555c8cce running_service_tool=systemctl running_service[]=auditd running_service[]=crond running_service[]=dbus running_service[]=falcon-sensor running_service[]=firewalld running_service[]=getty@tty1 running_service[]=gssproxy running_service[]=irqbalance running_service[]=lvm2-lvmetad running_service[]=network running_service[]=ntpd running_service[]=polkit running_service[]=rpcbind running_service[]=rsyslog running_service[]=sshd running_service[]=systemd-journald running_service[]=systemd-logind running_service[]=systemd-udevd running_service[]=tuned boot_service_tool=systemctl boot_service[]=auditd boot_service[]=autovt@ boot_service[]=crond boot_service[]=falcon-sensor boot_service[]=getty@ boot_service[]=irqbalance boot_service[]=lvm2-monitor boot_service[]=microcode boot_service[]=ntpd boot_service[]=postfix boot_service[]=rhel-autorelabel-mark boot_service[]=rhel-autorelabel boot_service[]=rhel-configure boot_service[]=rhel-dmesg boot_service[]=rhel-domainname boot_service[]=rhel-import-state boot_service[]=rhel-loadmodules boot_service[]=rhel-readonly boot_service[]=rpcbind boot_service[]=rsyslog boot_service[]=sshd boot_service[]=sysstat boot_service[]=systemd-readahead-collect boot_service[]=systemd-readahead-drop boot_service[]=systemd-readahead-replay boot_service[]=tuned uptime_in_seconds=11202 uptime_in_days=0 boot_loader=GRUB2 boot_uefi_booted=0 boot_uefi_booted_secure=0 service_manager=systemd linux_default_runlevel=3 cpu_pae=1 cpu_nx=1 linux_kernel_release=3.10.0-1160.45.1.el7.x86_64 linux_kernel_version=#1 SMP Wed Oct 13 17:20:51 UTC 2021 linux_kernel_type=modular loaded_kernel_module[]=ablk_helper loaded_kernel_module[]=aesni_intel loaded_kernel_module[]=ata_generic loaded_kernel_module[]=ata_piix loaded_kernel_module[]=binfmt_misc loaded_kernel_module[]=bridge loaded_kernel_module[]=cirrus loaded_kernel_module[]=crc32_pclmul loaded_kernel_module[]=crc32c_intel loaded_kernel_module[]=crct10dif_common loaded_kernel_module[]=crct10dif_pclmul loaded_kernel_module[]=cryptd loaded_kernel_module[]=dm_log loaded_kernel_module[]=dm_mirror loaded_kernel_module[]=dm_mod loaded_kernel_module[]=dm_region_hash loaded_kernel_module[]=drm loaded_kernel_module[]=drm_kms_helper loaded_kernel_module[]=drm_panel_orientation_quirks loaded_kernel_module[]=ebtable_broute loaded_kernel_module[]=ebtable_filter loaded_kernel_module[]=ebtable_nat loaded_kernel_module[]=ebtables loaded_kernel_module[]=failover loaded_kernel_module[]=falcon_kal loaded_kernel_module[]=falcon_lsm_pinned_12704 loaded_kernel_module[]=falcon_lsm_pinned_13003 loaded_kernel_module[]=falcon_lsm_serviceable loaded_kernel_module[]=falcon_nf_netcontain loaded_kernel_module[]=fb_sys_fops loaded_kernel_module[]=floppy loaded_kernel_module[]=gf128mul loaded_kernel_module[]=ghash_clmulni_intel loaded_kernel_module[]=glue_helper loaded_kernel_module[]=i2c_piix4 loaded_kernel_module[]=inet_diag loaded_kernel_module[]=iosf_mbi loaded_kernel_module[]=ip6_tables loaded_kernel_module[]=ip6t_REJECT loaded_kernel_module[]=ip6t_rpfilter loaded_kernel_module[]=ip6table_filter loaded_kernel_module[]=ip6table_mangle loaded_kernel_module[]=ip6table_nat loaded_kernel_module[]=ip6table_raw loaded_kernel_module[]=ip6table_security loaded_kernel_module[]=ip_set loaded_kernel_module[]=ip_tables loaded_kernel_module[]=ipt_REJECT loaded_kernel_module[]=iptable_filter loaded_kernel_module[]=iptable_mangle loaded_kernel_module[]=iptable_nat loaded_kernel_module[]=iptable_raw loaded_kernel_module[]=iptable_security loaded_kernel_module[]=irqbypass loaded_kernel_module[]=joydev loaded_kernel_module[]=kvm loaded_kernel_module[]=kvm_intel loaded_kernel_module[]=libata loaded_kernel_module[]=libcrc32c loaded_kernel_module[]=libnvdimm loaded_kernel_module[]=llc loaded_kernel_module[]=lrw loaded_kernel_module[]=net_failover loaded_kernel_module[]=nf_conntrack loaded_kernel_module[]=nf_conntrack_ipv4 loaded_kernel_module[]=nf_conntrack_ipv6 loaded_kernel_module[]=nf_defrag_ipv4 loaded_kernel_module[]=nf_defrag_ipv6 loaded_kernel_module[]=nf_nat loaded_kernel_module[]=nf_nat_ipv4 loaded_kernel_module[]=nf_nat_ipv6 loaded_kernel_module[]=nf_reject_ipv4 loaded_kernel_module[]=nf_reject_ipv6 loaded_kernel_module[]=nfit loaded_kernel_module[]=parport loaded_kernel_module[]=parport_pc loaded_kernel_module[]=pata_acpi loaded_kernel_module[]=pcspkr loaded_kernel_module[]=ppdev loaded_kernel_module[]=serio_raw loaded_kernel_module[]=snd loaded_kernel_module[]=snd_hda_codec loaded_kernel_module[]=snd_hda_codec_generic loaded_kernel_module[]=snd_hda_core loaded_kernel_module[]=snd_hda_intel loaded_kernel_module[]=snd_hwdep loaded_kernel_module[]=snd_pcm loaded_kernel_module[]=snd_seq loaded_kernel_module[]=snd_seq_device loaded_kernel_module[]=snd_timer loaded_kernel_module[]=soundcore loaded_kernel_module[]=stp loaded_kernel_module[]=sunrpc loaded_kernel_module[]=syscopyarea loaded_kernel_module[]=sysfillrect loaded_kernel_module[]=sysimgblt loaded_kernel_module[]=tcp_diag loaded_kernel_module[]=ttm loaded_kernel_module[]=udp_diag loaded_kernel_module[]=virtio loaded_kernel_module[]=virtio_balloon loaded_kernel_module[]=virtio_blk loaded_kernel_module[]=virtio_net loaded_kernel_module[]=virtio_pci loaded_kernel_module[]=virtio_ring loaded_kernel_module[]=xfs loaded_kernel_module[]=xt_conntrack linux_config_file=/boot/config-3.10.0-1160.45.1.el7.x86_64 linux_kernel_io_scheduler[]=deadline suggestion[]=KRNL-5820|If not required, consider explicit disabling of core dump in /etc/security/limits.conf file|-|-| memory_size=8008632 memory_units=kB auth_group_ids_unique=1 auth_group_names_unique=1 suggestion[]=AUTH-9229|Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values|-|-| real_user[]=root,0 pam_cracklib=1 pam_pwquality=1 pam_module[]=/lib64/security/pam_access.so pam_module[]=/lib64/security/pam_cap.so pam_module[]=/lib64/security/pam_chroot.so pam_module[]=/lib64/security/pam_console.so pam_module[]=/lib64/security/pam_cracklib.so pam_module[]=/lib64/security/pam_debug.so pam_module[]=/lib64/security/pam_deny.so pam_module[]=/lib64/security/pam_echo.so pam_module[]=/lib64/security/pam_env.so pam_module[]=/lib64/security/pam_exec.so pam_module[]=/lib64/security/pam_faildelay.so pam_module[]=/lib64/security/pam_faillock.so pam_module[]=/lib64/security/pam_filter.so pam_module[]=/lib64/security/pam_ftp.so pam_module[]=/lib64/security/pam_group.so pam_module[]=/lib64/security/pam_issue.so pam_module[]=/lib64/security/pam_keyinit.so pam_module[]=/lib64/security/pam_lastlog.so pam_module[]=/lib64/security/pam_limits.so pam_module[]=/lib64/security/pam_listfile.so pam_module[]=/lib64/security/pam_localuser.so pam_module[]=/lib64/security/pam_loginuid.so pam_module[]=/lib64/security/pam_mail.so pam_module[]=/lib64/security/pam_mkhomedir.so pam_module[]=/lib64/security/pam_motd.so pam_module[]=/lib64/security/pam_namespace.so pam_module[]=/lib64/security/pam_nologin.so pam_module[]=/lib64/security/pam_permit.so pam_module[]=/lib64/security/pam_postgresok.so pam_module[]=/lib64/security/pam_pwhistory.so pam_module[]=/lib64/security/pam_pwquality.so pam_module[]=/lib64/security/pam_rhosts.so pam_module[]=/lib64/security/pam_rootok.so pam_module[]=/lib64/security/pam_securetty.so pam_module[]=/lib64/security/pam_selinux.so pam_module[]=/lib64/security/pam_sepermit.so pam_module[]=/lib64/security/pam_shells.so pam_module[]=/lib64/security/pam_stress.so pam_module[]=/lib64/security/pam_succeed_if.so pam_module[]=/lib64/security/pam_systemd.so pam_module[]=/lib64/security/pam_tally2.so pam_module[]=/lib64/security/pam_time.so pam_module[]=/lib64/security/pam_timestamp.so pam_module[]=/lib64/security/pam_tty_audit.so pam_module[]=/lib64/security/pam_umask.so pam_module[]=/lib64/security/pam_unix.so pam_module[]=/lib64/security/pam_userdb.so pam_module[]=/lib64/security/pam_warn.so pam_module[]=/lib64/security/pam_wheel.so pam_module[]=/lib64/security/pam_xauth.so suggestion[]=AUTH-9282|When possible set expire dates for all password protected accounts|-|-| suggestion[]=AUTH-9286|Configure minimum password age in /etc/login.defs|-|-| manual_event[]=AUTH-9328:03 auth_failed_logins_logged=0 ldap_auth_enabled=0 ldap_pam_enabled=0 password_min_days=-1 password_max_days=90 available_shell[]=/bin/sh available_shell[]=/bin/bash available_shell[]=/usr/bin/sh available_shell[]=/usr/bin/bash available_shell[]=/bin/ksh available_shell[]=/bin/rksh session_timeout_enabled=0 suggestion[]=FILE-6310|To decrease the impact of a full /home file system, place /home on a separate partition|-|-| suggestion[]=FILE-6310|To decrease the impact of a full /tmp file system, place /tmp on a separate partition|-|-| suggestion[]=FILE-6310|To decrease the impact of a full /var file system, place /var on a separate partition|-|-| lvm_volume_group[]=centos lvm_volume[]=root lvm_volume[]=swap file_systems_xfs[]=/|xfs| file_systems_xfs[]=/boot|xfs| swap_partition[]=/dev/mapper/centos-swap,/dev/mapper/centos-swap, suggestion[]=FILE-6430|Consider disabling unused kernel modules|/etc/modprobe.d/blacklist.conf|Add 'install MODULENAME /bin/true' (without quotes)| suggestion[]=USB-1000|Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft|-|-| usb_authorized_default_device[]=/sys/bus/usb/devices/usb1 usb_authorized_device[]=/sys/bus/usb/devices/usb1 suggestion[]=STRG-1846|Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft|-|-| resolv_conf_search_domain[]=fyre.ibm.com. domainname=fyre.ibm.com localhost-mapped-to=::1 name_cache_used=0 package_manager[]=rpm installed_packages=335 installed_kernel_packages=4 suggestion[]=PKGS-7420|Consider using a tool to automatically apply upgrades|-|-| unattended_upgrade_option_available=1 ipv6_mode=manual ipv6_only=0 nameserver[]=9.30.99.253 nameserver[]=9.30.6.100 default_gateway[]=9.30.146.1 network_interface[]=lo network_interface[]=eth0 network_interface[]=eth1 network_mac_address[]=00:00:0a:0b:33:7b network_mac_address[]=00:20:09:1e:93:68 network_ipv4_address[]=10.11.51.123 network_ipv4_address[]=9.30.147.104 network_ipv4_address[]=127.0.0.1 network_listen[]=raw,ss,v1|udp|*:68|dhclient| network_listen[]=raw,ss,v1|udp|*:68|dhclient| network_listen[]=raw,ss,v1|udp|*:111|rpcbind| network_listen[]=raw,ss,v1|udp|9.30.147.104:123|ntpd| network_listen[]=raw,ss,v1|udp|10.11.51.123:123|ntpd| network_listen[]=raw,ss,v1|udp|127.0.0.1:123|ntpd| network_listen[]=raw,ss,v1|udp|*:123|ntpd| network_listen[]=raw,ss,v1|udp|*:889|rpcbind| network_listen[]=raw,ss,v1|udp|[::]:111|rpcbind| network_listen[]=raw,ss,v1|udp|[::]:123|ntpd| network_listen[]=raw,ss,v1|udp|[::]:889|rpcbind| network_listen[]=raw,ss,v1|tcp|*:111|rpcbind| network_listen[]=raw,ss,v1|tcp|*:22|sshd| network_listen[]=raw,ss,v1|tcp|[::]:111|rpcbind| network_listen[]=raw,ss,v1|tcp|[::]:22|sshd| suggestion[]=NETW-3200|Determine if protocol 'dccp' is really needed on this system|-|-| uncommon_network_protocol_enabled=dccp suggestion[]=NETW-3200|Determine if protocol 'sctp' is really needed on this system|-|-| uncommon_network_protocol_enabled=sctp suggestion[]=NETW-3200|Determine if protocol 'rds' is really needed on this system|-|-| uncommon_network_protocol_enabled=rds suggestion[]=NETW-3200|Determine if protocol 'tipc' is really needed on this system|-|-| uncommon_network_protocol_enabled=tipc imap_daemon= pop3_daemon= smtp_daemon= firewall_software[]=iptables suggestion[]=FIRE-4513|Check iptables rules to see which rules are currently not used|-|-| firewall_no_logging[]=iptables manual[]=Verify if there is a formal process for testing and applying firewall rules manual[]=Verify all traffic is filtered the right way between the different security zones manual[]=Verify if a list is available with all required services manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic suggestion[]=SSH-7408|Consider hardening SSH configuration|Compression (set YES to NO)|-| details[]=SSH-7408|sshd|desc:sshd option Compression;field:Compression;prefval:NO;value:YES;| suggestion[]=SSH-7408|Consider hardening SSH configuration|LogLevel (set INFO to VERBOSE)|-| details[]=SSH-7408|sshd|desc:sshd option LogLevel;field:LogLevel;prefval:VERBOSE;value:INFO;| suggestion[]=SSH-7408|Consider hardening SSH configuration|PermitRootLogin (set YES to (FORCED-COMMANDS-ONLY|NO|PROHIBIT-PASSWORD|WITHOUT-PASSWORD))|-| details[]=SSH-7408|sshd|desc:sshd option PermitRootLogin;field:PermitRootLogin;prefval:(FORCED-COMMANDS-ONLY|NO|PROHIBIT-PASSWORD|WITHOUT-PASSWORD);value:YES;| suggestion[]=SSH-7408|Consider hardening SSH configuration|AllowAgentForwarding (set YES to NO)|-| details[]=SSH-7408|sshd|desc:sshd option AllowAgentForwarding;field:AllowAgentForwarding;prefval:NO;value:YES;| ssh_daemon_running=1 openssh_daemon_running=1 syslog_daemon_present=1 syslog_daemon[]=systemd-journal syslog_daemon_present=1 syslog_daemon[]=rsyslog log_directory[]=/var/log remote_syslog_configured=0 suggestion[]=LOGG-2154|Enable logging to an external logging host for archiving purposes and additional protection|-|-| log_directory[]=/var/log log_directory[]=/var/adm log_rotation_config_found=1 log_rotation_tool=logrotate suggestion[]=BANN-7126|Add a legal banner to /etc/issue, to warn unauthorized users|-|-| weak_banner_file[]=/etc/issue suggestion[]=BANN-7130|Add legal banner to /etc/issue.net, to warn unauthorized users|-|-| crond_running=1 scheduler[]=crond cronjob[]=/etc/cron.d/0hourly cronjob[]=/etc/cron.d/sysstat cronjob[]=/etc/cron.d/sysstat cronjob[]=/etc/cron.hourly/0anacron cronjob[]=/etc/cron.daily/logrotate cronjob[]=/etc/cron.daily/man-db.cron scheduler[]=anacron cronjob[]=1,5,cron.daily,nice,run-parts,/etc/cron.daily cronjob[]=7,25,cron.weekly,nice,run-parts,/etc/cron.weekly cronjob[]=@monthly,45,cron.monthly,nice,run-parts,/etc/cron.monthly suggestion[]=ACCT-9622|Enable process accounting|-|-| audit_trail_tool[]=auditd linux_auditd_running=1 suggestion[]=ACCT-9630|Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules|-|-| logfile[]=/var/log/audit/audit.log audit_daemon_running=1 ntp_stratum_16_peer[]=172.16.200.70 ntp_stratum_16_peer[]=172.16.200.71 ntp_stratum_16_peer[]=9.30.99.120 suggestion[]=TIME-3116|Check ntpq peers output for stratum 16 peers|-|-| suggestion[]=TIME-3128|Check ntpq peers output for time source candidates|-|-| ntp_version=2 tz_variable_empty=1 ntp_config_file[]=/etc/ntp.conf ntp_config_found=1 ntp_config_type_daemon=1 ntp_config_type_eventbased=0 ntp_config_type_scheduled=0 ntp_config_type_startup=0 ntp_daemon=ntpd ntp_daemon_running=1 certificates=4 kernel_entropy=2801 suggestion[]=CRYP-8005|Utilize software pseudo random number generators|-|-| framework_grsecurity=0 framework_selinux=0 suggestion[]=FINT-4350|Install a file integrity tool to monitor changes to critical and sensitive files|-|-| suggestion[]=TOOL-5002|Determine if automation tools are present for system management|-|-| automation_tool_present=0 malware_scanner[]=falcon-sensor malware_scanner_installed=1 suggestion[]=FILE-7524|Consider restricting file permissions|See screen output or log file|text:Use chmod to change file permissions| home_directory[]=/ home_directory[]=/bin home_directory[]=/etc/ntp home_directory[]=/root home_directory[]=/sbin home_directory[]=/usr/games home_directory[]=/var/adm home_directory[]=/var/empty/sshd home_directory[]=/var/lib/nfs home_directory[]=/var/lib/rpcbind home_directory[]=/var/spool/lpd home_directory[]=/var/spool/mail home_directory[]=/var/spool/postfix details[]=KRNL-6000|sysctl|desc:Restrict use of dmesg;field:kernel.dmesg_restrict;prefval:1;value:0;| details[]=KRNL-6000|sysctl|desc:Restrict access to kernel symbols;field:kernel.kptr_restrict;prefval:2;value:1;| details[]=KRNL-6000|sysctl|desc:Disable magic SysRQ;field:kernel.sysrq;prefval:0;value:16;| details[]=KRNL-6000|sysctl|desc:Disable process tracing for everyone;field:kernel.yama.ptrace_scope;prefval:1 2 3;value:0;| details[]=KRNL-6000|sysctl|desc:Enforce ingress/egress filtering for packets;field:net.ipv4.conf.all.rp_filter;prefval:1;value:0;| details[]=KRNL-6000|sysctl|desc:Disable/Ignore ICMP routing redirects;field:net.ipv4.conf.default.accept_redirects;prefval:0;value:1;| suggestion[]=KRNL-6000|One or more sysctl values differ from the scan profile and could be tweaked||Change sysctl value or disable test (skip-test=KRNL-6000:)| compiler_installed=1 lynis_tests_done=262 report_datetime_end=2022-01-07 22:18:49 dhcp_client_running=1 arpwatch_running=0 firewall_active=1 firewall_empty_ruleset=0 firewall_installed=1 installed_packages_array=|NetworkManager,1.18.8-2.el7_9.x86_64,|NetworkManager-libnm,1.18.8-2.el7_9.x86_64,|NetworkManager-team,1.18.8-2.el7_9.x86_64,|NetworkManager-tui,1.18.8-2.el7_9.x86_64,|NetworkManager-wifi,1.18.8-2.el7_9.x86_64,|acl,2.2.51-15.el7.x86_64,|aic94xx-firmware,30-6.el7.noarch,|alsa-firmware,1.0.28-2.el7.noarch,|alsa-lib,1.1.8-1.el7.x86_64,|alsa-tools-firmware,1.1.0-1.el7.x86_64,|audit,2.8.5-4.el7.x86_64,|audit-libs,2.8.5-4.el7.x86_64,|authconfig,6.2.8-30.el7.x86_64,|autofs,5.0.7-116.el7_9.x86_64,|autogen-libopts,5.18-5.el7.x86_64,|basesystem,10.0-7.el7.centos.noarch,|bash,4.2.46-34.el7.x86_64,|bc,1.06.95-13.el7.x86_64,|bind-export-libs,9.11.4-26.P2.el7_9.7.x86_64,|binutils,2.27-44.base.el7_9.1.x86_64,|biosdevname,0.7.3-2.el7.x86_64,|btrfs-progs,4.9.1-1.el7.x86_64,|bzip2-libs,1.0.6-13.el7.x86_64,|ca-certificates,2021.2.50-72.el7_9.noarch,|centos-logos,70.0.6-3.el7.centos.noarch,|centos-release,7-9.2009.1.el7.centos.x86_64,|chkconfig,1.7.6-1.el7.x86_64,|coreutils,8.22-24.el7_9.2.x86_64,|cpio,2.11-28.el7.x86_64,|cracklib,2.9.0-11.el7.x86_64,|cracklib-dicts,2.9.0-11.el7.x86_64,|cronie,1.4.11-23.el7.x86_64,|cronie-anacron,1.4.11-23.el7.x86_64,|crontabs,1.11-6.20121102git.el7.noarch,|cryptsetup-libs,2.0.3-6.el7.x86_64,|curl,7.29.0-59.el7_9.1.x86_64,|cyrus-sasl-lib,2.1.26-23.el7.x86_64,|dbus,1.10.24-15.el7.x86_64,|dbus-glib,0.100-7.el7.x86_64,|dbus-libs,1.10.24-15.el7.x86_64,|dbus-python,1.1.1-9.el7.x86_64,|device-mapper,1.02.170-6.el7_9.5.x86_64,|device-mapper-event,1.02.170-6.el7_9.5.x86_64,|device-mapper-event-libs,1.02.170-6.el7_9.5.x86_64,|device-mapper-libs,1.02.170-6.el7_9.5.x86_64,|device-mapper-persistent-data,0.8.5-3.el7_9.2.x86_64,|dhclient,4.2.5-83.el7.centos.1.x86_64,|dhcp-common,4.2.5-83.el7.centos.1.x86_64,|dhcp-libs,4.2.5-83.el7.centos.1.x86_64,|diffutils,3.3-5.el7.x86_64,|dmidecode,3.2-5.el7_9.1.x86_64,|dracut,033-572.el7.x86_64,|dracut-config-rescue,033-572.el7.x86_64,|dracut-network,033-572.el7.x86_64,|e2fsprogs,1.42.9-19.el7.x86_64,|e2fsprogs-libs,1.42.9-19.el7.x86_64,|ebtables,2.0.10-16.el7.x86_64,|elfutils-default-yama-scope,0.176-5.el7.noarch,|elfutils-libelf,0.176-5.el7.x86_64,|elfutils-libs,0.176-5.el7.x86_64,|ethtool,4.8-10.el7.x86_64,|expat,2.1.0-12.el7.x86_64,|falcon-sensor,6.29.0-12606.el7.x86_64,|file,5.11-37.el7.x86_64,|file-libs,5.11-37.el7.x86_64,|filesystem,3.2-25.el7.x86_64,|findutils,4.5.11-6.el7.x86_64,|fipscheck,1.4.1-6.el7.x86_64,|fipscheck-lib,1.4.1-6.el7.x86_64,|firewalld,0.6.3-13.el7_9.noarch,|firewalld-filesystem,0.6.3-13.el7_9.noarch,|freetype,2.8-14.el7_9.1.x86_64,|fxload,2002_04_11-16.el7.x86_64,|gawk,4.0.2-4.el7_3.1.x86_64,|gdbm,1.10-8.el7.x86_64,|gettext,0.19.8.1-3.el7.x86_64,|gettext-libs,0.19.8.1-3.el7.x86_64,|glib2,2.56.1-9.el7_9.x86_64,|glibc,2.17-325.el7_9.x86_64,|glibc-common,2.17-325.el7_9.x86_64,|gmp,6.0.0-15.el7.x86_64,|gnupg2,2.0.22-5.el7_5.x86_64,|gobject-introspection,1.56.1-1.el7.x86_64,|gpg-pubkey,f4a80eb5-53a7ff4b.(none),|gpgme,1.3.2-5.el7.x86_64,|grep,2.20-3.el7.x86_64,|groff-base,1.22.2-8.el7.x86_64,|grub2,2.02-0.87.el7.centos.7.x86_64,|grub2-common,2.02-0.87.el7.centos.7.noarch,|grub2-pc,2.02-0.87.el7.centos.7.x86_64,|grub2-pc-modules,2.02-0.87.el7.centos.7.noarch,|grub2-tools,2.02-0.87.el7.centos.7.x86_64,|grub2-tools-extra,2.02-0.87.el7.centos.7.x86_64,|grub2-tools-minimal,2.02-0.87.el7.centos.7.x86_64,|grubby,8.28-26.el7.x86_64,|gssproxy,0.7.0-30.el7_9.x86_64,|gzip,1.5-10.el7.x86_64,|hardlink,1.0-19.el7.x86_64,|hesiod,3.2.1-3.el7.x86_64,|hostname,3.13-3.el7_7.1.x86_64,|hwdata,0.252-9.7.el7.x86_64,|info,5.1-5.el7.x86_64,|initscripts,9.49.53-1.el7_9.1.x86_64,|iproute,4.11.0-30.el7.x86_64,|iprutils,2.4.17.1-3.el7_7.x86_64,|ipset,7.1-1.el7.x86_64,|ipset-libs,7.1-1.el7.x86_64,|iptables,1.4.21-35.el7.x86_64,|iputils,20160308-10.el7.x86_64,|irqbalance,1.0.7-12.el7.x86_64,|ivtv-firmware,20080701-26.el7.noarch,|iwl100-firmware,39.31.5.1-80.el7_9.noarch,|iwl1000-firmware,39.31.5.1-80.el7_9.noarch,|iwl105-firmware,18.168.6.1-80.el7_9.noarch,|iwl135-firmware,18.168.6.1-80.el7_9.noarch,|iwl2000-firmware,18.168.6.1-80.el7_9.noarch,|iwl2030-firmware,18.168.6.1-80.el7_9.noarch,|iwl3160-firmware,25.30.13.0-80.el7_9.noarch,|iwl3945-firmware,15.32.2.9-80.el7_9.noarch,|iwl4965-firmware,228.61.2.24-80.el7_9.noarch,|iwl5000-firmware,8.83.5.1_1-80.el7_9.noarch,|iwl5150-firmware,8.24.2.2-80.el7_9.noarch,|iwl6000-firmware,9.221.4.1-80.el7_9.noarch,|iwl6000g2a-firmware,18.168.6.1-80.el7_9.noarch,|iwl6000g2b-firmware,18.168.6.1-80.el7_9.noarch,|iwl6050-firmware,41.28.5.1-80.el7_9.noarch,|iwl7260-firmware,25.30.13.0-80.el7_9.noarch,|jansson,2.10-1.el7.x86_64,|json-c,0.11-4.el7_0.x86_64,|kbd,1.15.5-15.el7.x86_64,|kbd-legacy,1.15.5-15.el7.noarch,|kbd-misc,1.15.5-15.el7.noarch,|kernel,3.10.0-1160.15.2.el7.x86_64,|kernel,3.10.0-1160.25.1.el7.x86_64,|kernel,3.10.0-1160.36.2.el7.x86_64,|kernel,3.10.0-1160.45.1.el7.x86_64,|kernel-tools,3.10.0-1160.45.1.el7.x86_64,|kernel-tools-libs,3.10.0-1160.45.1.el7.x86_64,|kexec-tools,2.0.15-51.el7_9.3.x86_64,|keyutils,1.5.8-3.el7.x86_64,|keyutils-libs,1.5.8-3.el7.x86_64,|kmod,20-28.el7.x86_64,|kmod-libs,20-28.el7.x86_64,|kpartx,0.4.9-135.el7_9.x86_64,|krb5-libs,1.15.1-50.el7.x86_64,|ksh,20120801-142.el7.x86_64,|less,458-9.el7.x86_64,|libacl,2.2.51-15.el7.x86_64,|libaio,0.3.109-13.el7.x86_64,|libassuan,2.1.0-3.el7.x86_64,|libattr,2.4.46-13.el7.x86_64,|libbasicobjects,0.1.1-32.el7.x86_64,|libblkid,2.23.2-65.el7_9.1.x86_64,|libcap,2.22-11.el7.x86_64,|libcap-ng,0.7.5-4.el7.x86_64,|libcollection,0.7.0-32.el7.x86_64,|libcom_err,1.42.9-19.el7.x86_64,|libcroco,0.6.12-6.el7_9.x86_64,|libcurl,7.29.0-59.el7_9.1.x86_64,|libdaemon,0.14-7.el7.x86_64,|libdb,5.3.21-25.el7.x86_64,|libdb-utils,5.3.21-25.el7.x86_64,|libdrm,2.4.97-2.el7.x86_64,|libedit,3.0-12.20121213cvs.el7.x86_64,|libestr,0.1.9-2.el7.x86_64,|libevent,2.0.21-4.el7.x86_64,|libfastjson,0.99.4-3.el7.x86_64,|libffi,3.0.13-19.el7.x86_64,|libgcc,4.8.5-44.el7.x86_64,|libgcrypt,1.5.3-14.el7.x86_64,|libgomp,4.8.5-44.el7.x86_64,|libgpg-error,1.12-3.el7.x86_64,|libidn,1.28-4.el7.x86_64,|libini_config,1.3.1-32.el7.x86_64,|libmnl,1.0.3-7.el7.x86_64,|libmount,2.23.2-65.el7_9.1.x86_64,|libndp,1.2-9.el7.x86_64,|libnetfilter_conntrack,1.0.6-1.el7_3.x86_64,|libnfnetlink,1.0.1-4.el7.x86_64,|libnfsidmap,0.25-19.el7.x86_64,|libnl,1.1.4-3.el7.x86_64,|libnl3,3.2.28-4.el7.x86_64,|libnl3-cli,3.2.28-4.el7.x86_64,|libpath_utils,0.2.1-32.el7.x86_64,|libpciaccess,0.14-1.el7.x86_64,|libpipeline,1.2.3-3.el7.x86_64,|libpng,1.5.13-8.el7.x86_64,|libpwquality,1.2.3-5.el7.x86_64,|libref_array,0.1.5-32.el7.x86_64,|libselinux,2.5-15.el7.x86_64,|libselinux-python,2.5-15.el7.x86_64,|libselinux-utils,2.5-15.el7.x86_64,|libsemanage,2.5-14.el7.x86_64,|libsepol,2.5-10.el7.x86_64,|libsmartcols,2.23.2-65.el7_9.1.x86_64,|libss,1.42.9-19.el7.x86_64,|libssh2,1.8.0-4.el7.x86_64,|libstdc++,4.8.5-44.el7.x86_64,|libsysfs,2.1.0-16.el7.x86_64,|libtasn1,4.10-1.el7.x86_64,|libteam,1.29-3.el7.x86_64,|libtirpc,0.2.4-0.16.el7.x86_64,|libunistring,0.9.3-9.el7.x86_64,|libuser,0.60-9.el7.x86_64,|libutempter,1.1.6-4.el7.x86_64,|libuuid,2.23.2-65.el7_9.1.x86_64,|libverto,0.2.5-4.el7.x86_64,|libverto-libevent,0.2.5-4.el7.x86_64,|libxml2,2.9.1-6.el7_9.6.x86_64,|libxml2-python,2.9.1-6.el7_9.6.x86_64,|linux-firmware,20200421-80.git78c0348.el7_9.noarch,|lm_sensors-libs,3.4.0-8.20160601gitf9185e5.el7.x86_64,|logrotate,3.8.6-19.el7.x86_64,|lsscsi,0.27-6.el7.x86_64,|lua,5.1.4-15.el7.x86_64,|lvm2,2.02.187-6.el7_9.5.x86_64,|lvm2-libs,2.02.187-6.el7_9.5.x86_64,|lz4,1.8.3-1.el7.x86_64,|lzo,2.06-8.el7.x86_64,|make,3.82-24.el7.x86_64,|man-db,2.6.3-11.el7.x86_64,|mariadb-libs,5.5.68-1.el7.x86_64,|microcode_ctl,2.1-73.11.el7_9.x86_64,|mozjs17,17.0.0-20.el7.x86_64,|ncurses,5.9-14.20130511.el7_4.x86_64,|ncurses-base,5.9-14.20130511.el7_4.noarch,|ncurses-libs,5.9-14.20130511.el7_4.x86_64,|net-tools,2.0-0.25.20131004git.el7.x86_64,|newt,0.52.15-4.el7.x86_64,|newt-python,0.52.15-4.el7.x86_64,|nfs-utils,1.3.0-0.68.el7.2.x86_64,|nspr,4.32.0-1.el7_9.x86_64,|nss,3.67.0-3.el7_9.x86_64,|nss-pem,1.0.3-7.el7.x86_64,|nss-softokn,3.67.0-3.el7_9.x86_64,|nss-softokn-freebl,3.67.0-3.el7_9.x86_64,|nss-sysinit,3.67.0-3.el7_9.x86_64,|nss-tools,3.67.0-3.el7_9.x86_64,|nss-util,3.67.0-1.el7_9.x86_64,|ntp,4.2.6p5-29.el7.centos.2.x86_64,|ntpdate,4.2.6p5-29.el7.centos.2.x86_64,|numactl-libs,2.0.12-5.el7.x86_64,|openldap,2.4.44-24.el7_9.x86_64,|openssh,7.4p1-21.el7.x86_64,|openssh-clients,7.4p1-21.el7.x86_64,|openssh-server,7.4p1-21.el7.x86_64,|openssl,1.0.2k-22.el7_9.x86_64,|openssl-libs,1.0.2k-22.el7_9.x86_64,|os-prober,1.58-9.el7.x86_64,|p11-kit,0.23.5-3.el7.x86_64,|p11-kit-trust,0.23.5-3.el7.x86_64,|pam,1.1.8-23.el7.x86_64,|parted,3.1-32.el7.x86_64,|passwd,0.79-6.el7.x86_64,|pciutils-libs,3.5.1-3.el7.x86_64,|pcre,8.32-17.el7.x86_64,|pinentry,0.8.1-17.el7.x86_64,|pkgconfig,0.27.1-4.el7.x86_64,|plymouth,0.8.9-0.34.20140113.el7.centos.x86_64,|plymouth-core-libs,0.8.9-0.34.20140113.el7.centos.x86_64,|plymouth-scripts,0.8.9-0.34.20140113.el7.centos.x86_64,|policycoreutils,2.5-34.el7.x86_64,|polkit,0.112-26.el7.x86_64,|polkit-pkla-compat,0.1-4.el7.x86_64,|popt,1.13-16.el7.x86_64,|postfix,2.10.1-9.el7.x86_64,|procps-ng,3.3.10-28.el7.x86_64,|pth,2.0.7-23.el7.x86_64,|pygpgme,0.3-9.el7.x86_64,|pyliblzma,0.5.3-11.el7.x86_64,|python,2.7.5-90.el7.x86_64,|python-chardet,2.2.1-3.el7.noarch,|python-configobj,4.7.2-7.el7.noarch,|python-decorator,3.4.0-3.el7.noarch,|python-firewall,0.6.3-13.el7_9.noarch,|python-gobject-base,3.22.0-1.el7_4.1.x86_64,|python-iniparse,0.4-9.el7.noarch,|python-kitchen,1.1.1-5.el7.noarch,|python-libs,2.7.5-90.el7.x86_64,|python-linux-procfs,0.4.11-4.el7.noarch,|python-perf,3.10.0-1160.45.1.el7.x86_64,|python-pycurl,7.19.0-19.el7.x86_64,|python-pyudev,0.15-9.el7.noarch,|python-schedutils,0.4-6.el7.x86_64,|python-slip,0.4.0-4.el7.noarch,|python-slip-dbus,0.4.0-4.el7.noarch,|python-urlgrabber,3.10-10.el7.noarch,|pyxattr,0.5.1-5.el7.x86_64,|qrencode-libs,3.4.1-3.el7.x86_64,|quota,4.01-19.el7.x86_64,|quota-nls,4.01-19.el7.noarch,|readline,6.2-11.el7.x86_64,|rootfiles,8.1-11.el7.noarch,|rpcbind,0.2.0-49.el7.x86_64,|rpm,4.11.3-46.el7_9.x86_64,|rpm-build-libs,4.11.3-46.el7_9.x86_64,|rpm-libs,4.11.3-46.el7_9.x86_64,|rpm-python,4.11.3-46.el7_9.x86_64,|rsyslog,8.24.0-57.el7_9.1.x86_64,|sed,4.2.2-7.el7.x86_64,|selinux-policy,3.13.1-268.el7_9.2.noarch,|selinux-policy-targeted,3.13.1-268.el7_9.2.noarch,|setup,2.8.71-11.el7.noarch,|shadow-utils,4.6-5.el7.x86_64,|shared-mime-info,1.8-5.el7.x86_64,|slang,2.2.4-11.el7.x86_64,|snappy,1.1.0-3.el7.x86_64,|sqlite,3.7.17-8.el7_7.1.x86_64,|sudo,1.8.23-10.el7_9.2.x86_64,|sysstat,10.1.5-19.el7.x86_64,|systemd,219-78.el7_9.3.x86_64,|systemd-libs,219-78.el7_9.3.x86_64,|systemd-sysv,219-78.el7_9.3.x86_64,|sysvinit-tools,2.88-14.dsf.el7.x86_64,|tar,1.26-35.el7.x86_64,|tcp_wrappers,7.6-77.el7.x86_64,|tcp_wrappers-libs,7.6-77.el7.x86_64,|teamd,1.29-3.el7.x86_64,|tuned,2.11.0-11.el7_9.noarch,|tzdata,2021e-1.el7.noarch,|ustr,1.0.4-16.el7.x86_64,|util-linux,2.23.2-65.el7_9.1.x86_64,|vim-minimal,7.4.629-8.el7_9.x86_64,|virt-what,1.18-4.el7_9.1.x86_64,|wget,1.14-18.el7_6.1.x86_64,|which,2.20-7.el7.x86_64,|wpa_supplicant,2.6-12.el7_9.2.x86_64,|xfsprogs,4.5.0-22.el7.x86_64,|xz,5.2.2-1.el7.x86_64,|xz-libs,5.2.2-1.el7.x86_64,|yum,3.4.3-168.el7.centos.noarch,|yum-metadata-parser,1.1.4-10.el7.x86_64,|yum-plugin-fastestmirror,1.1.31-54.el7_8.noarch,|yum-utils,1.1.31-54.el7_8.noarch,|zlib,1.2.7-19.el7_9.x86_64, package_audit_tool=yum-security package_audit_tool_found=1 vulnerable_packages_found=0 hardening_index=76 tests_executed=HRDN-7230|HRDN-7222|HRDN-7220|KRNL-6000|HOME-9350|HOME-9310|HOME-9306|HOME-9304|HOME-9302|FILE-7524|MALW-3284|MALW-3282|MALW-3280|MALW-3278|MALW-3276|MALW-3275|TOOL-5190|TOOL-5126|TOOL-5122|TOOL-5120|TOOL-5102|TOOL-5002|FINT-4350|FINT-4338|FINT-4330|FINT-4328|FINT-4326|FINT-4322|FINT-4318|FINT-4314|FINT-4310|MACF-6290|RBAC-6272|MACF-6240|MACF-6234|MACF-6232|MACF-6204|CONT-8102|CRYP-8005|CRYP-8004|CRYP-8002|CRYP-7930|CRYP-7902|TIME-3170|TIME-3160|TIME-3148|TIME-3136|TIME-3132|TIME-3128|TIME-3124|TIME-3120|TIME-3116|TIME-3112|TIME-3104|ACCT-9636|ACCT-9634|ACCT-9632|ACCT-9630|ACCT-9628|ACCT-9626|ACCT-9622|SCHD-7718|SCHD-7704|SCHD-7702|BANN-7130|BANN-7128|BANN-7126|BANN-7124|INSE-8320|INSE-8318|INSE-8316|INSE-8314|INSE-8322|INSE-8310|INSE-8304|INSE-8300|INSE-8102|INSE-8100|INSE-8000|LOGG-2180|LOGG-2170|LOGG-2154|LOGG-2150|LOGG-2148|LOGG-2146|LOGG-2142|LOGG-2138|LOGG-2240|LOGG-2230|LOGG-2210|LOGG-2136|LOGG-2132|LOGG-2130|SQD-3602|PHP-2211|LDAP-2219|DBS-1880|DBS-1860|DBS-1840|DBS-1826|DBS-1820|DBS-1818|DBS-1804|SNMP-3302|SSH-7440|SSH-7408|SSH-7406|SSH-7404|SSH-7402|HTTP-6702|HTTP-6622|FIRE-4594|FIRE-4590|FIRE-4586|FIRE-4524|FIRE-4513|FIRE-4512|FIRE-4508|FIRE-4502|MAIL-8880|MAIL-8860|MAIL-8838|MAIL-8820|MAIL-8814|MAIL-8802|PRNT-2314|PRNT-2304|NETW-3200|NETW-3032|NETW-3030|NETW-3028|NETW-3015|NETW-3012|NETW-3008|NETW-3006|NETW-3004|NETW-3001|NETW-2705|NETW-2704|NETW-2600|NETW-2400|PKGS-7420|PKGS-7410|PKGS-7398|PKGS-7387|PKGS-7386|PKGS-7384|PKGS-7383|PKGS-7308|NAME-4408|NAME-4406|NAME-4404|NAME-4402|NAME-4304|NAME-4230|NAME-4202|NAME-4034|NAME-4032|NAME-4028|NAME-4020|NAME-4018|NAME-4016|STRG-1920|STRG-1906|STRG-1904|STRG-1902|STRG-1846|USB-3000|USB-2000|USB-1000|FILE-6430|FILE-6394|FILE-6376|FILE-6374|FILE-6372|FILE-6368|FILE-6363|FILE-6362|FILE-6354|FILE-6344|FILE-6336|FILE-6332|FILE-6329|FILE-6324|FILE-6323|FILE-6312|FILE-6311|FILE-6310|SHLL-6230|SHLL-6220|SHLL-6211|AUTH-9408|AUTH-9402|AUTH-9328|AUTH-9308|AUTH-9288|AUTH-9286|AUTH-9283|AUTH-9282|AUTH-9278|AUTH-9268|AUTH-9266|AUTH-9264|AUTH-9262|AUTH-9252|AUTH-9250|AUTH-9242|AUTH-9240|AUTH-9234|AUTH-9230|AUTH-9229|AUTH-9228|AUTH-9226|AUTH-9222|AUTH-9216|AUTH-9208|AUTH-9204|PROC-3802|PROC-3614|PROC-3612|PROC-3602|KRNL-5830|KRNL-5820|KRNL-5730|KRNL-5728|KRNL-5726|KRNL-5723|KRNL-5695|KRNL-5677|KRNL-5622|BOOT-5260|BOOT-5202|BOOT-5184|BOOT-5177|BOOT-5155|BOOT-5142|BOOT-5139|BOOT-5122|BOOT-5121|BOOT-5116|BOOT-5109|BOOT-5108|BOOT-5104|PLGN-3860|PLGN-3856|PLGN-3834|PLGN-3832|PLGN-3830|PLGN-3820|PLGN-3818|PLGN-3816|PLGN-3814|PLGN-3812|PLGN-3810|PLGN-3808|PLGN-3806|PLGN-3804|PLGN-3802|PLGN-3800|PLGN-0010|PLGN-0008|CORE-1000| tests_skipped=MALW-3288|MALW-3286|TOOL-5104|FINT-4402|FINT-4341|FINT-4340|FINT-4339|FINT-4336|FINT-4334|FINT-4316|FINT-4315|MACF-6242|MACF-6208|CONT-8108|CONT-8107|CONT-8106|CONT-8104|CONT-8004|CRYP-7931|TIME-3185|TIME-3182|TIME-3181|TIME-3180|TIME-3106|ACCT-9662|ACCT-9660|ACCT-9656|ACCT-9654|ACCT-9652|ACCT-9650|ACCT-2760|ACCT-2754|SCHD-7724|SCHD-7720|BANN-7113|INSE-8050|INSE-8200|INSE-8116|INSE-8106|INSE-8104|INSE-8016|INSE-8006|INSE-8004|INSE-8002|LOGG-2192|LOGG-2190|LOGG-2164|LOGG-2162|LOGG-2160|LOGG-2152|LOGG-2134|SQD-3680|SQD-3630|SQD-3624|SQD-3620|SQD-3616|SQD-3614|SQD-3613|SQD-3610|SQD-3606|SQD-3604|PHP-2382|PHP-2378|PHP-2376|PHP-2374|PHP-2372|PHP-2368|PHP-2320|LDAP-2224|DBS-1888|DBS-1886|DBS-1884|DBS-1882|DBS-1828|DBS-1816|SNMP-3306|SNMP-3304|HTTP-6720|HTTP-6716|HTTP-6714|HTTP-6712|HTTP-6710|HTTP-6708|HTTP-6706|HTTP-6704|HTTP-6643|HTTP-6641|HTTP-6640|HTTP-6632|HTTP-6626|HTTP-6624|FIRE-4540|FIRE-4538|FIRE-4536|FIRE-4534|FIRE-4532|FIRE-4530|FIRE-4526|FIRE-4520|FIRE-4518|MAIL-8920|MAIL-8818|MAIL-8817|MAIL-8816|MAIL-8804|PRNT-2420|PRNT-2418|PRNT-2316|PRNT-2308|PRNT-2307|PRNT-2306|PRNT-2302|NETW-3014|NETW-2706|PKGS-7394|PKGS-7393|PKGS-7392|PKGS-7390|PKGS-7388|PKGS-7382|PKGS-7381|PKGS-7380|PKGS-7378|PKGS-7370|PKGS-7366|PKGS-7354|PKGS-7352|PKGS-7350|PKGS-7348|PKGS-7346|PKGS-7345|PKGS-7334|PKGS-7332|PKGS-7330|PKGS-7328|PKGS-7322|PKGS-7320|PKGS-7314|PKGS-7312|PKGS-7310|PKGS-7306|PKGS-7304|PKGS-7303|PKGS-7302|PKGS-7301|NAME-4306|NAME-4238|NAME-4236|NAME-4232|NAME-4210|NAME-4206|NAME-4204|NAME-4036|NAME-4026|NAME-4024|STRG-1930|STRG-1928|STRG-1926|FILE-6410|FILE-6439|FILE-6330|SHLL-6202|AUTH-9410|AUTH-9409|AUTH-9406|AUTH-9340|AUTH-9306|AUTH-9304|AUTH-9254|AUTH-9218|AUTH-9212|PROC-3604|KRNL-5788|KRNL-5770|KRNL-5831|KRNL-5745|BOOT-5264|BOOT-5263|BOOT-5262|BOOT-5180|BOOT-5165|BOOT-5159|BOOT-5126|BOOT-5261|BOOT-5124|BOOT-5117|BOOT-5106|BOOT-5102| finish=true