policies/tailoring-xccdf.xml
<?xml version="1.0" encoding="UTF-8"?>
<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
<xccdf:benchmark href="/home/shearna/repos/toughen-ci/vagrant/scripts/ssg-centos7-ds.xml"/>
<xccdf:version time="2017-05-12T16:29:39">1</xccdf:version>
<xccdf:Profile id="xccdf_com.shearn89_profile_toughen_centos">
<xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Modified C2S Profile for Toughen Testing</xccdf:title>
<xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">This profile demonstrates compliance against the
U.S. Government Commercial Cloud Services (C2S) baseline.
This baseline was inspired by the Center for Internet Security
(CIS) CentOS Linux 7 Benchmark, v1.1.0 - 04-02-2015.
For the SCAP Security Guide project to remain in compliance with
CIS' terms and conditions, specifically Restrictions(8), note
there is no representation or claim that the C2S profile will
ensure a system is in compliance or consistency with the CIS
baseline.
This profile demonstrates compliance against the
U.S. Government Commercial Cloud Services (C2S) baseline.
This baseline was inspired by the Center for Internet Security
(CIS) CentOS Linux 7 Benchmark, v1.1.0 - 04-02-2015.
For the SCAP Security Guide project to remain in compliance with
CIS' terms and conditions, specifically Restrictions(8), note
there is no representation or claim that the C2S profile will
ensure a system is in compliance or consistency with the CIS
baseline.
</xccdf:description>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_tmp" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_tmp_nodev" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_tmp_nosuid" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_tmp_noexec" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_var_tmp_bind" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var_log" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_var_log_audit" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_partition_for_home" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_nodev_nonroot_local_partitions" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nodev" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_nosuid" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_dev_shm_noexec" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_dir_perms_world_writable_sticky_bits" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_cramfs_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_freevxfs_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_jffs2_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_hfs_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_hfsplus_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_squashfs_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_udf_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_rhnsd_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_rpm_verify_permissions" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_rpm_verify_hashes" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_aide_installed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_enable_selinux_bootloader" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_selinux_state" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_selinux_policytype" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_setroubleshoot_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_mcstrans_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_user_owner_grub2_cfg" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_group_owner_grub2_cfg" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_grub2_cfg" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_bootloader_password" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_disable_users_coredumps" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_fs_suid_dumpable" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_kernel_randomize_va_space" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_security_patches_up_to_date" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_telnet-server_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_telnet_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_rsh-server_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_rsh_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_ypbind_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_ypserv_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_tftp-server_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_tftp_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_talk_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_talk-server_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_umask_for_daemons" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_xorg-x11-server-common_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_avahi-daemon_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_cups_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_dhcp_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_chronyd_or_ntpd_enabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_specify_remote_server" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_openldap-servers_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_nfslock_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_rpcgssd_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_rpcbind_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_rpcidmapd_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_rpcsvcgssd_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_bind_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_vsftpd_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_httpd_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_dovecot_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_samba_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_squid_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_net-snmp_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_send_redirects" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_send_redirects" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_source_route" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_source_route" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_redirects" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_redirects" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_secure_redirects" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_secure_redirects" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_log_martians" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_log_martians" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_echo_ignore_broadcasts" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_ignore_bogus_error_responses" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_rp_filter" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_rp_filter" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_tcp_syncookies" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_wireless_disable_interfaces" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_kernel_ipv6_disable" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_firewalld_enabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_rsyslog_installed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_rsyslog_enabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_rsyslog_files_permissions" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_auditd_data_retention_action_mail_acct" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_auditd_enabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_bootloader_audit_argument" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_mac_modification" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_login_events" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_session_events" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_media_export" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_immutable" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_crond_enabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_disable_rhosts" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_disable_host_auth" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_disable_root_login" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_set_keepalive" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_limit_user_access" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_pam_retry" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_no_direct_root_logins" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_remediation_functions" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_intro" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_general-principles" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_principle-encrypt-transmitted-data" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_principle-minimize-software" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_principle-separate-servers" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_principle-use-security-tools" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_principle-least-privilege" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_how-to-use" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_intro-read-sections-completely" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_intro-test-non-production" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_intro-root-shell-assumed" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_intro-formatting-conventions" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_intro-reboot-required" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_additional_security_software" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_mcafee_security_software" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_fips" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_gnome" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_gnome_login_screen" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_gnome_screen_locking" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_gnome_system_settings" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_gnome_network_settings" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_gnome_remote_access_settings" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_gnome_media_settings" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_enable_nx" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_smart_card_login" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_gui_login_banner" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_network_disable_unused_interfaces" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_network_ipv6_limit_requests" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_network_ssl" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_network-ipsec" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_configure_logwatch_on_logserver" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_sssd" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_avahi_configuration" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_configure_printing" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dhcp_server_configuration" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dhcp_server_minimize_served_info" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_disabling_dhcp_client" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_harden_os" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_configure_ssl_certs" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_install_ssl_cert" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_configuration" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_denial_of_service" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_mail_relay" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_mail_relay_set_trusted_networks" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_mail_smtpd_relay_restrictions" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_mail_smtpd_recipient_restrictions" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_mail_relay_smtp_auth_for_untrusted_networks" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_postfix_server_mail_relay_require_tls_for_smtp_auth" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_ldap_server_config_certificate_files" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_nfs_configure_fixed_ports" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_nfs_configuring_servers" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_configure_exports_restrictively" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_use_acl_enforce_auth_restrictions" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_export_filesystems_read_only" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dns_server_isolation" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dns_server_dedicated" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dns_server_chroot" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dns_server_protection" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dns_server_separate_internal_external" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dns_server_partition_with_views" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_ftp_use_vsftpd" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_ftp_configure_vsftpd" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_ftp_restrict_users" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_ftp_limit_users" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_ftp_configure_firewall" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_installing_httpd" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_minimal_modules_installed" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_securing_httpd" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_restrict_info_leakage" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_minimize_loadable_modules" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_core_modules" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_basic_authentication" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_optional_components" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_minimize_config_files_included" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_directory_restrictions" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_modules_improve_security" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_deploy_mod_ssl" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_deploy_mod_security" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_use_dos_protection_modules" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_configure_php_securely" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_configure_os_protect_web_server" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_restrict_file_dir_access" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_configure_firewalld" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_httpd_chroot" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_configure_dovecot" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dovecot_support_necessary_protocols" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dovecot_enabling_ssl" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dovecot_allow_imap_access" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_disabling_quagga" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_configuring_samba" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_smb_restrict_file_sharing" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_smb_disable_printing" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_snmp_configure_server" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_srg_support" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_c2s_support" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_clean_components_post_updating" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_repo_metadata" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_aide_build_database" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_sudo" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sudo_remove_nopasswd" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sudo_remove_no_authenticate" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_bootloader_nousb_argument" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_autofs_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_permissions_important_account_files" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_userowner_shadow_file" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_groupowner_shadow_file" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_owner_etc_group" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_groupowner_etc_group" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_etc_group" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_etc_gshadow" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_owner_etc_passwd" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_permissions_within_important_dirs" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_no_files_unowned_by_user" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_dir_perms_world_writable_system_owned" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_kernel_exec_shield" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_nodev_removable_partitions" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_noexec_removable_partitions" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_nosuid_removable_partitions" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_securetty_root_login_console_only" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_restrict_serial_port_logins" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_root_path_default" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_password_storage" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_no_empty_passwords" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_gid_passwd_group_same" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_no_netrc_files" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_warn_age_login_defs" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_account_expiration" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_account_unique_name" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_account_temp_expire_date" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_display_login_attempts" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_pam_difok" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny_root" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_libuserconf" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_accounts-session" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_tmout" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_logon_fail_delay" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_root_path_no_dot" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_root_path_dirs_no_write" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_root_paths" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_home_dirs" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_user_umask" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_umask_etc_csh_cshrc" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_require_singleuser_auth" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_disable_interactive_boot" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_screen_locking" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_screen_installed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_console_screen_locking" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_accounts-banners" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_banner_etc_issue" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_network_disable_zeroconf" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_network_sniffer_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_wireless_disable_in_bios" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_bluetooth_disabled" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_kernel_module_bluetooth_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_network_ipv6_disable_interfaces" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_network_ipv6_disable_rpc" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_ra" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_redirects" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_source_route" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_configuring_ipv6" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_ruleset_modifications" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_set_firewalld_default_zone" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_rsyslog_nolisten" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_rsyslog_accept_remote_messages_tcp" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_rsyslog_accept_remote_messages_udp" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_log_rotation" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_ensure_logrotate_activated" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_auditd_data_retention_flush" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_audit_rules_time_stime" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_xinetd_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_xinetd_removed" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_tcp_wrappers_installed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_abrtd_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_kdump_disabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_restrict_at_cron_users" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_openssh-server_installed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_service_sshd_enabled" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_use_priv_separation" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_disable_compression" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_sshd_use_approved_macs" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_sshd_strengthen_firewall" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dhcp_client_configuration" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_dhcp_client_restrict_options" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_specify_multiple_servers" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_package_sendmail_removed" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_openldap_server" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_openldap_client" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_ldap_client_start_tls" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_ldap_client_tls_cacertpath" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_nfs_client_or_server_not_both" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_nfs_configuring_all_machines" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_mounting_remote_filesystems" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_nodev_remote_filesystems" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_rule_mount_option_nosuid_remote_filesystems" selected="true"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_nfs_configuring_clients" selected="false"/>
<xccdf:select idref="xccdf_org.ssgproject.content_group_routing" selected="false"/>
<xccdf:set-value idref="xccdf_org.ssgproject.content_value_var_accounts_password_minlen_login_defs">14</xccdf:set-value>
<xccdf:set-value idref="xccdf_org.ssgproject.content_value_var_password_pam_difok">4</xccdf:set-value>
<xccdf:set-value idref="xccdf_org.ssgproject.content_value_var_accounts_max_concurrent_login_sessions">5</xccdf:set-value>
<xccdf:set-value idref="xccdf_org.ssgproject.content_value_login_banner_text">[\s\n]+WARNING[\s\n]+</xccdf:set-value>
<xccdf:set-value idref="xccdf_org.ssgproject.content_value_var_auditd_max_log_file">10</xccdf:set-value>
<xccdf:set-value idref="xccdf_org.ssgproject.content_value_var_auditd_max_log_file_action">keep_logs</xccdf:set-value>
<xccdf:set-value idref="xccdf_org.ssgproject.content_value_var_auditd_admin_space_left_action">halt</xccdf:set-value>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_selinux_state" selector="enforcing"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_selinux_policy_name" selector="targeted"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_umask_for_daemons" selector="027"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_all_accept_source_route_value" selector="disabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_default_accept_source_route_value" selector="disabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_all_accept_redirects_value" selector="disabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_all_secure_redirects_value" selector="disabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_default_secure_redirects_value" selector="disabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_all_log_martians_value" selector="enabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_default_log_martians_value" selector="enabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value" selector="enabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value" selector="enabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_all_rp_filter_value" selector="enabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_conf_default_rp_filter_value" selector="enabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv4_tcp_syncookies_value" selector="enabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv6_conf_all_accept_ra_value" selector="disabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv6_conf_default_accept_ra_value" selector="disabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv6_conf_all_accept_redirects_value" selector="disabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sysctl_net_ipv6_conf_default_accept_redirects_value" selector="disabled"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_auditd_max_log_file" selector="20"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_auditd_space_left_action" selector="email"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_auditd_action_mail_acct" selector="root"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_auditd_admin_space_left_action" selector="halt"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_auditd_max_log_file_action" selector="keep_logs"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_sshd_idle_timeout_value" selector="5_minutes"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_password_pam_retry" selector="3"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_password_pam_minlen" selector="14"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_password_pam_dcredit" selector="1"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_password_pam_ucredit" selector="1"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_password_pam_ocredit" selector="1"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_deny" selector="5"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_accounts_passwords_pam_faillock_unlock_time" selector="900"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_password_pam_unix_remember" selector="5"/>
<xccdf:refine-value idref="xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs" selector="90"/>
</xccdf:Profile>
</xccdf:Tailoring>