Navigation

← Previous Changeset
Next Changeset →

Changeset 175

Timestamp:

03/17/08 08:09:49 (2 years ago)

Author:

jjarrett

Message:

Corrected Makefile Logic

Files:

trunk/RHEL5/Makefile (modified) (1 diff)
trunk/RHEL5/kickstart/clip.ks (modified) (4 diffs)
trunk/RHEL5/rpmify (modified) (1 diff)
trunk/RHEL5/scripts/stig-fix/cat2/gen001020.sh (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/RHEL5/Makefile

r69 r175

1 SUBDIRS=~~scripts conf man pam_tally3~~
1 SUBDIRS=pam_tally3 scripts conf man
2 2
3 3 export PREFIX=/usr

trunk/RHEL5/kickstart/clip.ks

r124	r175
1		# Kickstart installation script for clip
2
3		###################
4		# Command section #
5		###################
6
7		auth --enableshadow --enablemd5
	1	## Version .04 January 2008 ##
	2	#
	3	# Date Created : 2007-02-06 #
	4	#
	5	# CHANGELOG:
	6	# - 2007-02-07: Finished Mapping existing STIG scripts to DCID 6/3
	7	# Sections. [St. Laurent]
	8	# - 2007-12-xx: Initiated updates to reflect DCID PL4 Requirements
	9	# [Tresys]
	10	# - 2008-01-xx: Added/updated STIG scripts. Finalized kickstart
	11	# procedures. [Tresys]
	12	#
	13	#
	14	# Profile Name: dcid-6-3-PL4-ks.1.0.txt
	15	# Profile Label: dcid-6-3-PL4-ks.1.0.txt
	16	#
	17	# Details: This KickStart file lists out DCID 6/3 Policy at the PL4
	18	# Confidentiality level. Security settings are applied and
	19	# mapped to each specific PL4 section in DCID 6/3.
	20	#
	21	# By setting these security features in a KickStart file
	22	# allows for an auditor to have a high degree of assurance
	23	# that a system is being setup meeting the security
	24	# requirements the same (correct way) every time.
	25	#
	26	# A SHA-1 should be created to ensure a degree of
	27	# resistance to unauthorized modification.
	28	#
	29	## Version .02 February 2007 ##
	30	## Version .03 December 2007 ##
	31	## Version .04 January 2008 ##
	32
	33
	34
	35	# The "install" command tells the system to install a fresh system
	36	# rather than upgrade an existing system. You must specify the type
	37	# of installation in the form of: cdrom, harddrive, nfs, url (ftp
	38	# http installation). The "install" command and the installation
	39	# method command must be on separate lines. Examples:
	40	# url --url http://<server>/<dir>
	41	# --url ftp://<username>:<password>@<server>/<dir>
	42	# Passwd is in CLEAR with ftp!!! Not to be used.
	43	# harddrive --partition=hda2--dir=/path/to/install-tree
	44	# nfs --server=nfsserver.example.com --dir=/path/to/install-tree
8	45	install
	46
	47	# Perform the kickstart install in Text Mode. Installs are
	48	# performed in graphical mode by default.
9	49	text
10		skipx
	50
	51	# Defaults to a CD based install - disable if using URL or someother media
	52	# Use the network option if installing from a remote installation tree.
	53	cdrom
	54
	55	# Configure network information for the system. The "network"
	56	# option configures networking information for installations from an
	57	# installation tree on a remote server via NFS, FTP, or HTTP. DHCP
	58	# uses a DHCP server to get the network configuration information.
	59	#network --bootproto dhcp
	60
	61	# Perform a remote install.
	62	# The network option is required if performing a remote install
	63	#url --url http://<server>/<dir>
	64	#url --ftp ftp://<username>:<password>@<server>/<dir>
	65
	66
	67	# The "lang" command sets the language to use during installation.
	68	lang en_US
	69
	70	# The "langsupport" to install on the system. The --default switch
	71	# must be used if more than one language is specified.
	72	langsupport --default en_US en_US
	73
	74	# The "keyboard" command is required to set the system keyboard type.
	75	keyboard us
	76
	77	# The "mouse" command is required to configure the mouse type.
	78	# Giving no options will attempt to automatically detect the mouse.
	79	mouse
	80
	81
	82	##### WARNING: THIS WILL ERASE YOUR SYSTEM #####
	83	# A full backup should be performed before installation.
	84	zerombr yes
	85	clearpart --all
	86
	87
	88	# PARTITION NOTES
	89	# The following options are required under 'Disk Partition Information'
	90	# section in ks.cfg file, for creating the Logical Volume Manager (LVM)
	91	# partitions using kickstart.
	92
	93	#Disk partitioning information
	94	#part pv.<id>
	95	#volgroup <name> <partition>
	96	#logvol <mountpoint> --vgname=<volume_group_name> --size=<size> --name=<name>
	97
	98	#EXAMPLE using LVM
	99	#part /boot --fstype ext3 --size=150
	100	#part swap --size=1024
	101	#part pv.01 --size=1 --grow
	102	#volgroup vg_root pv.01
	103	#logvol / --vgname=vg_root --size=8192 --name=lv_root
	104	#logvol /var --vgname=vg_root --size=4096 --name=lv_var
	105	#logvol /tmp --vgname=vg_root --size=2048 --name=lv_tmp
	106	#logvol /spare --vgname=vg_root --size=1 --grow --name=lv_spare
	107
	108	partition /boot --fstype "ext3" --size=128
	109	partition pv.2 --size=0 --grow
	110	volgroup VolGroup00 pv.2
	111	logvol swap --fstype swap --name=swapVol --vgname=VolGroup00 --size=512
	112	logvol / --fstype ext3 --name=rootVol --vgname=VolGroup00 --size=1024 --grow
	113	logvol /var --fstype ext3 --name=varVol --vgname=VolGroup00 --size=1024 --grow
	114	logvol /home --fstype ext3 --name=homeVol --vgname=VolGroup00 --size=256 --grow
	115	logvol /tmp --fstype ext3 --name=tmpVol --vgname=VolGroup00 --size=1024 --grow
	116
	117
	118	# Specifies how the GRUB bootloader should be installed.
	119	# Set a password to prevent any non-stadard boot options.
	120	# The password should be changed after installation.
	121	bootloader --location mbr --password Dodiis_Redhat4321
	122
	123	# Set the root password.
	124	# This should be changed after installation.
11	125	rootpw 123)(*qweASD
12		bootloader --location=mbr --password=123)(*qweASD
13
14		#~~###############~~
15		# Partitioning #
16		################
17
18		clearpart --linux
19		part /boot --size=128
20		part swap --recommended
21		part pv.01 --size=1 --grow
22		volgroup clipvg pv.01
23		# ~~Using Logical Volume Management lets the user resize partitions later.~~
24		# STIG requires separate /var and /home.
25		logvol /var --vgname=clipvg --size=1024 --name=var
26		~~logvol /home --vgname=clipvg --size=1024 --name=hom~~e
27		~~logvol / --vgname=clipvg --size=1 --grow --name=r~~oot
28
29
30		####################
31		# Packages section #
32		#~~###################~~
	126
	127	# Set the authentication options for the system.
	128	# Similar to the authconfig command.
	129	auth --enablemd5 --enableshadow
	130
	131	# Set the timezone
	132	timezone --utc America/New_York
	133
	134	# Enable selinux
	135	selinux --enforcing
	136
	137	# Enable the firewall
	138	firewall --enabled --port=22:tcp --port=161:tcp --port=1002:tcp
	139
	140	# Reboot after installation is complete
	141	reboot
	142
	143
	144
	145
	146	# Install Packages. This is site specific.
33	147	%packages --resolvedeps
34	148	@base
…	…
36	150	aide
37	151	sysstat
38		-setools
39		#audit
40		#pam
41		#pam-devel
42		#python-devel
43		#subversion
44		#tcl
45		#tcl-devel
46		#tk
47		#tk-devel
	152	setools
	153	audit
48	154	#####################################
49	155	# Remove tcpdump per STIG gen003865 #
…	…
89	195	-ethereal
90	196	-ethereal-gnome
91		~~-tcpdump~~
92	197	-xchat
93	198	-vino
…	…
150	255	-perl-XML-NamespaceSupport
151	256
152		############################
153		# Pre/post install section #
154		############################
	257
	258	%pre
	259
	260
	261
	262	##### No changes should be made beyond this point #####
	263
	264
	265
155	266	%post
156		#!/bin/sh
157
158		out_file="installer.sh"
159		out_file_path="/root"
160
161		# DO NOT MODIFY anything below here
162		SERVICES_REQ="atd auditd crond iptables network syslog"
163
164		# Deactivate all services first
165		active=`chkconfig --list \| grep -i "3:on" \| cut -d" " -f1`
166		echo "Removing services from runlevel 3: "
167		for service in $active
	267	# Log %post errors
	268	##########################################################################
	269	# The post section of this kickstart file takes care of the secure
	270	# configuraton of Red Hat according to DCID 6/3.
	271	#
	272	# Levels of Concern:
	273	# Confidentiality PL4
	274	# [ PL4 ]
	275	##########################################################################
	276
	277
	278	# The Red Hat provided GPG key Red Hat uses to sign all of our RPM packages
	279	rpm --import /usr/share/rhn/RPM-GPG-KEY
	280
	281
	282
	283
	284
	285	##########################################################################
	286	# UNIX STIG v5r1
	287	##########################################################################
	288
	289	## (GEN000020: CAT II) (Previously â G001) The IAO and SA will ensure, if
	290	## configurable, the UNIX host is configured to require a password for access
	291	## to single-user and maintenance modes.
	292	echo "" >> /etc/inittab
	293	echo "#Require password in single-user mode" >> /etc/inittab
	294	echo "~~:S:wait:/sbin/sulogin" >> /etc/inittab
	295
	296	## (GEN000400: CAT II) (Previously â G010) The SA will ensure a logon-warning banner is
	297	## displayed on all devices and sessions at the initial logon.
	298	cat <<-EOF > /etc/issue
	299	You are accessing a U.S. Government (USG) information system (IS) that is
	300	provided for USG-authorized use only.
	301
	302	By using this IS, you consent to the following conditions:
	303
	304	-The USG routinely monitors communications occurring on this IS, and any
	305	device attached to this IS, for purposes including, but not limited to,
	306	penetration testing, COMSEC monitoring, network defense, quality control,
	307	and employee misconduct, law enforcement, and counterintelligence
	308	investigations.
	309	-At any time, the USG may inspect and/or seize data stored on this IS and
	310	any device attached to this IS.
	311	-Communications occurring on or data stored on this IS, or any device
	312	attached to this IS, are not private. They are subject to routine
	313	monitoring and search.
	314	-Any communications occurring on or data stored on this IS, or any device
	315	attached to this IS, may be disclosed or used for any USG-authorized purpose.
	316	-Security protections may be utilized on this IS to protect certain interests
	317	that are important to the USG. For example, passwords, access cards,
	318	encryption or biometric access controls provide security for the benefit of
	319	the USG. These protections are not provided for your benefit or privacy and
	320	may be modified or elimiated at the USG's discretion.
	321
	322	EOF
	323	sed -i "/^#Banner/ c\Banner /etc/issue" /etc/ssh/sshd_config
	324	sed -i "s/^$PATH=.*$/\/usr\/bin\/gdialog --yesno \"\`cat \/etc\/issue\`\"\nif( test 1 -eq \$\? ); then\n \/usr\/bin\/gdialog --infobox \"Logging out in 10 Seconds\" 1 20 \&\n sleep 10\n exit 1\nfi\n\n\1/" /etc/gdm/PreSession/Default
	325
	326	## (GEN000440: CAT II) (Previously â G012) The SA will ensure all logon attempts (both
	327	## successful and unsuccessful) are logged to a system log file.
	328	echo "auth.* /var/log/authlog" >> /etc/syslog.conf
	329
	330	## (GEN000460: CAT II) (Previously â G013) The SA will ensure, after three consecutive
	331	## failed logon attempts for an account, the account is locked for 15 minutes or until
	332	## the SA unlocks the account.
	333	sed -i '/^auth.*pam_deny/ a\
	334	auth\t required\t /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root' /etc/pam.d/system-auth
	335	sed -i '/^account.*pam_unix/ a\
	336	account\t required\t /lib/security/$ISA/pam_tally.so per_user deny=3 no_magic_root reset' /etc/pam.d/system-auth
	337
	338	## (GEN000480: CAT II) (Previously â G015) The SA will ensure the logon delay between
	339	## logon prompts after a failed logon is set to at least four seconds.
	340	echo "FAIL_DELAY 4" >> /etc/login.defs
	341
	342	## (GEN000500: CAT II) (Previously â G605) The SA will configure systems to log
	343	## out interactive processes (i.e., terminal sessions, ssh sessions, etc.,)
	344	## after 15 minutes of inactivity or ensure a password protected screen lock
	345	## mechanism is used and is set to lock the screen after 15 minutes of
	346	## inactivity.
	347	echo "TMOUT=900" >> /etc/profile
	348
	349	## (GEN000540: CAT II) (Previously â G004) The SA will ensure passwords are
	350	## not changed more than once a day.
	351	sed -i '/^PASS_MIN_DAYS/ c\PASS_MIN_DAYS\t1' /etc/login.defs
	352
	353	## (GEN000560: CAT I) (Previously â G018) The SA will ensure each account in
	354	## the /etc/passwd file has a password assigned or is disabled in the
	355	## password, shadow, or equivalent, file by disabling the password and/or by
	356	## assigning a false shell in the password file.
	357	for USERINFO in `cat /etc/shadow`; do
	358	if [ -z "`echo $USERINFO \| cut -d: -f2`" ]
	359	then
	360	/usr/sbin/usermod -L -s /dev/null `echo $USERINFO \| cut -d: -f1`
	361	fi
	362	done;
	363
	364	## (GEN000580: CAT II) (Previously â G019) The IAO will ensure all passwords contain a
	365	## minimum of eight characters.
	366	sed -i "s/PASS_MIN_LEN[ \t][0-9]/PASS_MIN_LEN\t8/" /etc/login.defs
	367
	368	## (GEN000600: CAT II) (Previously â G019) The IAO will ensure passwords include at
	369	## least two alphabetic characters, one of which must be capitalized.
	370	sed -i s/minlen\=8/minlen\=9/ /etc/pam.d/system-auth
	371	sed -i "s/difok\=3/difok\=3 dcredit\=-2 ucredit\=-2 ocredit\=-2 lcredit\=-2/" /etc/pam.d/system-auth
	372	# Running the authconfig tool WILL clobber these changes!
	373	# Taking the executable permissions off of /usr/sbin/authconfig
	374	chmod ugo-x /usr/sbin/authconfig
	375
	376	## (GEN000700: CAT II) (Previously â G020) The SA will ensure passwords are
	377	## changed at least every 90 days.
	378	sed -i '/^PASS_MAX_DAYS/ c\PASS_MAX_DAYS\t90' /etc/login.defs
	379
	380	## (GEN000800: CAT II) (Previously â G606) The SA will ensure passwords will not be
	381	## reused within the last ten changes.
	382	sed -i "s/shadow/shadow remember\=10/" /etc/pam.d/system-auth
	383
	384	## (GEN000920: CAT II) (Previously â G023) The SA will ensure the root account
	385	## home directory (other than â/â) has permissions of 700. Do not change the
	386	## permissions of the â/â directory to anything other than 0755.
	387	chmod 700 /root
	388
	389	## (GEN000980: CAT II) (Previously â G026) The SA will ensure root can only log
	390	## on as root from the system console, and then only when necessary to perform
	391	## system maintenance.
	392	echo "console" > /etc/securetty
	393
	394	## (GEN001020: CAT II) The IAO will enforce users requiring root privileges to
	395	## log on to their personal account and invoke the /bin/su - command to switch
	396	## user to root.
	397	# Configure sshd and login to consult pam_access.so
	398	sed -i '/^account/ a\account\t\trequired\tpam_access.so' /etc/pam.d/sshd
	399	sed -i '/^account.*auth$/ a\account\t required\tpam_access.so' /etc/pam.d/login
	400	# Configure pam_access to refuse direct logins for accounts not in users group
	401	sed -i '/^# All other/d' /etc/security/access.conf
	402	echo "# Restrict direct login to accounts in the users group" >> /etc/security/access.conf
	403	echo "-:ALL EXCEPT users :ALL" >> /etc/security/access.conf
	404	# Add a User who is in the users group allowing access to the system
	405	adduser -G users,wheel clipuser
	406	echo "123)(*qweASD" \| passwd --stdin clipuser
	407	# Cron was previously set to use /etc/security/access.conf, which did
	408	# nothing by default. We don't want to block root from using cron.
	409	# So, we create a blank config file and direct crond to use that instead.
	410	touch /etc/security/access-cron.conf
	411	chmod 644 /etc/security/access-cron.conf
	412	sed -i 's/pam_access.so/pam_access.so\ accessfile=\/etc\/security\/access-cron.conf/' /etc/pam.d/crond
	413
	414	## (GEN001080: CAT III) (Previously â G229) The SA will ensure the root shell
	415	## is not located in /usr if /usr is partitioned.
	416	/usr/sbin/usermod -s /bin/bash root
	417
	418	## (GEN001120: CAT II) (Previously â G500) The SA will configure the
	419	## encryption program for direct root access only from the system console.
	420	sed -i "/^#PermitRootLogin/ c\PermitRootLogin no" /etc/ssh/sshd_config
	421
	422	## (GEN001260: CAT II) (Previously â G037) The SA will ensure all system log
	423	## files have permissions of 640, or more restrictive.
	424	find /var/log/ -type f -exec chmod 640 '{}' \;
	425	sed -i "s/chmod 0664/chmod 0640/" /etc/rc.d/rc.sysinit
	426
	427	## (GEN001280: CAT III) (Previously â G042) The SA will ensure all manual page
	428	## files (i.e.,files in the man and cat directories) have permissions of 644,
	429	## or more restrictive.
	430	find /usr/share/man -type f -not -perm 644 -exec chmod 644 {} \;
	431
	432	## (GEN001380: CAT II) (Previously â G048) The SA will ensure the /etc/passwd
	433	## file has permissions of 644, or more restrictive.
	434	chmod 644 /etc/passwd
	435
	436	## (GEN001400: CAT I) (Previously â G047) The SA will ensure the owner of the
	437	## /etc/passwd and /etc/shadow files (or equivalent) is root.
	438	chown root /etc/passwd
	439	chown root /etc/shadow
	440
	441	## (GEN001420: CAT II) (Previously â G050) The SA will ensure the /etc/shadow
	442	## file (or equivalent) has permissions of 400.
	443	chmod 400 /etc/shadow
	444
	445	## (GEN001460: CAT IV) (Previously â G052) The SA will ensure all home
	446	## directories defined in the /etc/passwd file exist.
	447	for HOMEDIR in `cut -d: -f6 /etc/passwd`; do
	448	if [ ! -d $HOMEDIR ]
	449	then
	450	mkdir $HOMEDIR
	451	fi
	452	done;
	453
	454	## (GEN001560: CAT II) (Previously â G068) The user, application developers,
	455	## and the SA will ensure user files and directories will have an initial
	456	## permission no more permissive than 700, and never more permissive than 750.
	457	for BASEDIR in /home/* /root
168	458	do
169		echo $service
170		`chkconfig --level 3 $service off`
	459	find $BASEDIR -type f -exec chmod 600 '{}' \;
	460	find $BASEDIR -type d -exec chmod 700 '{}' \;
171	461	done
172	462
173		# Now activate only the required services
174		echo "Adding required services to runlevel 3: "
175		for service in $SERVICES_REQ
	463	## (GEN001580: CAT II) (Previously â G058) The SA will ensure run control
	464	## scripts have permissions of 755, or more restrictive.
	465	chmod 755 /etc/rc.d/init.d/*
	466
	467	## (GEN001620: CAT II) (Previously â G061) The SA will ensure run control
	468	## scripts files do not have the suid or sgid bit set.
	469	chmod ug-s /etc/rc.d/init.d/*
	470
	471	## (GEN001660: CAT II) (Previously â G611) The SA will ensure the owner of run
	472	## control scripts is root.
	473	chown root /etc/rc.d/init.d/*
	474
	475	## (GEN001680: CAT II) (Previously â G612) The SA will ensure the group owner
	476	## of run control scripts is root, sys, bin, other, or the system default.
	477	chgrp root /etc/rc.d/init.d/*
	478
	479	## (GEN001720: CAT II) The SA will ensure global initialization files have
	480	## permissions of 644, or more restrictive.
	481	chmod 644 /etc/{profile,bashrc,environment}
	482
	483	## (GEN001740: CAT II) The SA will ensure the owner of global initialization
	484	## files is root.
	485	chown root /etc/{profile,bashrc,environment}
	486
	487	## (GEN001760: CAT II) The SA will ensure the group owner of global
	488	## initialization files is root, sys, bin, other, or the system default.
	489	chgrp root /etc/{profile,bashrc,environment}
	490
	491	## (GEN001780: CAT III) (Previously â G112) The SA will ensure global
	492	## initialization files contain the command mesg ân.
	493	for FILE in /etc/{profile,bashrc,environment}; do
	494	echo "mesg n" >> $FILE
	495	done;
	496
	497	## (GEN001800: CAT II) (Previously â G038) The SA will ensure all
	498	## default/skeleton dot files have permissions of 644, or more restrictive.
	499	find /etc/skel -type f -exec chmod 644 '{}' \;
	500
	501	## (GEN001820: CAT II) The SA will ensure the owner of all default/skeleton
	502	## dot files is root or bin.
	503	find /etc/skel -type f -exec chown root '{}' \;
	504
	505	## (GEN002040: CAT I) The SA will ensure .rhosts, .shosts, hosts.equiv, nor
	506	## shosts.equiv are used, unless justified and documented with the IAO.
	507	for file in /root/.rhosts /root/.shosts /etc/hosts.equiv
176	508	do
177		~~echo $servic~~e
178		`chkconfig --level 3 $service on`
	509	rm -f $file
	510	ln -s /dev/null $file
179	511	done
180	512
181		# Save an installer script to root's homedir
182
183		echo "Saving an install script to root's home directory."
184		cat >> $out_file_path/$out_file <<'EOF'
185		#!/bin/sh
186		VERSION="2.0"
187		RELEASE="1"
188		UNAME="/bin/uname"
189		WGET="/usr/bin/wget"
190		SHA1SUM="/usr/bin/sha1sum"
191		ID="/usr/bin/id"
192		RPM="/bin/rpm"
193		SETENFORCE="/usr/sbin/setenforce"
194
195		RPM_OPTS1="--force -Uvh"
196		RPM_OPTS2="-ivh"
197
198		ARCH=$($UNAME -i)
199		ARCH_64="x86_64"
200		ARCH_32="i386"
201
202		URL="http://oss.tresys.com/projects/clip/chrome/site/files/rhel5"
203		LSPP_URL="http://people.redhat.com/sgrubb/files/lspp"
204		LSPP_PAM_RPM="pam-0.99.6.2-3.22.el5.$ARCH.rpm"
205		CLIP_RPM="clip-$VERSION-$RELEASE.$ARCH.rpm"
206		REFPOL_RPM="selinux-policy-clip-$VERSION-$RELEASE.noarch.rpm"
207		CLIP_SHA1="$CLIP_RPM.sha1"
208		REFPOL_SHA1="$REFPOL_RPM.sha1"
209
210		USAGE="This script will use wget to download and install \n \
211		$CLIP_RPM and\n \
212		$REFPOL_RPM\n \
213		from $URL and\n \
214		$LSPP_PAM_RPM\n \
215		from $LSPP_URL\n \
216		Internet connectivity is required. \n \
217		To install, invoke $0 with the -i option."
218
219		download() {
220		$WGET $URL/$CLIP_RPM && \
221		$WGET $URL/$CLIP_SHA1 && \
222		$WGET $URL/refpolicy/$REFPOL_RPM && \
223		$WGET $URL/refpolicy/$REFPOL_SHA1 && \
224		$WGET $LSPP_URL/$LSPP_PAM_RPM
225		if [ $? -ne 0 ]; then
226		echo "RPM download failed. Terminating."
227		exit 1
	513	## (GEN002120: CAT II) (Previously â G069) The SA will ensure the /etc/shells
	514	## (or equivalent) file exits.
	515	cat <<-EOF > /etc/shells
	516	/bin/sh
	517	/bin/bash
	518	/sbin/nologin
	519	/bin/tcsh
	520	/bin/csh
	521	/bin/ksh
	522	EOF
	523
	524	## (GEN002160: CAT I) (Previously â G072) The SA will ensure no shell has the
	525	## suid bit set.
	526	for SHELL in `cat /etc/shells`; do
	527	chmod u-s $SHELL
	528	done
	529
	530	## (GEN002180: CAT II) (Previously â G073) The SA will ensure no shell has the
	531	## sgid bit set.
	532	for SHELL in `cat /etc/shells`; do
	533	chmod g-s $SHELL
	534	done
	535
	536	## (GEN002200: CAT II) (Previously â G074) The SA will ensure the owner of all
	537	## shells is root or bin.
	538	for SHELL in `cat /etc/shells`; do
	539	chown root $SHELL
	540	done
	541
	542	## (GEN002220: CAT II) (Previously â G075) The SA will ensure all shells
	543	## (excluding /dev/null and sdshell) have permissions of 755, or more
	544	## restrictive.
	545	for SHELL in `cat /etc/shells`; do
	546	chmod 755 $SHELL
	547	done
	548
	549	## (GEN002320: CAT II) (Previously â G501) The SA will ensure the audio devices
	550	## have permissions of 644, or more restrictive.
	551	sed -i -r "/sound\|snd\|mixer/ d" /etc/security/console.perms.d/50-default.perms
	552	echo "SUBSYSTEM==\"sound\|snd\", OWNER=\"root\", GROUP=\"root\", MODE=\"0644\"" > /etc/udev/rules.d/55-audio-perms.rules
	553
	554	## (GEN002340: CAT II) (Previously â G502) The SA will ensure the owner of
	555	## audio devices is root.
	556	# see GEN002320
	557
	558	## (GEN002360: CAT II) (Previously â G504) The SA will ensure the group owner
	559	## of audio devices is root, sys, or bin.
	560	# see GEN002320
	561
	562	## (GEN002420: CAT II) (Previously â G086) The SA will ensure user filesystems,
	563	## removable media, and remote filesystems will be mounted with the nosuid
	564	## option.
	565	FSTAB=/etc/fstab
	566	SED=/bin/sed
	567	#nosuid and acl on /home
	568	if [ $(grep " \/home " ${FSTAB} \| grep -c "nosuid") -eq 0 ]; then
	569	MNT_OPTS=$(grep " \/home " ${FSTAB} \| awk '{print $4}')
	570	${SED} -i "s/$ \/home.*${MNT_OPTS}$/\1,nosuid,acl/" ${FSTAB}
	571	fi
	572	#nosuid and acl on /sys
	573	if [ $(grep " \/sys " ${FSTAB} \| grep -c "nosuid") -eq 0 ]; then
	574	MNT_OPTS=$(grep " \/sys " ${FSTAB} \| awk '{print $4}')
	575	${SED} -i "s/$ \/sys.*${MNT_OPTS}$/\1,nosuid,acl/" ${FSTAB}
	576	fi
	577	#nosuid and acl on /boot
	578	if [ $(grep " \/boot " ${FSTAB} \| grep -c "nosuid") -eq 0 ]; then
	579	MNT_OPTS=$(grep " \/boot " ${FSTAB} \| awk '{print $4}')
	580	${SED} -i "s/$ \/boot.*${MNT_OPTS}$/\1,nosuid,acl/" ${FSTAB}
	581	fi
	582	#nodev and acl on /usr
	583	if [ $(grep " \/usr " ${FSTAB} \| grep -c "nodev") -eq 0 ]; then
	584	MNT_OPTS=$(grep " \/usr " ${FSTAB} \| awk '{print $4}')
	585	${SED} -i "s/$ \/usr.*${MNT_OPTS}$/\1,nodev,acl/" ${FSTAB}
	586	fi
	587	#nodev and acl on /home
	588	if [ $(grep " \/home " ${FSTAB} \| grep -c "nodev") -eq 0 ]; then
	589	MNT_OPTS=$(grep " \/home " ${FSTAB} \| awk '{print $4}')
	590	${SED} -i "s/$ \/home.*${MNT_OPTS}$/\1,nodev,acl/" ${FSTAB}
	591	fi
	592	#nodev and acl on /usr/local
	593	if [ $(grep " \/usr\/local " ${FSTAB} \| grep -c "nodev") -eq 0 ]; then
	594	MNT_OPTS=$(grep " \/usr\/local " ${FSTAB} \| awk '{print $4}')
	595	${SED} -i "s/$ \/usr\/local.*${MNT_OPTS}$/\1,nodev,acl/" ${FSTAB}
	596	fi
	597
	598	## (GEN002560: CAT II) (Previously â G089) The SA will ensure the system and
	599	## user umask is 077.
	600	echo "umask 077" >> /etc/bashrc
	601
	602	## (GEN002640: CAT II) (Previously â G092) The SA will ensure logon capability
	603	## to default system accounts (e.g., bin, lib, uucp, news, sys, guest, daemon,
	604	## and any default account not normally logged onto) will be disabled by
	605	## making the default shell /bin/false, /usr/bin/false, /sbin/false,
	606	## /sbin/nologin, or /dev/null, and by locking the password.
	607	for NAME in `cut -d: -f1 /etc/passwd`; do
	608	NAMEID=`id -u $NAME`
	609	if [ $NAMEID -lt 500 -a $NAME != 'root' ]; then
	610	/usr/sbin/usermod -L -s /dev/null $NAME
228	611	fi
229		}
230
231		check() {
232		$SHA1SUM $CLIP_SHA1 && \
233		$SHA1SUM $REFPOL_SHA1 && \
234		$RPM --checksig $LSPP_PAM_RPM
235		if [ $? -ne 0 ]; then
236		echo "Download verification failed. Terminating."
237		exit 1
	612	done
	613
	614	## (GEN002660: CAT II) (Previously â G093) The SA will configure and implement
	615	## auditing.
	616	chkconfig auditd on
	617	cat <<-EOF > /etc/audit/audit.rules
	618	# Remove any existing rules
	619	-D
	620	# Increase buffer size to handle the increased number of messages.
	621	-b 8192
	622	EOF
	623
	624	## (GEN002680: CAT II) (Previously â G094) The SA will ensure audit data files
	625	## and directories will be readable only by personnel authorized by the IAO.
	626	chmod 700 /var/log/audit
	627
	628	## (GEN002700: CAT I) (Previously â G095) The SA will ensure audit data files
	629	## have permissions of 640, or more restrictive.
	630	touch /var/log/audit/audit.log
	631	chmod 640 /var/log/audit/*
	632	chmod 640 /etc/audit/audit.rules
	633
	634	## (GEN002720: CAT II) The SA will configure the auditing system to audit
	635	## logon (unsuccessful and successful) and logout (successful)
	636	cat <<-EOF >> /etc/audit/audit.rules
	637	-a exit,always -w /bin/login -p x
	638	-a exit,always -w /bin/logout -F success=0
	639	EOF
	640
	641	## (GEN002740: CAT II) The SA will configure the auditing system to audit
	642	## discretionary access control permission modification (unsuccessful and
	643	## successful use of chown/chmod)
	644	cat <<-EOF >> /etc/audit/audit.rules
	645	-a exit,always -S chmod
	646	-a exit,always -S chown
	647	-a exit,always -S chown32
	648	-a exit,always -S fchmod
	649	-a exit,always -S fchown
	650	-a exit,always -S fchown32
	651	-a exit,always -S lchown
	652	-a exit,always -S lchown32
	653	EOF
	654
	655	## (GEN002760: CAT II) The SA will configure the auditing system to audit
	656	## unauthorized access attempts to files (unsuccessful)
	657	cat <<-EOF >> /etc/audit/audit.rules
	658	-a exit,always -S open -F success!=0
	659	-a exit,always -S mknod -F success=0
	660	-a exit,always -S pipe -F success=0
	661	-a exit,always -S mkdir -F success=0
	662	-a exit,always -S creat -F success=0
	663	-a exit,always -S truncate -F success=0
	664	-a exit,always -S truncate64 -F success=0
	665	-a exit,always -S ftruncate -F success=0
	666	-a exit,always -S ftruncate64 -F success=0
	667	EOF
	668
	669	## (GEN002780: CAT II) The SA will configure the auditing system to audit
	670	## use of privileged commands (unsuccessful and successful)
	671	cat <<-EOF >> /etc/audit/audit.rules
	672	-a exit,always -S chroot
	673	-a exit,always -S mount
	674	-a exit,always -S umount
	675	-a exit,always -S umount2
	676	-a exit,always -S adjtimex
	677	-a exit,always -S kill
	678	-a exit,always -w /usr/sbin/pwck
	679	-a exit,always -w /bin/chgrp
	680	-a exit,always -w /usr/bin/newgrp
	681	-a exit,always -w /usr/sbin/groupadd
	682	-a exit,always -w /usr/sbin/groupmod
	683	-a exit,always -w /usr/sbin/groupdel
	684	-a exit,always -w /usr/sbin/useradd
	685	-a exit,always -w /usr/sbin/userdel
	686	-a exit,always -w /usr/sbin/usermod
	687	-a exit,always -w /usr/bin/chage
	688	-a exit,always -w /usr/bin/setfacl
	689	-a exit,always -w /usr/bin/chacl
	690	EOF
	691
	692	## (GEN002800: CAT II) The SA will configure the auditing system to audit
	693	## files and programs deleted by the user (successful and unsuccessful)
	694	cat <<-EOF >> /etc/audit/audit.rules
	695	-a exit,always -S unlink
	696	-a exit,always -S rmdir
	697	EOF
	698
	699	## (GEN002820: CAT II) The SA will configure the auditing system to audit
	700	## all system administration actions
	701	cat <<-EOF >> /etc/audit/audit.rules
	702	-w /var/log/audit/
	703	-w /etc/auditd.conf
	704	-w /etc/audit
	705	-a exit,always -S acct
	706	-a exit,always -S reboot
	707	-a exit,always -S sched_setparam
	708	-a exit,always -S sched_setscheduler
	709	-a exit,always -S setdomainname
	710	-a exit,always -S setrlimit
	711	-a exit,always -S settimeofday
	712	-a exit,always -S stime
	713	-a exit,always -S swapon
	714	EOF
	715
	716	## (GEN002840: CAT II) The SA will configure the auditing system to audit
	717	## all security personnel actions
	718	cat <<-EOF >> /etc/audit/audit.rules
	719	-a exit,always -S init_module
	720	-a exit,always -S delete_module
	721	-a exit,always -w /bin/su
	722	EOF
	723
	724	## (GEN002860: CAT II) (Previously â G674) The SA and/or IAO will ensure old
	725	## audit logs are closed and new audit logs are started daily.
	726	cat <<-EOF > /etc/logrotate.d/audit
	727	/var/log/audit/audit.log
	728	{
	729	daily
	730	notifempty
	731	missingok
	732	postrotate
	733	/sbin/service auditd restart 2> /dev/null > /dev/null \|\| true
	734	endscript
	735	}
	736	EOF
	737
	738	## (GEN002980: CAT II) The SA will ensure the cron.allow
	739	## file has permissions of 600, or more restrictive.
	740	chmod 600 /etc/cron.allow
	741
	742	## (GEN003040: CAT II) The SA will ensure the owner of crontabs is root or the
	743	## crontab creator.
	744	chown root /etc/cron.hourly/*
	745	chown root /etc/cron.daily/*
	746	chown root /etc/cron.weekly/*
	747	chown root /etc/cron.monthly/*
	748	chown root /etc/cron.d/*
	749	chown root /var/spool/cron/*
	750
	751	## (GEN003060: CAT II) The SA will ensure default system accounts (with the
	752	## possible exception of root) will not be listed in the cron.allow file. If
	753	## there is only a cron.deny file, the default accounts (with the possible
	754	## exception of root) will be listed there.
	755	echo 'root' > /etc/cron.allow
	756	awk -F: '{print $1}' /etc/passwd \| grep -v root > /etc/cron.deny
	757
	758	## (GEN003080: CAT II) (Previously â G205) The SA will ensure crontabs have
	759	## permissions of 600, or more restrictive, (700 for some Linux crontabs, which
	760	## is detailed in the UNIX Checklist).
	761	chmod -R 600 /etc/cron.daily
	762	chmod -R 600 /etc/cron.hourly
	763	chmod -R 600 /etc/cron.weekly
	764	chmod -R 600 /etc/cron.monthly
	765	chmod 600 /etc/crontab
	766	chmod -R 600 /etc/cron.d
	767
	768	## (GEN003100: CAT II) (Previously â G206) The SA will ensure cron and crontab
	769	## directories have permissions of 755, or more restrictive.
	770	chmod 755 /etc/cron.hourly
	771	chmod 755 /etc/cron.daily
	772	chmod 755 /etc/cron.weekly
	773	chmod 755 /etc/cron.monthly
	774	chmod 755 /etc/cron.d
	775	chmod 755 /var/spool/cron
	776
	777	## (GEN003120: CAT II) (Previously â G207) The SA will ensure the owner of the
	778	## cron and crontab directories is root or bin.
	779	chown root /etc/cron.hourly
	780	chown root /etc/cron.daily
	781	chown root /etc/cron.weekly
	782	chown root /etc/cron.monthly
	783	chown root /etc/cron.d
	784	chown root /var/spool/cron
	785
	786	## (GEN003140: CAT II) (Previously â G208) The SA will ensure the group owner
	787	## of the cron and crontab directories is root, sys, or bin.
	788	chgrp root /etc/cron.hourly
	789	chgrp root /etc/cron.daily
	790	chgrp root /etc/cron.weekly
	791	chgrp root /etc/cron.monthly
	792	chgrp root /etc/cron.d
	793	chgrp root /var/spool/cron
	794
	795	## (GEN003180: CAT II) (Previously â G210) The SA will ensure cron logs have
	796	## permissions of 600, or more restrictive.
	797	touch /var/log/cron
	798	chmod 600 /var/log/cron
	799
	800	## (GEN003200: CAT II) The SA will ensure the cron.deny
	801	## file has permissions of 600, or more restrictive.
	802	chmod 600 /etc/cron.deny
	803
	804	## (GEN003240: CAT II) The SA will ensure the owner and
	805	## group owner of the cron.allow file is root.
	806	chown root:root /etc/cron.allow
	807
	808	## (GEN003260: CAT II) The SA will ensure the owner and
	809	## group owner of the cron.deny file is root.
	810	chown root:root /etc/cron.deny
	811
	812	## (GEN003300: CAT II) (Previously â G212) The SA will ensure the at.deny file
	813	## is not empty.
	814	awk -F: '{print $1}' /etc/passwd \| grep -v root > /etc/at.deny
	815
	816	## (GEN003320: CAT II) (Previously â G213) The SA will ensure default system
	817	## accounts (with the possible exception of root) are not listed in the
	818	## at.allow file. If there is only an at.deny file, the default accounts
	819	## (with the possible exception of root) will be listed there.
	820	echo "root" > /etc/at.allow
	821
	822	## (GEN003340: CAT II) (Previously â G214) The SA will ensure the at.allow and
	823	## at.deny files have permissions of 600, or more restrictive.
	824	chmod 600 /etc/at.allow
	825	chmod 600 /etc/at.deny
	826
	827	## (GEN003400: CAT II) (Previously â G625) The SA will ensure the at (or
	828	## equivalent) directory has permissions of 755, or more restrictive.
	829	chmod 755 /var/spool/at/spool
	830
	831	## (GEN003420: CAT II) (Previously â G626) The SA will ensure the owner and
	832	## group owner of the at (or equivalent) directory is root, sys, bin, or daemon.
	833	chown root:root /var/spool/at/spool
	834
	835	## (GEN003460: CAT II) (Previously â G629) The SA will ensure the owner and
	836	## group owner of the at.allow file is root.
	837	chown root:root /etc/at.allow
	838
	839	## (GEN003480: CAT II) (Previously â G630) The SA will ensure the owner and
	840	## group owner of the at.deny file is root.
	841	chown root:root /etc/at.deny
	842
	843	## (GEN003500: CAT III) The SA will ensure core dumps are disabled or
	844	## restricted.
	845	echo "* - core 0" >> /etc/security/limits.conf
	846
	847	## (GEN003520: CAT III) The SA will ensure the owner and group owner of the
	848	## core dump data directory is root with permissions of 700, or more
	849	## restrictive.
	850	chown root:root /var/crash
	851	chmod -R 700 /var/crash
	852
	853	## (GEN003600: CAT II) The SA will ensure network parameters are securely set.
	854	sed -i "/net\.ipv4\.conf\.default\.rp_filter/ c\net.ipv4.conf.default.rp_filter = 1" /etc/sysctl.conf
	855	sed -i "/net\.ipv4\.conf\.default\.accept_source_route/ c\net.ipv4.conf.default.accept_source_route = 0" /etc/sysctl.conf
	856	cat <<-EOF >> /etc/sysctl.conf
	857	net.ipv4.tcp_max_syn_backlog = 1280
	858	net.ipv4.icmp_echo_ignore_broadcasts = 1
	859	EOF
	860
	861	## (GEN003660: CAT II) The SA will ensure the authentication notice and
	862	## informational data is logged.
	863	echo "auth.notice /var/log/messages" >> /etc/syslog.conf
	864
	865	## (GEN003700: CAT II) The SA will ensure inetd (xinetd for Linux) is disabled
	866	## if all inetd/xinetd based services are disabled.
	867	/sbin/chkconfig bluetooth off
	868	/sbin/chkconfig irda off
	869	/sbin/chkconfig lm_sensors off
	870	/sbin/chkconfig portmap off
	871	/sbin/chkconfig rawdevices off
	872	/sbin/chkconfig rpcgssd off
	873	/sbin/chkconfig rpcidmapd off
	874	/sbin/chkconfig rpcsvcgssd off
	875	/sbin/chkconfig sendmail off
	876	/sbin/chkconfig xinetd off
	877
	878	## (GEN003740: CAT II) (Previously â G108) The SA will ensure the inetd.conf
	879	## (xinetd.conf for Linux) file has permissions of 440, or more restrictive.
	880	## The Linux xinetd.d directory will have permissions of 755, or more
	881	## restrictive. This is to include any directories defined in the includedir
	882	## parameter.
	883	chmod 755 /etc/xinetd.d
	884	chmod 440 /etc/xinetd.conf
	885
	886	## (GEN003760: CAT II) (Previously â G109) The SA will ensure the owner of the
	887	## services file is root or bin.
	888	chown root /etc/services
	889
	890	## (GEN003780: CAT II) (Previously â G110) The SA will ensure the services
	891	## file has permissions of 644, or more restrictive.
	892	chmod 644 /etc/services
	893
	894	## (GEN003860: CAT III) (Previously â V046) The SA will ensure finger is not
	895	## enabled.
	896	/sbin/chkconfig finger off
	897
	898	## (GEN003960: CAT II) (Previously â G631) The SA will ensure the owner of
	899	## the traceroute command is root.
	900	chown root /bin/traceroute
	901
	902	## (GEN003980: CAT II) (Previously â G632) The SA will ensure the group
	903	## owner of the traceroute command is root, sys, or bin.
	904	chgrp root /bin/traceroute
	905
	906	## (GEN004000: CAT II) (Previously â G633) The SA will ensure the traceroute
	907	## command has permissions of 700, or more restrictive.
	908	chmod 700 /bin/traceroute
	909
	910	## (GEN004360: CAT II) (Previously â G127) The SA will ensure the aliases file
	911	## is owned by root.
	912	chown root /etc/aliases
	913
	914	## (GEN004380: CAT II) (Previously â G128) The SA will ensure the aliases file
	915	## has permissions of 644, or more restrictive.
	916	chmod 644 /etc/aliases
	917
	918	## (GEN004440: CAT IV) (Previously â G133) The SA will ensure the sendmail
	919	## logging level (the detail level of e-mail tracing and debugging
	920	## information) in the sendmail.cf file is set to a value no lower than
	921	## nine (9).
	922	sed -i '/LogLevel/ c\O LogLevel=9' /etc/mail/sendmail.cf
	923
	924	## (GEN004480: CAT II) (Previously â G135) The SA will ensure the owner of the
	925	## critical sendmail log file is root.
	926	chown root /var/log/maillog
	927
	928	## (GEN004500: CAT II) (Previously â G136) The SA will ensure the critical
	929	## sendmail log file has permissions of 644, or more restrictive.
	930	chmod 644 /var/log/maillog
	931
	932	## (GEN004540: CAT II) The SA will ensure the help sendmail command is
	933	## disabled.
	934	mv /etc/mail/helpfile /etc/mail/helpfile.bak
	935	echo "" > /etc/mail/helpfile
	936
	937	## (GEN004560: CAT II) (Previously â G646) To help mask the e-mail version,
	938	## the SA will use the following in place of the original sendmail greeting
	939	## message:
	940	## O SmtpGreetingMessage= Mail Server Ready ; $b
	941	sed -i '/SmtpGreetingMessage/ c\O SmtpGreetingMessage= Mail Server Ready ; $b' /etc/mail/sendmail.cf
	942
	943	## (GEN004580: CAT I) (Previously â G647) The SA will ensure .forward files
	944	## are not used.
	945	for HOMEDIR in `cut -d: -f6 /etc/passwd`; do
	946	if [ -f $HOMEDIR/.forward ]
	947	then
	948	rm $HOMEDIR/.forward
	949	fi
	950	done;
	951
	952	## (GEN004640: CAT I) (Previously â V126) The SA will ensure the decode entry
	953	## is disabled (deleted or commented out) from the alias file.
	954	sed --in-place s/^decode\:/\#decode\:/ /etc/aliases
	955	/usr/bin/newaliases
	956
	957	## (GEN004880: CAT II) (Previously â G140) The SA will ensure the ftpusers
	958	## file exists.
	959	touch /etc/ftpusers
	960
	961	## (GEN004900: CAT II) (Previously â G141) The SA will ensure the ftpusers
	962	## file contains the usernames of users not allowed to use FTP, and contains,
	963	## at a minimum, the system pseudo-users usernames and root.
	964	echo -n > /etc/ftpusers
	965	for NAME in `cut -d: -f1 /etc/passwd`; do
	966	NAMEID=`id -u $NAME`
	967	if [ $NAMEID -lt 500 ]; then
	968	echo $NAME >> /etc/ftpusers
238	969	fi
239		}
240
241		inst() {
242		$SETENFORCE 0
243		for i in $LSPP_PAM_RPM $CLIP_RPM; do
244		echo "Installing $i"
245		$RPM $RPM_OPTS1 $i
246		if [ $? -ne 0 ]; then
247		echo "Installation of $i failed. Terminating."
248		exit 1
249		fi
250		done
	970	done;
	971
	972	## (GEN004920: CAT II) (Previously â G142) The SA will ensure the owner of the
	973	## ftpusers file is root.
	974	chown root /etc/ftpusers
	975
	976	## (GEN004940: CAT II) (Previously â G143) The SA will ensure the ftpusers
	977	## file has permissions of 640, or more restrictive.
	978	chmod 640 /etc/ftpusers
	979
	980	## (GEN005000: CAT I) (Previously â G649) The SA will implement the anonymous
	981	## FTP account with a non-functional shell such as /bin/false.
	982	/usr/sbin/usermod -s /dev/null ftp
	983
	984	## (GEN005360: CAT II) The SA will ensure the owner of the snmpd.conf file is root with a group
	985	## owner of sys and the owner of MIB files is root with a group owner of sys or the application.
	986	chown root:sys /etc/snmp/snmpd.conf
	987
	988	## (GEN005400: CAT II) (Previously â G656) The SA will ensure the owner of the
	989	## /etc/syslog.conf file is root with permissions of 640, or more restrictive.
	990	chown root /etc/syslog.conf
	991	chmod 640 /etc/syslog.conf
	992
	993	## (GEN005420: CAT II) (Previously â G657) The SA will ensure the group owner
	994	## of the /etc/syslog.conf file is root, sys, or bin.
	995	chgrp root /etc/syslog.conf
	996
	997	## (GEN005500: CAT I) (Previously â G701) The IAO and SA will ensure SSH
	998	## Protocol version 1 is not used, nor will Protocol version 1 compatibility
	999	## mode be used.
	1000	if [ `grep -c "^Protocol" /etc/ssh/sshd_config` -gt 0 ]
	1001	then
	1002	sed -i "/^Protocol/ c\Protocol 2" /etc/ssh/sshd_config
	1003	else
	1004	echo "Protocol 2" >> /etc/ssh/sshd_config
	1005	fi
	1006	echo 'Ciphers aes256-cbc,aes192-cbc,blowfish-cbc,cast128-cbc,aes128-cbc,3des-cbc' >> /etc/ssh/ssh_config
	1007
	1008	## (GEN005600: CAT II) The SA will ensure IP forwarding is disabled if the
	1009	## system is not dedicated as a router.
	1010	sed -i "/net\.ipv4\.ip_forward/ c\net.ipv4.ip_forward = 0" /etc/sysctl.conf
	1011
	1012	## (GEN005740: CAT II) (Previously â G178) The SA will ensure the owner of the
	1013	## export configuration file is root.
	1014	chown root /etc/exports
	1015
	1016	## (GEN005760: CAT III) (Previously â G179) The SA will ensure the export
	1017	## configuration file has permissions of 644, or more restrictive.
	1018	chmod 644 /etc/exports
	1019
	1020	## (GEN006100: CAT II) (Previously â L050) The SA will ensure the owner of
	1021	## the/etc/samba/smb.conf file is root.
	1022	chown root /etc/samba/smb.conf
	1023
	1024	## (GEN006120: CAT II) (Previously â L051) The SA will ensure the group owner
	1025	## of the /etc/samba/smb.conf file is root.
	1026	chgrp root /etc/samba/smb.conf
	1027
	1028	## (GEN006140: CAT II) (Previously â L052) The SA will ensure the
	1029	## /etc/samba/smb.conf file has permissions of 644, or more restrictive.
	1030	chmod 644 /etc/samba/smb.conf
	1031
	1032	## (GEN006160: CAT II) (Previously â L054) The SA will ensure the owner of
	1033	## smbpasswd is root.
	1034	chown root /usr/bin/smbpasswd
	1035
	1036	## (GEN006180: CAT II) (Previously â L055) The SA will ensure group owner of
	1037	## smbpasswd is root.
	1038	chgrp root /usr/bin/smbpasswd
	1039
	1040	## (GEN006200: CAT II) (Previously â L057) The SA will configure permissions
	1041	## for smbpasswd to 600, or more restrictive.
	1042	chmod 600 /usr/bin/smbpasswd
	1043
	1044	## (GEN006260: CAT II) (Previously â L154) The SA will ensure the
	1045	## /etc/news/hosts.nntp file has permissions of 600, or more restrictive.
	1046	chmod 600 /etc/news/hosts.nntp
	1047
	1048	## (GEN006300: CAT II) (Previously â L158) The SA will ensure the
	1049	## /etc/news/nnrp.access file has permissions of 600, or more restrictive.
	1050	chmod 600 /etc/news/nnrp.access
	1051
	1052	## (GEN006320: CAT II) (Previously â L160) The SA will ensure the
	1053	## /etc/news/passwd.nntp file has permissions of 600, or more restrictive.
	1054	chmod 600 /etc/news/passwd.nntp
	1055
	1056	## (GEN006340: CAT II) (Previously â L162) The SA will ensure the owner of all
	1057	## files under the /etc/news subdirectory is root or news.
	1058	chown -R root /etc/news/*
	1059
	1060	## (GEN006360: CAT II) (Previously â L164) The SA will ensure the group owner
	1061	## of all files in /etc/news is root or news.
	1062	chgrp -R root /etc/news/*
	1063
	1064	## (GEN006280: CAT II) (Previously â L156) The SA will ensure the
	1065	## /etc/news/hosts.nntp.nolimit file has permissions of 600, or more
	1066	## restrictive.
	1067	chmod 600 /etc/news/hosts.nntp.nolimit
	1068
	1069	## (GEN006520: CAT II) (Previously â G189) The SA will ensure security tools
	1070	## and databases have permissions of 740, or more restrictive.
	1071	chmod 740 /etc/rc.d/init.d/iptables
	1072	chmod 740 /sbin/iptables
	1073	chmod 740 /usr/share/logwatch/scripts/services/iptables
	1074
	1075	## (GEN006620: CAT II) The SA will ensure an access control program (e.g.,
	1076	## TCP_WRAPPERS) hosts.deny and hosts.allow files (or equivalent) are used to
	1077	## grant or deny system access to specific hosts.
	1078	echo "ALL: ALL" > /etc/hosts.deny
	1079
	1080	## (LNX00160: CAT II) (Previously â L074) The SA will ensure the grub.conf
	1081	## file has permissions of 600, or more restrictive.
	1082	chmod 600 /boot/grub/grub.conf
	1083
	1084	## (LNX00220: CAT II) (Previously â L080) The SA will ensure the lilo.conf
	1085	## file has permissions of 600 or more restrictive.
	1086	chmod 600 /etc/lilo.conf
	1087
	1088	## (LNX00320: CAT I) (Previously â L140) The SA will delete accounts that
	1089	## provide a special privilege such as shutdown and halt.
	1090	/usr/sbin/userdel shutdown
	1091	/usr/sbin/userdel halt
	1092	/usr/sbin/userdel sync
	1093
	1094	## (LNX00340: CAT II) (Previously â L142) The SA will delete accounts that
	1095	## provide no operational purpose, such as games or operator, and will delete
	1096	## the associated software.
	1097	/usr/sbin/userdel news
	1098	/usr/sbin/userdel operator
	1099	/usr/sbin/userdel games
	1100	/usr/sbin/userdel gopher
	1101	/usr/sbin/userdel nfsnobody
	1102
	1103	## (LNX00360: CAT II) (Previously â L032) The SA will enable the X server
	1104	## âaudit (at level 4) and âs option (with 15 minutes as the timeout time)
	1105	## options.
	1106	cat <<-EOF >> /etc/gdm/custom.conf
	1107	[server-Standard]
	1108	name=Standard server
	1109	command=/usr/bin/Xorg -br -audit 4 -s 15
	1110	flexible=true
	1111	EOF
	1112
	1113	## (LNX00400: CAT II) (Previously â L044) The SA will ensure the owner of the
	1114	## /etc/login.access or /etc/security/access.conf file is root.
	1115	chown root /etc/security/access.conf
	1116
	1117	## (LNX00420: CAT II) (Previously â L045) The SA will ensure the group owner
	1118	## of the /etc/login.access or /etc/security/access.conf file is root.
	1119	chgrp root /etc/security/access.conf
	1120
	1121	## (LNX00440: CAT II) (Previously â L046) The SA will ensure /etc/login.access
	1122	## or /etc/security/access.conf file will be 640, or more restrictive.
	1123	chmod 640 /etc/security/access.conf
	1124
	1125	## (LNX00480: CAT II) (Previously â L204) The SA will ensure the owner of the
	1126	## /etc/sysctl.conf file is root.
	1127	chown root /etc/sysctl.conf
	1128
	1129	## (LNX00500: CAT II) (Previously â L206) The SA will ensure the group owner
	1130	## of the /etc/sysctl.conf file is root.
	1131	chgrp root /etc/sysctl.conf
	1132
	1133	## (LNX00520: CAT II) (Previously â L208) The SA will ensure the
	1134	## /etc/sysctl.conf file has permissions of 600, or more restrictive.
	1135	chmod 600 /etc/sysctl.conf
	1136
	1137	## (LNX00580: CAT I) (Previously â L222) The SA will disable the
	1138	## Ctrl-Alt-Delete sequence unless the system is located in a controlled
	1139	## access area accessible only by SAs.
	1140	sed -i "s/ca\:\:ctrlaltdel/\#ca\:\:ctrlaltdel/" /etc/inittab
	1141
	1142	## (LNX00620: CAT II) The SA will ensure the group owner of the /etc/securetty
	1143	## file is root, sys, or bin.
	1144	chgrp root /etc/securetty
	1145
	1146	## (LNX00640: CAT II) The SA will ensure the owner of the /etc/securetty file
	1147	## is root.
	1148	chown root /etc/securetty
	1149
	1150	## (LNX00660: CAT II) The SA will ensure the /etc/securetty file has
	1151	## permissions of 640, or more restrictive.
	1152	chmod 640 /etc/securetty
	1153
	1154
	1155
	1156
	1157	##########################################################################
	1158	# DCID 6/3 PL4
	1159	##########################################################################
	1160
	1161	## 4.B.4 Protection Level 4
	1162
	1163	# 4.B.4.a(1)
	1164	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1165
	1166	# 4.B.4.a(1)(a)
	1167	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1168
	1169	# 4.B.4.a(1)(b)
	1170	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1171
	1172
	1173	# 4.B.4.a(2)
	1174	# KickStart Actions: All ext3 file systmes have been mounted with the ACL
	1175	# setting to allow for a finer granualrity of DAC.
	1176	# (See: getfacl and setfacl man pages).
	1177	# Create ACL and other security features during
	1178	# the mounting of each file system (/etc/fstab).
	1179
	1180	# Implemented in GEN002420
	1181
	1182
	1183	# 4.B.4.a(3)
	1184	# KickStart Actions: None - CLIP policy specific
	1185
	1186
	1187	# 4.B.4.a(4)
	1188	# KickStart Actions:
	1189
	1190	# 4.B.4.a(4)(a)
	1191	# KickStart Actions:
251	1192
252		echo "Installing $REFPOL_RPM"
253		$RPM $RPM_OPTS2 $REFPOL_RPM
254		if [ $? -ne 0 ]; then
255		echo "Installation of $REFPOL_RPM failed. Terminating."
256		exit 1
257		fi
258		}
259
260
261
262		while [ ! -z $1 ]
263		do
264		case "$1" in
265		-i) INSTALL="TRUE";;
266		*) break::
267		esac
268		shift
269		done
270
271		if [ x$INSTALL = "xTRUE" ]; then
272		#some sanity checks:
273		if [ -z $UID ]; then
274		UID=$($ID -u)
275		fi
	1193	# 4.B.4.a(4)(b)
	1194	# KickStart Actions:
	1195
	1196	# 4.B.4.a(4)(c)
	1197	# KickStart Actions:
	1198
	1199	# 4.B.4.a(4)(d)
	1200	# KickStart Actions:
	1201
	1202	# 4.B.4.a(4)(e)
	1203	# KickStart Actions:
	1204
	1205	# 4.B.4.a(4)(e)1.
	1206	# KickStart Actions:
276	1207
277		if [ $UID -ne 0 ]; then
278		echo "Must be root to install."
279		exit 1
280		fi
281		if [ x$ARCH != x$ARCH_32 ] && [ x$ARCH != x$ARCH_64 ]; then
282		echo "Couldn't determine machine arcitecture from $UNAME -i. Terminating."
283		exit 1
284		fi
285		download
286		check
287		inst
288		echo "$CLIP_RPM and $REFPOL_RPM successfully downloaded and installed."
289		exit 0
290		else
291		echo -e $USAGE
292		exit 0
293		fi
294		EOF
295		chmod +x $out_file_path/$out_file
	1208	# 4.B.4.a(4)(e)2.
	1209	# KickStart Actions:
	1210
	1211
	1212	# 4.B.4.a(5)
	1213	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1214
	1215	# 4.B.4.a(5)(a)
	1216	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1217
	1218	# 4.B.4.a(5)(b)
	1219	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1220
	1221	# 4.B.4.a(5)(c)
	1222	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1223
	1224	# 4.B.4.a(5)(d)
	1225	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1226
	1227	#(FOUO)
	1228	#4.B.4.a(5)(e)
	1229	#KickStart Actions: None - PROCEDURAL REQUIREMENT
	1230
	1231
	1232
	1233	# 4.B.4.a(6)
	1234	# KickStart Actions: None
	1235
	1236	# 4.B.4.a(6)(a)
	1237	# KickStart Actions: None
	1238
	1239	# 4.B.4.a(6)(b)
	1240	# KickStart Actions: Reset the permissions of /etc/syslog.conf to 640 and set
	1241	# /var/{run,log}/{wtmp,utmp} files to 664.
	1242
	1243	# Implemented in GEN001260
	1244	# Implemented in GEN005400
	1245	# Implemented in GEN005420
	1246	# Implemented in GEN004500
	1247	# Implemented in GEN004480
	1248	# Implemented in GEN003180
	1249
	1250
	1251	# 4.B.4.a(6)(c)
	1252	# KickStart Actions: Log rotation to 90 days (12 weeks) and turn compression on.
	1253	# This will have to up'd if system does not retain backups
	1254	# for 5 years (e.g., tape backup).
	1255
	1256	# Implemented in GEN002860
	1257
	1258	# 4.B.4.a(6)(d)
	1259	# KickStart Actions: Turn on the Audit Daemon and set permissions
	1260
	1261	# Implemented in GEN002660
	1262	# Implemented in GEN002680
	1263	# Implemented in GEN002700
	1264
	1265	# 4.B.4.a(6)(d)(1)
	1266	# KickStart Actions: None, This is met with the /var/log/wtmp and
	1267	# /var/log/utmp files. Permissions have been set
	1268	# correctly above.
	1269	# See Section 4.B.4.a(6)(d)(2)
	1270
	1271	# 4.B.4.a(6)(d)(2)
	1272	# KickStart Actions: This will require refinement.
	1273	# Commented rules do not insert w/o an error.
	1274
	1275	# Implemented in GEN002720
	1276	# Implemented in GEN002740
	1277	# Implemented in GEN002760
	1278	# Implemented in GEN002780
	1279	# Implemented in GEN002800
	1280	# Implemented in GEN002820
	1281	# Implemented in GEN002840
	1282
	1283	# 4.B.4.a(6)(d)(3)
	1284	# KickStart Actions: All authentication attemps will be monitored
	1285	# in /var/log/messages.
	1286
	1287	# Implemented in GEN003660
	1288	# Implemented in GEN000440
	1289	# Implemented in GEN004440
	1290
	1291	# 4.B.4.a(7)
	1292	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1293
	1294	# 4.B.4.a(8)
	1295	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1296
	1297	# 4.B.4.a(8)(a)
	1298	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1299
	1300	# 4.B.4.a(8)(b)
	1301	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1302
	1303	# 4.B.4.a(9)
	1304	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1305
	1306	# 4.B.4.a(9)(a)
	1307	# KickStart Actions:
	1308
	1309	# 4.B.4.a(9)(b)
	1310	# KickStart Actions: POLICY
	1311
	1312	# 4.B.4.a(9)(c)
	1313	# KickStart Actions:
	1314
	1315	# 4.B.4.a(9)(d)
	1316	# KickStart Actions:
	1317
	1318	# 4.B.4.a(10)
	1319	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1320
	1321	# 4.B.4.a(10)(a)
	1322	# KickStart Actions:
	1323
	1324	# 4.B.4.a(10)(b)
	1325	# KickStart Actions:
	1326
	1327	# 4.B.4.a(11)
	1328	# KickStart Actions: None
	1329
	1330	# 4.B.4.a(11)(a)
	1331	# KickStart Actions: None
	1332
	1333	# 4.B.4.a(11)(b)
	1334	# KickStart Actions: None
	1335
	1336	# 4.B.4.a(11)(c)
	1337	# KickStart Actions: The following item have been set to meet this policy.
	1338	# Note:
	1339	# Investigating using PAM for preventing 10 recent passwords- doesn't appear
	1340	# to be easily done using pam_passwdqc
	1341
	1342	# Implemented in GEN000580
	1343	# Implemented in GEN000600
	1344
	1345	# 4.B.4.a(11)(d)
	1346	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1347
	1348	# 4.B.4.a(11)(e)
	1349	# KickStart Actions: Change the password expiration time from undefined to 60 days.
	1350	# Users cannot change passwords more than once a day.
	1351
	1352	# Implemented in GEN000700
	1353	# Implemented in GEN000540
	1354
	1355	# 4.B.4.a(11)(f)
	1356	# KickStart Actions: opasswd file creation in /etc/security/opasswd
	1357	# for non-replication.
	1358
	1359	# Implemented in GEN000800
	1360
	1361	# 4.B.4.a(11)(g)
	1362	# KickStart Actions: Additional I&A Security.
	1363	# Protection of authenticators to perserve confidentiality and
	1364	# integrity. Red Hat encrypts authenticators using the MD5
	1365	# Message Digest.
	1366
	1367	# Implemented in GEN001380
	1368	# Implemented in GEN001400
	1369	# Implemented in GEN001420
	1370	# Implemented in GEN000560
	1371
	1372	# 4.B.4.a(12)
	1373	# KickStart Actions: See 4.B.4.a(9)(c); specifically passwdqc
	1374
	1375
	1376	# 4.B.4.a(13)
	1377	# KickStart Actions: By default ssh uses Triple DES. This script will edit
	1378	# the /etc/ssh/ssh_config file to use stronger encryption.
	1379	# AES with 256-bit key Cycpher Block Chaining
	1380
	1381	# Implemented in GEN005500
	1382
	1383
	1384	# 4.B.4.a(14)
	1385	# KickStart Actions: None
	1386
	1387	# 4.B.4.a(14)(a)
	1388	# KickStart Actions:
	1389
	1390	# 4.B.4.a(14)(b)
	1391	# KickStart Actions:
	1392
	1393
	1394	# 4.B.4.a(15)
	1395	# KickStart Actions:
	1396
	1397	# 4.B.4.a(15)(a)
	1398	# KickStart Actions:
	1399
	1400	# 4.B.4.a(15)(b)
	1401	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1402
	1403	# 4.B.4.a(15)(c)
	1404	# KickStart Actions:
	1405
	1406	# 4.B.4.a(15)(d)
	1407	# KickStart Actions:
	1408
	1409	# 4.B.4.a(15)(e)
	1410	# KickStart Actions:
	1411
	1412
	1413	# 4.B.4.a(16)
	1414	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1415
	1416
	1417	# 4.B.4.a(17)
	1418	# KickStart Actions: Restrict Root Logins and Least Privilege Enhancements.
	1419
	1420	# Implemented in GEN000020
	1421
	1422
	1423	# 4.B.4.a(18)
	1424	# KickStart Actions: None
	1425
	1426
	1427	# 4.B.4.a(19)
	1428	# KickStart Actions: Centralized Time
	1429
	1430
	1431	# 4.B.4.a(20)
	1432	# KickStart Actions: None
	1433
	1434
	1435	# 4.B.4.a(21)
	1436	# KickStart Actions: None
	1437
	1438	# 4.B.4.a(21)(a)
	1439	# KickStart Actions: Interactive Shell setting here.
	1440	# Gnome screen-saver line command tool --> needs to be tested.
	1441	# gconftool-2 --direct \
	1442	# --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
	1443	# --type int \
	1444	# --set /apps/gnome-screensaver/idle_delay 15
	1445
	1446	# 4.B.4.a(21)(b)
	1447	# KickStart Actions: None
	1448
	1449	# 4.B.4.a(21)(c)
	1450	# KickStart Actions: None
	1451
	1452
	1453	# 4.B.4.a(22)
	1454	# KickStart Actions: None
	1455
	1456
	1457	# 4.B.4.a(23)
	1458	# KickStart Actions: None
	1459
	1460	# 4.B.4.a(23)(a)
	1461	# KickStart Actions: See Section 4.B.4.a(23)(b)
	1462
	1463	# 4.B.4.a(23)(b)
	1464	# KickStart Actions: Banner Settings
	1465
	1466	# Implemented in GEN000400
	1467
	1468	# 4.B.4.a(24)
	1469	# KickStart Actions: None
	1470
	1471	# 4.B.4.a(24)(a)
	1472	# KickStart Actions: None
	1473
	1474	# 4.B.4.a(24)(b)
	1475	# KickStart Actions: Set an inactive shell timeout - likely going away in March STIG
	1476
	1477	# Implemented in GEN000500
	1478
	1479	# 4.B.4.a(24)(c)
	1480	# KickStart Actions: None
	1481
	1482	# Implemented in GEN000460
	1483	# Implemented in GEN000480
	1484
	1485	# 4.B.4.a(24)(d)
	1486	# KickStart Actions: None
	1487
	1488	# 4.B.4.a(25)
	1489	# KickStart Actions: None
	1490
	1491	# 4.B.4.a(25)(a)
	1492	# KickStart Actions: None
	1493
	1494	# 4.B.4.a(25)(b)
	1495	# KickStart Actions: None
	1496
	1497	# 4.B.4.a(25)(c)
	1498	# KickStart Actions: None
	1499
	1500	# 4.B.4.a(25)(d)
	1501	# KickStart Actions: None - Will need to down load an encryption package like "secret agent"
	1502
	1503
	1504	# 4.B.4.a(26)
	1505	# KickStart Actions: None
	1506
	1507	# 4.B.4.a(26)(a)
	1508	# KickStart Actions: None
	1509
	1510	# 4.B.4.a(26)(a)(1)
	1511	# KickStart Actions: None
	1512
	1513	# 4.B.4.a(26)(a)(2)
	1514	# KickStart Actions: None
	1515
	1516	# 4.B.4.a(26)(a)(3)
	1517	# KickStart Actions:
	1518
	1519	# Implemented in GEN005500
	1520
	1521	# 4.B.4.a(26)(a)(4)
	1522	# KickStart Actions: None
	1523
	1524	# 4.B.4.a(26)(b)
	1525	# KickStart Actions: None
	1526
	1527
	1528	# 4.B.4.a(27)
	1529	# KickStart Actions:
	1530
	1531
	1532
	1533
	1534	### DCID 6/3 PL4
	1535	# 4.B.4 Protection Level 4
	1536
	1537	# 4.B.4.b -- Requirements for system assurance at PL4
	1538	# KickStart Actions: None
	1539
	1540	# 4.B.4.b(1)
	1541	# KickStart Actions:
	1542
	1543	# 4.B.4.b(2)
	1544	# KickStart Actions: None
	1545
	1546	# 4.B.4.b(2)(a)
	1547	# KickStart Actions: None
	1548
	1549	# 4.B.4.b(2)(b)
	1550	# KickStart Actions: None
	1551
	1552	# 4.B.4.b(3)
	1553	# KickStart Actions: None
	1554
	1555	# 4.B.4.b(4)
	1556	# KickStart Actions: None
	1557
	1558	# 4.B.4.b(4)(a)
	1559	# KickStart Actions: None
	1560
	1561	# 4.B.4.b(4)(b)
	1562	# KickStart Actions: None
	1563
	1564	# 4.B.4.b(4)(c)
	1565	# KickStart Actions: None
	1566
	1567	# 4.B.4.b(4)(d)
	1568	# KickStart Actions: None
	1569
	1570	# 4.B.4.b(5)
	1571	# KickStart Actions: None
	1572
	1573	# 4.B.4.b(5)(a)
	1574	# KickStart Actions: Expected Operations
	1575
	1576	# Implemented in GEN003600
	1577	# Implemented in GEN003700
	1578	# Implemented in GEN003740
	1579	# Implemented in GEN003860
	1580	# Implemented in GEN003960
	1581	# Implemented in GEN003980
	1582	# Implemented in GEN004000
	1583	# Implemented in GEN005600
	1584
	1585	# 4.B.4.b(5)(b)
	1586	# KickStart Actions: Actions Listed Below
	1587
	1588	# Implemented in GEN000920
	1589	# Implemented in GEN000980
	1590	# Implemented in GEN001020
	1591	# Implemented in GEN001080
	1592	# Implemented in GEN001120
	1593	# Implemented in GEN001280
	1594	# Implemented in GEN001460
	1595	# Implemented in GEN001560
	1596	# Implemented in GEN001580
	1597	# Implemented in GEN001620
	1598	# Implemented in GEN001660
	1599	# Implemented in GEN001680
	1600	# Implemented in GEN001720
	1601	# Implemented in GEN001740
	1602	# Implemented in GEN001760
	1603	# Implemented in GEN001780
	1604	# Implemented in GEN001800
	1605	# Implemented in GEN001820
	1606	# Implemented in GEN002040
	1607	# Implemented in GEN002120
	1608	# Implemented in GEN002160
	1609	# Implemented in GEN002180
	1610	# Implemented in GEN002200
	1611	# Implemented in GEN002220
	1612	# Implemented in GEN002320
	1613	# Implemented in GEN002340
	1614	# Implemented in GEN002360
	1615	# Implemented in GEN002560
	1616	# Implemented in GEN002640
	1617	# Implemented in GEN002980
	1618	# Implemented in GEN003040
	1619	# Implemented in GEN003060
	1620	# Implemented in GEN003080
	1621	# Implemented in GEN003100
	1622	# Implemented in GEN003120
	1623	# Implemented in GEN003140
	1624	# Implemented in GEN003200
	1625	# Implemented in GEN003240
	1626	# Implemented in GEN003260
	1627	# Implemented in GEN003300
	1628	# Implemented in GEN003320
	1629	# Implemented in GEN003340
	1630	# Implemented in GEN003400
	1631	# Implemented in GEN003420
	1632	# Implemented in GEN003460
	1633	# Implemented in GEN003480
	1634	# Implemented in GEN003500
	1635	# Implemented in GEN003520
	1636	# Implemented in GEN003760
	1637	# Implemented in GEN003780
	1638	# Implemented in GEN004360
	1639	# Implemented in GEN004380
	1640	# Implemented in GEN004540
	1641	# Implemented in GEN004560
	1642	# Implemented in GEN004580
	1643	# Implemented in GEN004640
	1644	# Implemented in GEN004880
	1645	# Implemented in GEN004900
	1646	# Implemented in GEN004920
	1647	# Implemented in GEN004940
	1648	# Implemented in GEN005000
	1649	# Implemented in GEN005360
	1650	# Implemented in GEN005740
	1651	# Implemented in GEN005760
	1652	# Implemented in GEN006100
	1653	# Implemented in GEN006120
	1654	# Implemented in GEN006140
	1655	# Implemented in GEN006160
	1656	# Implemented in GEN006180
	1657	# Implemented in GEN006200
	1658	# Implemented in GEN006260
	1659	# Implemented in GEN006280
	1660	# Implemented in GEN006300
	1661	# Implemented in GEN006320
	1662	# Implemented in GEN006340
	1663	# Implemented in GEN006360
	1664	# Implemented in GEN006520
	1665	# Implemented in GEN006620
	1666	# Implemented in LNX00160
	1667	# Implemented in LNX00220
	1668	# Implemented in LNX00320
	1669	# Implemented in LNX00340
	1670	# Implemented in LNX00360
	1671	# Implemented in LNX00400
	1672	# Implemented in LNX00420
	1673	# Implemented in LNX00440
	1674	# Implemented in LNX00480
	1675	# Implemented in LNX00500
	1676	# Implemented in LNX00520
	1677	# Implemented in LNX00580
	1678	# Implemented in LNX00620
	1679	# Implemented in LNX00640
	1680	# Implemented in LNX00660
	1681
	1682	# 4.B.4.b(6)
	1683	# KickStart Actions: None
	1684
	1685	# 4.B.4.b(6)(a)
	1686	# KickStart Actions: None
	1687
	1688	# 4.B.4.b(6)(b)
	1689	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1690
	1691
	1692	# 4.B.4.b(7)
	1693	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1694
	1695	# 4.B.4.b(7)(a)
	1696	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1697
	1698	# 4.B.4.b(7)(b)
	1699	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1700
	1701	# 4.B.4.b(8)
	1702	# KickStart Actions:
	1703
	1704
	1705	# 4.B.4.b(9)
	1706	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1707
	1708
	1709	# 4.B.4.b(10)
	1710	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1711
	1712	# 4.B.4.b(10)(a)
	1713	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1714
	1715	# 4.B.4.b(10)(b)
	1716	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1717
	1718	# 4.B.4.b(10)(b)(1)
	1719	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1720
	1721	# 4.B.4.b(10)(b)(2)
	1722	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1723
	1724	# 4.B.4.b(10)(b)(3)
	1725	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1726
	1727	# 4.B.4.b(11)
	1728	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1729
	1730	# 4.B.4.b(11)(a)
	1731	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1732
	1733	# 4.B.4.b(11)(b)
	1734	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1735
	1736
	1737	##########################################################################
	1738	# Integrity System Security Features and Assurances (HIGH Integrity)
	1739
	1740	# 5.B.3.a(1)
	1741	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1742
	1743	# 5.B.3.a(1)(a)
	1744	# KickStart Actions: None
	1745
	1746	# 5.B.3.a(1)(b)
	1747	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1748
	1749	# 5.B.3.a(1)(c)
	1750	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1751
	1752	# 5.B.3.a(1)(d)
	1753	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1754
	1755	# 5.B.3.a(2)
	1756	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1757
	1758	# 5.B.3.a(2)(a)
	1759	# KickStart Actions: None
	1760
	1761	# 5.B.3.a(2)(b)
	1762	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1763
	1764	# 5.B.3.a(2)(b)(1)
	1765	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1766
	1767	# 5.B.3.a(2)(b)(2)
	1768	# KickStart Actions:
	1769
	1770	# 5.B.3.a(3)
	1771	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1772
	1773	# 5.B.3.a(3)(a)
	1774	# KickStart Actions: None
	1775
	1776	# 5.B.3.a(3)(b)
	1777	# KickStart Actions: None
	1778
	1779	# 5.B.3.a(4)
	1780	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1781
	1782	# 5.B.3.a(4)(a)
	1783	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1784
	1785	# 5.B.3.a(4)(b)
	1786	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1787
	1788	# 5.B.3.a(5)
	1789	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1790
	1791	# 5.B.3.a(5)(a)
	1792	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1793
	1794	# 5.B.3.a(5)(a)(1)
	1795	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1796
	1797	# 5.B.3.a(5)(a)(2)
	1798	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1799
	1800	# 5.B.3.a(5)(a)(3)
	1801	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1802
	1803	# 5.B.3.a(5)(b)
	1804	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1805
	1806	# 5.B.3.a(6)
	1807	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1808
	1809	# 5.B.3.a(6)(a)
	1810	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1811
	1812	# 5.B.3.a(6)(b)
	1813	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1814
	1815	# 5.B.3.a(6)(c)
	1816	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1817
	1818	# 5.B.3.a(7)
	1819	# KickStart Actions: None
	1820
	1821	# 5.B.3.a(8)
	1822	# KickStart Actions: None
	1823
	1824	# 5.B.3.a(9)
	1825	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1826
	1827	# 5.B.3.a(10)
	1828	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1829
	1830	# 5.B.3.a(11)
	1831	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1832
	1833	# 5.B.3.a(11)(a)
	1834	# KickStart Actions: None
	1835
	1836	# 5.B.3.a(11)(b)
	1837	# KickStart Actions: None
	1838
	1839	# 5.B.3.b
	1840	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1841
	1842	# 5.B.3.b(1)
	1843	# KickStart Actions: None
	1844
	1845	# 5.B.3.b(2)
	1846	# KickStart Actions: None
	1847
	1848	# 5.B.3.b(3)
	1849	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1850
	1851	# 5.B.3.b(4)
	1852	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1853
	1854
	1855	###############################################################################
	1856	# Availability System Security Features and Assurances (HIGH Availability)
	1857
	1858	# 6.B.3.a(1)
	1859	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1860
	1861	# 6.B.3.a(2)
	1862	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1863
	1864	# 6.B.3.a(2)(a)
	1865	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1866
	1867	# 6.B.3.a(2)(b)
	1868	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1869
	1870	# 6.B.3.a(2)(c)
	1871	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1872
	1873	# 6.B.3.a(2)(d)
	1874	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1875
	1876	# 6.B.3.a(3)
	1877	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1878
	1879	# 6.B.3.a(3)(a)
	1880	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1881
	1882	# 6.B.3.a(3)(b)
	1883	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1884
	1885	# 6.B.3.a(3)(c)
	1886	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1887
	1888	# 6.B.3.a(3)(d)
	1889	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1890
	1891	# 6.B.3.a(4)
	1892	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1893
	1894	# 6.B.3.a(4)(a)
	1895	# KickStart Actions: None
	1896
	1897	# 6.B.3.a(4)(b)
	1898	# KickStart Actions: None
	1899
	1900	# 6.B.3.a(5)
	1901	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1902
	1903	# 6.B.3.a(6)
	1904	# KickStart Actions: None
	1905
	1906	# 6.B.3.a(7)
	1907	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1908
	1909	# 6.B.3.a(7)(a)
	1910	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1911
	1912	# 6.B.3.a(7)(b)
	1913	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1914
	1915	# 6.B.3.a(7)(c)
	1916	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1917
	1918	# 6.B.3.a(8)
	1919	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1920
	1921	# 6.B.3.a(9)
	1922	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1923
	1924	# 6.B.3.a(10)
	1925	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1926
	1927	# 6.B.3.a(11)
	1928	# KickStart Actions: None
	1929
	1930	# 6.B.3.a(12)
	1931	# KickStart Actions: None
	1932
	1933	# 6.B.3.b
	1934	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1935
	1936	# 6.B.3.b(1)
	1937	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1938
	1939	# 6.B.3.b(2)
	1940	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1941
	1942	# 6.B.3.b(2)(a)
	1943	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1944
	1945	# 6.B.3.b(2)(b)
	1946	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1947
	1948	# 6.B.3.b(3)
	1949	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1950
	1951
	1952
	1953	##########################################################################
	1954	# Requirements for Interconnected Information Systems and Advanced Technologies
	1955	#
	1956
	1957	# 7.A.1.a
	1958	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1959
	1960	# 7.A.1.b
	1961	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1962
	1963	# 7.A.2
	1964	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1965
	1966	# 7.A.3
	1967	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1968
	1969	# 7.A.4
	1970	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1971
	1972	# 7.B.1.a(1)
	1973	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1974
	1975	# 7.B.1.a(2)
	1976	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1977
	1978	# 7.B.1.a(3)
	1979	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1980
	1981	# 7.B.2.a(1)
	1982	# KickStart Actions: None
	1983
	1984	# 7.B.2.a(2)
	1985	# KickStart Actions: None
	1986
	1987	# 7.B.2.a(3)
	1988	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1989
	1990	# 7.B.2.b
	1991	# KickStart Actions: None
	1992
	1993	# 7.B.2.c
	1994	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	1995
	1996	# 7.B.2.d
	1997	# KickStart Actions: None
	1998
	1999	# 7.B.2.e
	2000	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2001
	2002	# 7.B.2.f
	2003	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2004
	2005	# 7.B.2.g
	2006	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2007
	2008	# 7.B.2.h
	2009	# KickStart Actions: None
	2010
	2011	# Implemented in GEN000980
	2012	# Implemented in GEN002720
	2013	# Implemented in GEN002740
	2014	# Implemented in GEN002780
	2015	# Implemented in GEN003660
	2016
	2017	# 7.B.2.i(1)
	2018	# KickStart Actions: None
	2019
	2020	# Implemented in GEN006620
	2021
	2022	# 7.B.2.i(2)
	2023	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2024
	2025	# 7.B.2.i(3)(a)
	2026	# KickStart Actions: None - DEVELOPMENT Requirement
	2027
	2028	# 7.B.2.i(3)(b)
	2029	# KickStart Actions: None - DEVELOPMENT AND PROCEDURAL REQUIREMENTS
	2030
	2031	# 7.B.2.i(4)
	2032	# KickStart Actions: None
	2033
	2034	# Implemented in GEN000980
	2035
	2036	# 7.B.2.i(5)
	2037	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2038
	2039	# 7.B.2.i(6)
	2040	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2041
	2042	# 7.B.3.a(1)
	2043	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2044
	2045	# 7.B.3.a(2)
	2046	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2047
	2048	# 7.B.3.b(1)
	2049	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2050
	2051	# 7.B.3.b(2)
	2052	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2053
	2054	# 7.B.3.c
	2055	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2056
	2057	# 7.B.3.d(1)
	2058	# KickStart Actions:
	2059
	2060	# 7.B.3.d(2)
	2061	# KickStart Actions:
	2062
	2063	# 7.B.3.d(3)
	2064	# KickStart Actions:
	2065
	2066	# 7.B.3.d(4)
	2067	# KickStart Actions:
	2068
	2069	# 7.B.3.d(5)
	2070	# KickStart Actions:
	2071
	2072	# 7.B.3.d(6)
	2073	# KickStart Actions:
	2074
	2075	# 7.B.3.e
	2076	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2077
	2078	# 7.B.3.f(1)
	2079	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2080
	2081	# 7.B.3.f(2)
	2082	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2083
	2084	# 7.B.3.g
	2085	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2086
	2087	# 7.B.4.a
	2088	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2089
	2090	# 7.B.4.b(1)
	2091	# KickStart Actions:
	2092
	2093	# 7.B.4.b(2)
	2094	# KickStart Actions:
	2095
	2096	# 7.B.4.b(3)
	2097	# KickStart Actions:
	2098
	2099	# 7.B.4.b(4)
	2100	# KickStart Actions:
	2101
	2102	# 7.B.4.b(5)
	2103	# KickStart Actions:
	2104
	2105	# 7.B.4.b(6)
	2106	# KickStart Actions:
	2107
	2108	# 7.B.4.b(7)
	2109	# KickStart Actions:
	2110
	2111	# 7.B.4.c
	2112	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2113
	2114	# 7.C.1.a
	2115	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2116
	2117	# 7.C.1.b
	2118	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2119
	2120	# 7.C.1.c
	2121	# KickStart Actions:
	2122
	2123	# 7.C.2.a
	2124	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2125
	2126	# 7.C.2.a(1)
	2127	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2128
	2129	# 7.C.2.a(2)
	2130	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2131
	2132	# 7.C.2.a(3)
	2133	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2134
	2135	# 7.C.2.b
	2136	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2137
	2138	# 7.D.2.a
	2139	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2140
	2141	# 7.D.2.b
	2142	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2143
	2144	# 7.D.2.c
	2145	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2146
	2147	# 7.D.2.d
	2148	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2149
	2150	# 7.D.2.e
	2151	# KickStart Actions:
	2152
	2153	# 7.D.3.a
	2154	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2155
	2156	# 7.D.3.b(1)
	2157	# KickStart Actions: None - PROCEDURAL REQUIREMENT
	2158
	2159	# 7.D.3.b(2)
	2160	# KickStart Actions:
	2161
	2162	# 7.D.3.b(3)
	2163	# KickStart Actions:
	2164
	2165
	2166
	2167
	2168
	2169	##########################################################################
	2170	# CNSS-SCC
	2171	##########################################################################
	2172
	2173
	2174	###################################
	2175	# Access Control
	2176
	2177	# AC-1: Access Control Policy and Procedures
	2178	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2179
	2180	# AC-2: Account Management
	2181	# Kickstart Actions:
	2182
	2183	# AC-2(1)
	2184	# Kickstart Actions:
	2185
	2186	# AC-2(2)
	2187	# Kickstart Actions:
	2188
	2189	# AC-2(3)
	2190	# Kickstart Actions:
	2191
	2192	# AC-2(4)
	2193	# Kickstart Actions:
	2194
	2195	# AC-3: Access Enforcement
	2196	# Kickstart Actions:
	2197
	2198	# AC-3(1)
	2199	# Kickstart Actions:
	2200
	2201	# Implemented in GEN002420
	2202
	2203	# AC-3(2)
	2204	# Kickstart Actions:
	2205
	2206	# AC-3(3)
	2207	# Kickstart Actions:
	2208
	2209	# AC-3(4)
	2210	# Kickstart Actions:
	2211
	2212	# Implemented in GEN001260
	2213	# Implemented in GEN002980
	2214	# Implemented in GEN003200
	2215	# Implemented in GEN003240
	2216	# Implemented in GEN003260
	2217	# Implemented in GEN003960
	2218	# Implemented in GEN003980
	2219	# Implemented in GEN004000
	2220	# Implemented in GEN006520
	2221
	2222	# AC-4: Information Flow Enforcement
	2223	# Kickstart Actions:
	2224
	2225	# AC-4(1)
	2226	# Kickstart Actions:
	2227
	2228	# AC-4(2)
	2229	# Kickstart Actions:
	2230
	2231	# AC-4(3)
	2232	# Kickstart Actions:
	2233
	2234	# AC-5: Separation of Duties
	2235	# Kickstart Actions:
	2236
	2237	# AC-6: Least Privilege
	2238	# Kickstart Actions:
	2239
	2240	# AC-6(1)
	2241	# Kickstart Actions:
	2242
	2243	# AC-7: Unsuccessful Login Attempts
	2244	# Kickstart Actions:
	2245
	2246	# AC-7(1)
	2247	# Kickstart Actions:
	2248
	2249	# Implemented in GEN000460
	2250	# Implemented in GEN000480
	2251
	2252	# AC-7(2)
	2253	# Kickstart Actions:
	2254
	2255	# AC-8: System Use Notification
	2256	# Kickstart Actions:
	2257
	2258	# Implemented in GEN000400
	2259
	2260	# AC-9: Previous Logon Notification
	2261	# Kickstart Actions:
	2262
	2263	# AC-9(1)
	2264	# Kickstart Actions:
	2265
	2266	# AC-10: Concurrent Session Control
	2267	# Kickstart Actions:
	2268
	2269	# AC-11: Session Lock
	2270	# Kickstart Actions:
	2271
	2272	# AC-11(1)
	2273	# Kickstart Actions:
	2274
	2275	# Implemented in GEN000500
	2276
	2277	# AC-12: Session Termination
	2278	# Kickstart Actions:
	2279
	2280	# AC-12(1)
	2281	# Kickstart Actions:
	2282
	2283	# Implemented in GEN000500
	2284
	2285	# AC-12(2)
	2286	# Kickstart Actions:
	2287
	2288	# AC-13: Supervision and ReviewâAccess Control
	2289	# Kickstart Actions:
	2290
	2291	# AC-13(1)
	2292	# Kickstart Actions:
	2293
	2294	# AC-14: Permitted Actions without Identification or Authentication
	2295	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2296
	2297	# AC-14(1)
	2298	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2299
	2300	# AC-15: Automated Marking
	2301	# Kickstart Actions:
	2302
	2303	# AC-15(1)
	2304	# Kickstart Actions:
	2305
	2306	# AC-16: Automated Labeling
	2307	# Kickstart Actions: None
	2308
	2309	# AC-16(1)
	2310	# Kickstart Actions:
	2311
	2312	# AC-16(2)
	2313	# Kickstart Actions:
	2314
	2315	# AC-17: Remote Access
	2316	# Kickstart Actions:
	2317
	2318	# AC-17(1)
	2319	# Kickstart Actions:
	2320
	2321	# AC-17(2)
	2322	# Kickstart Actions:
	2323
	2324	# Implemented in GEN005500
	2325
	2326	# AC-17(3)
	2327	# Kickstart Actions:
	2328
	2329	# AC-17(4)
	2330	# Kickstart Actions:
	2331
	2332	# AC-17(5)
	2333	# Kickstart Actions:
	2334
	2335	# Implemented in GEN005500
	2336	# Implemented in GEN006620
	2337
	2338	# AC-17(6)
	2339	# Kickstart Actions:
	2340
	2341	# AC-17(7)
	2342	# Kickstart Actions:
	2343
	2344	# Implemented in GEN001020
	2345	# Implemented in GEN001120
	2346
	2347	# AC-18: Wireless Access Restrictions
	2348	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2349
	2350	# AC-18(1)
	2351	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2352
	2353	# AC-18(2)
	2354	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2355
	2356	# AC-18(3)
	2357	# Kickstart Actions:
	2358
	2359	# AC-18(4)
	2360	# Kickstart Actions:
	2361
	2362	# AC-19: Access Control for Portable and Mobile Devices
	2363	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2364
	2365	# AC-19(1)
	2366	# Kickstart Actions:
	2367
	2368	# AC-20: Use of External Information Systems
	2369	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2370
	2371	# AC-20(1)
	2372	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2373
	2374	# AC-21: Confidentiality of Data at Rest
	2375	# Kickstart Actions:
	2376
	2377	# AC-21(1)
	2378	# Kickstart Actions:
	2379
	2380	# AC-21(2)
	2381	# Kickstart Actions:
	2382
	2383	# AC-21(3)
	2384	# Kickstart Actions:
	2385
	2386	# AC-22: Distinct Level of Access
	2387	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2388
	2389	###################################
	2390	# Awareness and Training
	2391
	2392	# AT-1: Security Awareness and Training Policy and Procedures
	2393	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2394
	2395	# AT-2: Security Awareness
	2396	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2397
	2398	# AT-3: Security Training
	2399	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2400
	2401	# AT-4: Security Training Records
	2402	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2403
	2404	# AT-5: Contacts with Security Groups and Associations
	2405	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2406
	2407
	2408	###################################
	2409	# Audit and Accountability
	2410
	2411	# AU-1: Audit and Accountability Policy and Procedures
	2412	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2413
	2414	# AU-1(1)
	2415	# Kickstart Actions:
	2416
	2417	# AU-2: Auditable Events
	2418	# Kickstart Actions:
	2419
	2420
	2421	# AU-2(1)
	2422	# Kickstart Actions:
	2423
	2424	# Implemented in GEN002660
	2425	# Implemented in GEN002680
	2426	# Implemented in GEN002700
	2427
	2428	# AU-2(2)
	2429	# Kickstart Actions:
	2430
	2431	# AU-2(3)
	2432	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2433
	2434	# AU-2(4)
	2435	# Kickstart Actions:
	2436
	2437	# Implemented in GEN002720
	2438	# Implemented in GEN002740
	2439	# Implemented in GEN002760
	2440	# Implemented in GEN002780
	2441	# Implemented in GEN002800
	2442	# Implemented in GEN002820
	2443	# Implemented in GEN002840
	2444
	2445	# AU-2(5)
	2446	# Kickstart Actions:
	2447
	2448	# AU-2(6)
	2449	# Kickstart Actions:
	2450
	2451	# AU-2(7)
	2452	# Kickstart Actions:
	2453
	2454	# AU-2(8)
	2455	# Kickstart Actions:
	2456
	2457	# AU-2(9)
	2458	# Kickstart Actions:
	2459
	2460	# AU-3: Content of Audit Records
	2461	# Kickstart Actions:
	2462
	2463	# AU-3(1)
	2464	# Kickstart Actions:
	2465
	2466	# AU-3(2)
	2467	# Kickstart Actions:
	2468
	2469	# AU-3(3)
	2470	# Kickstart Actions:
	2471
	2472	# AU-3(4)
	2473	# Kickstart Actions:
	2474
	2475	# AU-3(5)
	2476	# Kickstart Actions:
	2477
	2478	# AU-4: Audit Storage Capacity
	2479	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2480
	2481	# AU-5: Response to Audit Processing Failures
	2482	# Kickstart Actions:
	2483
	2484	# AU-5(1)
	2485	# Kickstart Actions:
	2486
	2487	# AU-5(2)
	2488	# Kickstart Actions:
	2489
	2490	# AU-5(3)
	2491	# Kickstart Actions:
	2492
	2493	# AU-6: Audit Monitoring, Analysis, and Reporting
	2494	# Kickstart Actions:
	2495
	2496	# AU-6(1)
	2497	# Kickstart Actions:
	2498
	2499	# AU-6(2)
	2500	# Kickstart Actions:
	2501
	2502	# AU-6(3)
	2503	# Kickstart Actions:
	2504
	2505	# AU-6(4)
	2506	# Kickstart Actions:
	2507
	2508	# AU-6(5)
	2509	# Kickstart Actions:
	2510
	2511	# AU-7: Audit Reduction and Report Generation
	2512	# Kickstart Actions:
	2513
	2514	# AU-7(1)
	2515	# Kickstart Actions:
	2516
	2517	# AU-7(2)
	2518	# Kickstart Actions:
	2519
	2520	# AU-8: Time Stamps
	2521	# Kickstart Actions:
	2522
	2523	# AU-8(1)
	2524	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2525
	2526	# AU-8(2)
	2527	# Kickstart Actions:
	2528
	2529	# AU-9: Protection of Audit Information
	2530	# Kickstart Actions:
	2531
	2532	# Implemented in GEN002680
	2533	# Implemented in GEN002700
	2534
	2535	# AU-9(1)
	2536	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2537
	2538	# AU-9(2)
	2539	# Kickstart Actions:
	2540
	2541	# AU-10: Non-repudiation
	2542	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2543
	2544	# AU-10(1)
	2545	# Kickstart Actions:
	2546
	2547	# AU-10(2)
	2548	# Kickstart Actions:
	2549
	2550	# AU-10(3)
	2551	# Kickstart Actions:
	2552
	2553	# AU-10(4)
	2554	# Kickstart Actions:
	2555
	2556	# AU-11: Audit Record Retention
	2557	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2558
	2559	# AU-11(1)
	2560	# Kickstart Actions:
	2561
	2562	# AU-11(2)
	2563	# Kickstart Actions:
	2564
	2565	# AU-11(3)
	2566	# Kickstart Actions:
	2567
	2568	# AU-11(4)
	2569	# Kickstart Actions:
	2570
	2571	# AU-12: Session Audit
	2572	# Kickstart Actions:
	2573
	2574	# AU-12(1)
	2575	# Kickstart Actions:
	2576
	2577	# AU-12(2)
	2578	# Kickstart Actions:
	2579
	2580
	2581	###################################
	2582	# Certification, Accreditation, and Security Assessments
	2583
	2584	# CA-1: Certification, Accreditation, and Security Assessment Policies and Procedures
	2585	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2586
	2587	# CA-2: Security Assessments
	2588	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2589
	2590	# CA-3: Information System Connections
	2591	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2592
	2593	# CA-4: Security Certification
	2594	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2595
	2596	# CA-4(1)
	2597	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2598
	2599	# CA-5: Plan of Action and Milestones
	2600	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2601
	2602	# CA-6: Security Accreditation
	2603	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2604
	2605	# CA-7: Continuous Monitoring
	2606	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2607
	2608	# CA-7(1)
	2609	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2610
	2611	# CA-7(2)
	2612	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2613
	2614
	2615	###################################
	2616	# Configuration Management
	2617
	2618	# CM-1: Configuration Management Policy and Procedures
	2619	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2620
	2621	# CM-2: Baseline Configuration
	2622	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2623
	2624	# CM-2(1)
	2625	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2626
	2627	# CM-2(2)
	2628	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2629
	2630	# CM-3: Configuration Change Control
	2631	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2632
	2633	# CM-3(1)
	2634	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2635
	2636	# CM-3(2)
	2637	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2638
	2639	# CM-3(3)
	2640	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2641
	2642	# CM-4: Monitoring Configuration Changes
	2643	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2644
	2645	# CM-5: Access Restrictions for Change
	2646	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2647
	2648	# CM-5(1)
	2649	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2650
	2651	# CM-5(2)
	2652	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2653
	2654	# CM-5(3)
	2655	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2656
	2657	# CM-5(4)
	2658	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2659
	2660	# CM-6: Configuration Settings
	2661	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2662
	2663	# CM-6(1)
	2664	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2665
	2666	# CM-6(2)
	2667	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2668
	2669	# CM-7: Least Functionality
	2670	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2671
	2672	# CM-7(1)
	2673	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2674
	2675	# CM-7(2)
	2676	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2677
	2678	# CM-8: Information System Component Inventory
	2679	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2680
	2681	# CM-8(1)
	2682	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2683
	2684	# CM-8(2)
	2685	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2686
	2687
	2688	###################################
	2689	# Contingency Planning
	2690
	2691	# CP-1: Contingency Planning Policy and Procedures
	2692	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2693
	2694	# CP-1(1)
	2695	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2696
	2697	# CP-2: Contingency Plan
	2698	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2699
	2700	# CP-2(1)
	2701	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2702
	2703	# CP-2(2)
	2704	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2705
	2706	# CP-2(3)
	2707	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2708
	2709	# CP-2(4)
	2710	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2711
	2712	# CP-2(5)
	2713	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2714
	2715	# CP-2(6)
	2716	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2717
	2718	# CP-2(7)
	2719	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2720
	2721	# CP-3: Contingency Training
	2722	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2723
	2724	# CP-3(1)
	2725	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2726
	2727	# CP-3(2)
	2728	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2729
	2730	# CP-4: Contingency Plan Testing and Exercises
	2731	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2732
	2733	# CP-4(1)
	2734	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2735
	2736	# CP-4(2)
	2737	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2738
	2739	# CP-4(3)
	2740	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2741
	2742	# CP-4(4)
	2743	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2744
	2745	# CP-5: Contingency Plan Update
	2746	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2747
	2748	# CP-6: Alternate Storage Site
	2749	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2750
	2751	# CP-6(1)
	2752	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2753
	2754	# CP-6(2)
	2755	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2756
	2757	# CP-6(3)
	2758	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2759
	2760	# CP-6(4)
	2761	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2762
	2763	# CP-6(5)
	2764	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2765
	2766	# CP-6(6)
	2767	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2768
	2769	# CP-7: Alternate Processing Site
	2770	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2771
	2772	# CP-7(1)
	2773	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2774
	2775	# CP-7(2)
	2776	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2777
	2778	# CP-7(3)
	2779	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2780
	2781	# CP-7(4)
	2782	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2783
	2784	# CP-7(5)
	2785	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2786
	2787	# CP-7(6)
	2788	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2789
	2790	# CP-8: Telecommunications Services
	2791	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2792
	2793	# CP-8(1)
	2794	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2795
	2796	# CP-8(2)
	2797	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2798
	2799	# CP-8(3)
	2800	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2801
	2802	# CP-8(4)
	2803	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2804
	2805	# CP-9: Information System Backup
	2806	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2807
	2808	# CP-9(1)
	2809	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2810
	2811	# CP-9(2)
	2812	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2813
	2814	# CP-9(3)
	2815	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2816
	2817	# CP-9(4)
	2818	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2819
	2820	# CP-10: Information System Recovery and Reconstitution Identification and Authentication
	2821	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2822
	2823	# CP-10(1)
	2824	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2825
	2826	# CP-10(2)
	2827	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2828
	2829	# CP-10(3)
	2830	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2831
	2832
	2833	###################################
	2834	# Identification and Authentication
	2835
	2836	# IA-1: Identification and Authentication Policy and Procedures
	2837	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2838
	2839	# IA-2: User Identification and Authentication
	2840	# Kickstart Actions:
	2841
	2842	# Implemented in GEN000540
	2843	# Implemented in GEN000560
	2844	# Implemented in GEN000580
	2845	# Implemented in GEN000600
	2846	# Implemented in GEN000700
	2847	# Implemented in GEN000800
	2848	# Implemented in GEN001380
	2849	# Implemented in GEN001400
	2850	# Implemented in GEN001420
	2851
	2852	# IA-2(1)
	2853	# Kickstart Actions:
	2854
	2855	# IA-2(2)
	2856	# Kickstart Actions:
	2857
	2858	# IA-2(3)
	2859	# Kickstart Actions:
	2860
	2861	# IA-2(4)
	2862	# Kickstart Actions:
	2863
	2864	# IA-2(5)
	2865	# Kickstart Actions:
	2866
	2867	# IA-2(6)
	2868	# Kickstart Actions:
	2869
	2870	# IA-2(7)
	2871	# Kickstart Actions:
	2872
	2873	# IA-2(8)
	2874	# Kickstart Actions:
	2875
	2876	# IA-3: Device Identification and Authentication
	2877	# Kickstart Actions:
	2878
	2879	# IA-3(1)
	2880	# Kickstart Actions:
	2881
	2882	# IA-3(2)
	2883	# Kickstart Actions:
	2884
	2885	# IA-4: Identifier Management
	2886	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2887
	2888	# IA-4(1)
	2889	# Kickstart Actions:
	2890
	2891	# IA-4(2)
	2892	# Kickstart Actions:
	2893
	2894	# IA-4(3)
	2895	# Kickstart Actions:
	2896
	2897	# IA-4(4)
	2898	# Kickstart Actions:
	2899
	2900	# IA-5: Authenticator Management
	2901	# Kickstart Actions:
	2902
	2903	# IA-5(1)
	2904	# Kickstart Actions:
	2905
	2906	# IA-5(2)
	2907	# Kickstart Actions:
	2908
	2909	# IA-5(3)
	2910	# Kickstart Actions:
	2911
	2912	# IA-5(4)
	2913	# Kickstart Actions:
	2914
	2915	# IA-5(5)
	2916	# Kickstart Actions:
	2917
	2918	# IA-6: Authenticator Feedback
	2919	# Kickstart Actions:
	2920
	2921	# IA-7: Cryptographic Module Authentication Incident Response
	2922	# Kickstart Actions:
	2923
	2924
	2925	###################################
	2926	# Incident Response
	2927
	2928	# IR-1: Incident Response Policy and Procedures
	2929	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2930
	2931	# IR-1(1)
	2932	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2933
	2934	# IR-2: Incident Response Training
	2935	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2936
	2937	# IR-2(1)
	2938	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2939
	2940	# IR-2(2)
	2941	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2942
	2943	# IR-3: Incident Response Testing and Exercises
	2944	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2945
	2946	# IR-3(1)
	2947	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2948
	2949	# IR-3(2)
	2950	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2951
	2952	# IR-4: Incident Handling
	2953	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2954
	2955	# IR-4(1)
	2956	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2957
	2958	# IR-5: Incident Monitoring
	2959	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2960
	2961	# IR-5(1)
	2962	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2963
	2964	# IR-6: Incident Reporting
	2965	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2966
	2967	# IR-6(1)
	2968	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2969
	2970	# IR-7: Incident Response Assistance
	2971	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2972
	2973	# IR-7(1)
	2974	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2975
	2976
	2977	###################################
	2978	# Maintenance
	2979
	2980	# MA-1: System Maintenance Policy and Procedures
	2981	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2982
	2983	# MA-2: Controlled Maintenance
	2984	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2985
	2986	# MA-2(1)
	2987	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2988
	2989	# MA-2(2)
	2990	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2991
	2992	# MA-3: Maintenance Tools
	2993	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2994
	2995	# MA-3(1)
	2996	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	2997
	2998	# MA-3(2)
	2999	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3000
	3001	# MA-3(3)
	3002	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3003
	3004	# MA-3(4)
	3005	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3006
	3007	# MA-4: Remote Maintenance
	3008	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3009
	3010	# MA-4(1)
	3011	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3012
	3013	# MA-4(2)
	3014	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3015
	3016	# MA-4(3)
	3017	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3018
	3019	# MA-5: Maintenance Personnel
	3020	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3021
	3022	# MA-6: Timely Maintenance
	3023	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3024
	3025
	3026	###################################
	3027	# Media Protection
	3028
	3029	# MP-1: Media Protection Policy and Procedures
	3030	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3031
	3032	# MP-2: Media Access
	3033	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3034
	3035	# MP-2(1)
	3036	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3037
	3038	# MP-3: Media Labeling
	3039	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3040
	3041	# MP-4: Media Storage
	3042	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3043
	3044	# MP-5: Media Transport
	3045	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3046
	3047	# MP-5(1)
	3048	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3049
	3050	# MP-5(2)
	3051	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3052
	3053	# MP-5(3)
	3054	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3055
	3056	# MP-6: Media Sanitization and Disposal
	3057	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3058
	3059	# MP-6(1)
	3060	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3061
	3062	# MP-6(2)
	3063	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3064
	3065
	3066	###################################
	3067	# Physical and Environmental Protection
	3068
	3069	# PE-1: Physical and Environmental Protection Policy and Procedures
	3070	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3071
	3072	# PE-2: Physical Access Authorizations
	3073	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3074
	3075	# PE-3: Physical Access Control
	3076	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3077
	3078	# PE-3(1)
	3079	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3080
	3081	# PE-4: Access Control for Transmission Medium
	3082	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3083
	3084	# PE-5: Access Control for Display Medium
	3085	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3086
	3087	# PE-6: Monitoring Physical Access
	3088	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3089
	3090	# PE-6(1)
	3091	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3092
	3093	# PE-6(2)
	3094	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3095
	3096	# PE-7: Visitor Control
	3097	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3098
	3099	# PE-7(1)
	3100	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3101
	3102	# PE-8: Access Records
	3103	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3104
	3105	# PE-8(1)
	3106	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3107
	3108	# PE-8(2)
	3109	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3110
	3111	# PE-9: Power Equipment and Power Cabling
	3112	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3113
	3114	# PE-9(1)
	3115	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3116
	3117	# PE-10: Emergency Shutoff
	3118	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3119
	3120	# PE-10(1)
	3121	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3122
	3123	# PE-11: Emergency Power
	3124	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3125
	3126	# PE-11(1)
	3127	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3128
	3129	# PE-11(2)
	3130	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3131
	3132	# PE-12: Emergency Lighting
	3133	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3134
	3135	# PE-13: Fire Protection
	3136	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3137
	3138	# PE-13(1)
	3139	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3140
	3141	# PE-13(2)
	3142	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3143
	3144	# PE-13(3)
	3145	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3146
	3147	# PE-14: Temperature and Humidity Controls
	3148	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3149
	3150	# PE-15: Water Damage Protection
	3151	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3152
	3153	# PE-15(1)
	3154	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3155
	3156	# PE-16: Delivery and Removal
	3157	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3158
	3159	# PE-17: Alternate Work Site
	3160	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3161
	3162	# PE-18: Location of Information System Components
	3163	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3164
	3165	# PE-18(1)
	3166	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3167
	3168	# PE-19: Information Leakage Planning
	3169	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3170
	3171
	3172	###################################
	3173	# Planning
	3174
	3175	# PL-1: Security Planning Policy and Procedures
	3176	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3177
	3178	# PL-2: System Security Plan
	3179	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3180
	3181	# PL-3: System Security Plan Update
	3182	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3183
	3184	# PL-4: Rules of Behavior
	3185	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3186
	3187	# PL-5: Privacy Impact Assessment
	3188	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3189
	3190	# PL-6: Security-Related Activity Planning Personnel Security
	3191	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3192
	3193
	3194	###################################
	3195	# Personnel Security
	3196
	3197	# PS-1: Personnel Security Policy and Procedures
	3198	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3199
	3200	# PS-2: Position Categorization
	3201	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3202
	3203	# PS-3: Personnel Screening
	3204	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3205
	3206	# PS-4: Personnel Termination
	3207	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3208
	3209	# PS-5: Personnel Transfer
	3210	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3211
	3212	# PS-6: Access Agreements
	3213	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3214
	3215	# PS-7: Third-Party Personnel Security
	3216	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3217
	3218	# PS-8: Personnel Sanctions Risk Assessment
	3219	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3220
	3221
	3222	###################################
	3223	# Risk Assessment
	3224
	3225	# RA-1: Risk Assessment Policy and Procedures
	3226	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3227
	3228	# RA-2: Security Categorization
	3229	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3230
	3231	# RA-3: Risk Assessment
	3232	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3233
	3234	# RA-4: Risk Assessment Update
	3235	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3236
	3237	# RA-5: Vulnerability Scanning
	3238	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3239
	3240	# RA-5(1)
	3241	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3242
	3243	# RA-5(2)
	3244	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3245
	3246	# RA-5(3)
	3247	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3248
	3249
	3250	###################################
	3251	# System and Services Acquisition
	3252
	3253	# SA-1: System and Services Acquisition Policy and Procedures
	3254	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3255
	3256	# SA-2: Allocation of Resources
	3257	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3258
	3259	# SA-3: Life Cycle Support
	3260	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3261
	3262	# SA-4: Acquisitions
	3263	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3264
	3265	# SA-4(1)
	3266	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3267
	3268	# SA-4(2)
	3269	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3270
	3271	# SA-5: Information System Documentation
	3272	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3273
	3274	# SA-5(1)
	3275	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3276
	3277	# SA-5(2)
	3278	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3279
	3280	# SA-6: Software Usage Restrictions
	3281	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3282
	3283	# SA-7: User Installed Software
	3284	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3285
	3286	# SA-8: Security Engineering Principles
	3287	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3288
	3289	# SA-9: External Information System Services
	3290	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3291
	3292	# SA-10: Developer Configuration Management
	3293	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3294
	3295	# SA-11: Developer Security Testing
	3296	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3297
	3298
	3299	###################################
	3300	# System and Communications Protection
	3301
	3302	# SC-1: System and Communications Protection Policy and Procedures
	3303	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3304
	3305	# SC-1(1)
	3306	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3307
	3308	# SC-2: Application Partitioning
	3309	# Kickstart Actions:
	3310
	3311	# SC-3: Security Function Isolation
	3312	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3313
	3314	# SC-3(1)
	3315	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3316
	3317	# SC-3(2)
	3318	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3319
	3320	# SC-3(3)
	3321	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3322
	3323	# SC-3(4)
	3324	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3325
	3326	# SC-3(5)
	3327	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3328
	3329	# SC-4: Information Remnance
	3330	# Kickstart Actions:
	3331
	3332	# SC-5: Denial of Service Protection
	3333	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3334
	3335	# SC-5(1)
	3336	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3337
	3338	# SC-5(2)
	3339	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3340
	3341	# Implemented in GEN003600
	3342	# Implemented in GEN005600
	3343
	3344	# SC-5(3)
	3345	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3346
	3347	# SC-6: Resource Priority
	3348	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3349
	3350	# SC-7: Boundary Protection
	3351	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3352
	3353	# SC-7(1)
	3354	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3355
	3356	# SC-7(2)
	3357	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3358
	3359	# SC-7(3)
	3360	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3361
	3362	# SC-7(4)
	3363	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3364
	3365	# SC-7(5)
	3366	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3367
	3368	# Implemented in GEN006620
	3369
	3370	# SC-7(6)
	3371	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3372
	3373	# SC-7(7)
	3374	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3375
	3376	# SC-7(8)
	3377	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3378
	3379	# SC-8: Transmission Integrity
	3380	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3381
	3382	# SC-8(1)
	3383	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3384
	3385	# SC-8(2)
	3386	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3387
	3388	# SC-9: Transmission Confidentiality
	3389	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3390
	3391	# Implemented in GEN005500
	3392
	3393	# SC-9(1)
	3394	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3395
	3396	# SC-9(2)
	3397	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3398
	3399	# SC-9(3)
	3400	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3401
	3402	# SC-9(4)
	3403	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3404
	3405	# SC-9(5)
	3406	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3407
	3408	# SC-10: Network Disconnect
	3409	# Kickstart Actions:
	3410
	3411	# SC-11: Trusted Path
	3412	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3413
	3414	# SC-12: Cryptographic Key Establishment and Management
	3415	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3416
	3417	# SC-12(1)
	3418	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3419
	3420	# SC-12(2)
	3421	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3422
	3423	# SC-12(3)
	3424	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3425
	3426	# SC-12(4)
	3427	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3428
	3429	# SC-13: Use of Cryptography
	3430	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3431
	3432	# SC-14: Public Access Protections
	3433	# Kickstart Actions:
	3434
	3435	# SC-15: Collaborative Computing
	3436	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3437
	3438	# SC-15(1)
	3439	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3440
	3441	# SC-15(2)
	3442	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3443
	3444	# SC-15(3)
	3445	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3446
	3447	# SC-16: Transmission of Security Parameters
	3448	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3449
	3450	# SC-16(1)
	3451	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3452
	3453	# SC-16(2)
	3454	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3455
	3456	# SC-17: Public Key Infrastructure Certificates
	3457	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3458
	3459	# SC-18: Mobile Code
	3460	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3461
	3462	# SC-18(1)
	3463	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3464
	3465	# SC-18(2)
	3466	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3467
	3468	# SC-19: Voice Over Internet Protocol
	3469	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3470
	3471	# SC-20: Secure Name /Address Resolution Service (Authoritative Source)
	3472	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3473
	3474	# SC-20(1)
	3475	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3476
	3477	# SC-21: Secure Name /Address Resolution Service (Recursive or Caching Resolver)
	3478	# Kickstart Actions:
	3479
	3480	# SC-21(1)
	3481	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3482
	3483	# SC-22: Architecture and Provisioning for Name/Address Resolution Service
	3484	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3485
	3486	# SC-23: Session Authenticity
	3487	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3488
	3489
	3490	###################################
	3491	# System and Information Integrity
	3492
	3493	# SI-1: System and Information Integrity Policy and Procedures
	3494	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3495
	3496	# SI-2: Flaw Remediation
	3497	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3498
	3499	# SI-2(1)
	3500	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3501
	3502	# SI-2(2)
	3503	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3504
	3505	# SI-2(3)
	3506	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3507
	3508	# SI-3: Malicious Code Protection
	3509	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3510
	3511	# SI-3(1)
	3512	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3513
	3514	# SI-3(2)
	3515	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3516
	3517	# SI-3(3)
	3518	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3519
	3520	# SI-3(4)
	3521	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3522
	3523	# SI-3(5)
	3524	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3525
	3526	# SI-3(6)
	3527	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3528
	3529	# SI-4: Information System Monitoring Tools and Techniques
	3530	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3531
	3532	# SI-4(1)
	3533	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3534
	3535	# SI-4(2)
	3536	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3537
	3538	# SI-4(3)
	3539	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3540
	3541	# SI-4(4)
	3542	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3543
	3544	# SI-4(5)
	3545	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3546
	3547	# SI-4(6)
	3548	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3549
	3550	# SI-5: Security Alerts and Advisories
	3551	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3552
	3553	# SI-5(1)
	3554	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3555
	3556	# SI-6: Security Functionality Verification
	3557	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3558
	3559	# SI-6(1)
	3560	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3561
	3562	# SI-6(2)
	3563	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3564
	3565	# SI-7: Software and Information Integrity
	3566	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3567
	3568	# SI-7(1)
	3569	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3570
	3571	# SI-7(2)
	3572	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3573
	3574	# SI-7(3)
	3575	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3576
	3577	# SI-8: Spam Protection
	3578	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3579
	3580	# SI-8(1)
	3581	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3582
	3583	# SI-8(2)
	3584	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3585
	3586	# SI-8(3)
	3587	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3588
	3589	# SI-8(4)
	3590	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3591
	3592	# SI-8(5)
	3593	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3594
	3595	# SI-8(6)
	3596	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3597
	3598	# SI-9: Information Input Restrictions
	3599	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3600
	3601	# SI-10: Information Accuracy, Completeness, Validity, and Authenticity
	3602	# Kickstart Actions:
	3603
	3604	# SI-11: Error Handling
	3605	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3606
	3607	# SI-12: Information Output Handling and Retention
	3608	# Kickstart Actions: None - PROCEDURAL REQUIREMENT
	3609
	3610
	3611
	3612
	3613
	3614	eject
	3615
	3616
	3617	#END OF KICKSTART FILE POST SETTINGS

trunk/RHEL5/rpmify

r139	r175
4	4	RELEASE="1"
5	5	ARCH=$(uname -i)
6		OS="RHEL5.1"
	6	OS="RHEL5"
7	7
8	8	tar --exclude=".svn" -czvf RPM/clip-$VERSION-$RELEASE.tar.gz pam_tally3/ conf/ kickstart/ scripts/ man/ Makefile

trunk/RHEL5/scripts/stig-fix/cat2/gen001020.sh

r120	r175
18	18
19	19	# Add a User who is in the users group allowing access to the system
20		/usr/sbin/adduser -G users,wheel ~~CLIPU~~ser
21		passwd CLIPUser < CLIPUserPassword
	20	/usr/sbin/adduser -G users,wheel clipuser
	21	echo "123)(*qweASD" \| passwd --stdin clipuser
22	22
23	23	# Cron was previously set to use /etc/security/access.conf, which did

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.

r69	r175
1		SUBDIRS=~~scripts conf man pam_tally3~~
	1	SUBDIRS=pam_tally3 scripts conf man
2	2
3	3	export PREFIX=/usr

Navigation

Changeset 175

Legend:

trunk/RHEL5/Makefile

trunk/RHEL5/kickstart/clip.ks

trunk/RHEL5/rpmify

trunk/RHEL5/scripts/stig-fix/cat2/gen001020.sh

Download in other formats: