/usr/share/scap-security-guide/ssg-rhel5-oval.xml

<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:linux="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd         http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
  <generator>
    <oval:product_name>python</oval:product_name>
    <oval:product_version>2.7.13+</oval:product_version>
    <oval:schema_version>5.10</oval:schema_version>
    <oval:timestamp>2017-08-11T21:22:22</oval:timestamp>
  </generator>
  <definitions>
    <definition class="compliance" id="oval:ssg-accounts_cracklib_present:def:1" version="1">
      <metadata>
        <title>Set Cracklib Password Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must prevent the use of dictionary words for passwords.</description>
      <reference ref_id="accounts_cracklib_present" source="ssg"/></metadata>
      <criteria comment="The /etc/pam.d/system-auth file must have pam_cracklib defined.">
        <criterion test_ref="oval:ssg-test_accounts_cracklib_present:tst:1"/>
        <extend_definition comment="global account settings configured" definition_ref="oval:ssg-accounts_global_setting:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_disable_post_pw_expiration:def:1" version="1">
      <metadata>
        <title>Set Accounts to Expire Following Password Expiration</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The accounts should be configured to expire automatically following password expiration.</description>
      <reference ref_id="accounts_disable_post_pw_expiration" source="ssg"/></metadata>
      <criteria comment="the value INACTIVE parameter should be set appropriately in /etc/default/useradd">
        <criterion test_ref="oval:ssg-test_etc_default_useradd_inactive:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_executable_dangerous_path_for_root:def:1" version="1">
      <metadata>
        <title>The PATH Environment Variable For Root Must Contain Absolute Paths</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The PATH environment variable for root must contain absolute paths.</description>
      <reference ref_id="accounts_executable_dangerous_path_for_root" source="ssg"/></metadata>
      <criteria comment="environment variable PATH contains dangerous path" operator="AND">
        <criterion comment="environment variable PATH starts with : or ." test_ref="oval:ssg-test_env_var_path_begins:tst:1"/>
        <criterion comment="environment variable PATH contains : twice in a row" test_ref="oval:ssg-test_env_var_path_contains_doublecolon:tst:1"/>
        <criterion comment="environment variable PATH contains . twice in a row" test_ref="oval:ssg-test_env_var_path_contains_doubleperiod:tst:1"/>
        <criterion comment="environment variable PATH ends with : or ." test_ref="oval:ssg-test_env_var_path_ends:tst:1"/>
        <criterion comment="environment variable PATH doesn't begin with a /" test_ref="oval:ssg-test_env_var_path_begins_slash:tst:1"/>
        <criterion comment="environment variable PATH doesn't contain relative paths" test_ref="oval:ssg-test_env_var_path_contains_relative_path:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_fail_delay:def:1" version="1">
      <metadata>
        <title>Set Failure Delay Parameters</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The delay between login prompts following a failed login attempt must be at least 4 seconds.</description>
      <reference ref_id="accounts_fail_delay" source="ssg"/></metadata>
      <criteria comment="the value FAIL_DELAY should be set appropriately in /etc/login.defs">
        <criterion test_ref="oval:ssg-test_accounts_fail_delay_logindefs:tst:1"/>
        <criteria comment="the value pam_faildelay should be set appropriately in /etc/pam.d/system-auth" operator="OR">
          <criterion comment="pam_faildelay.so is not included in /lib/security/*" test_ref="oval:ssg-test_pam_faildelay_not_included:tst:1"/>
          <criterion test_ref="oval:ssg-test_accounts_fail_delay_systemauth:tst:1"/>
          <criteria comment="the value pam_faildelay should be set appropriately in /etc/pam.d/system-auth-ac" operator="AND">
            <criterion test_ref="oval:ssg-test_accounts_fail_delay_systemauthac:tst:1"/>
            <extend_definition comment="global account settings configured" definition_ref="oval:ssg-accounts_global_setting:def:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_global_setting:def:1" version="1">
      <metadata>
        <title>Configure system-auth Global Settings</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Global settings defined in system-auth must be applied in the pam.d definition files.</description>
      <reference ref_id="accounts_global_setting" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="system-auth-ac is not included in /etc/pam.d/*" test_ref="oval:ssg-test_accounts_global_setting_not_included:tst:1"/>
        <criteria comment="The /etc/pam.d/system-auth file must have include statements to /etc/pam.d/system-auth-ac.">
          <criterion test_ref="oval:ssg-test_accounts_global_setting_auth:tst:1"/>
          <criterion test_ref="oval:ssg-test_accounts_global_setting_account:tst:1"/>
          <criterion test_ref="oval:ssg-test_accounts_global_setting_password:tst:1"/>
          <criterion test_ref="oval:ssg-test_accounts_global_setting_session:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_library_dangerous_path_for_root:def:1" version="1">
      <metadata>
        <title>The LD_LIBRARY_PATH Environment Variable For Root Must Contain Absolute Paths</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The LD_LIBRARY_PATH environment variable for root must contain absolute paths.</description>
      <reference ref_id="accounts_library_dangerous_path_for_root" source="ssg"/></metadata>
      <criteria comment="environment variable LD_LIBRARY_PATH contains dangerous path" operator="AND">
        <criterion comment="environment variable LD_LIBRARY_PATH starts with : or ." test_ref="oval:ssg-test_env_var_ld_library_path_begins:tst:1"/>
        <criterion comment="environment variable LD_LIBRARY_PATH contains : twice in a row" test_ref="oval:ssg-test_env_var_ld_library_path_contains_doublecolon:tst:1"/>
        <criterion comment="environment variable LD_LIBRARY_PATH contains . twice in a row" test_ref="oval:ssg-test_env_var_ld_library_path_contains_doubleperiod:tst:1"/>
        <criterion comment="environment variable LD_LIBRARY_PATH ends with : or ." test_ref="oval:ssg-test_env_var_ld_library_path_ends:tst:1"/>
        <criterion comment="environment variable LD_LIBRARY_PATH doesn't begin with a /" test_ref="oval:ssg-test_env_var_ld_library_path_begins_slash:tst:1"/>
        <criterion comment="environment variable LD_LIBRARY_PATH doesn't contain relative paths" test_ref="oval:ssg-test_env_var_ld_library_path_contains_relative_path:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_logins_logged:def:1" version="1">
      <metadata>
        <title>User Logins are Logged</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Successful and unsuccessful logins and logouts must be logged.</description>
      <reference ref_id="accounts_logins_logged" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure /var/log/btmp exists" test_ref="oval:ssg-test_accounts_logins_logged_btmp:tst:1"/>
        <criterion comment="make sure /var/log/wtmp exists" test_ref="oval:ssg-test_accounts_logins_logged_wtmp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_max_concurrent_login_sessions:def:1" version="1">
      <metadata>
        <title>Set Maximum Number of Concurrent Login Sessions Per User</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The maximum number of concurrent login sessions per user should meet minimum requirements.</description>
      <reference ref_id="accounts_max_concurrent_login_sessions" source="ssg"/></metadata>
      <criteria comment="the value maxlogins should be set appropriately in /etc/security/limits.conf">
        <criterion test_ref="oval:ssg-test_maxlogins:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_maximum_age_login_defs:def:1" version="1">
      <metadata>
        <title>Set Password Expiration Parameters</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The maximum password age policy should meet minimum requirements.</description>
      <reference ref_id="accounts_maximum_age_login_defs" source="ssg"/></metadata>
      <criteria comment="the value PASS_MAX_DAYS should be set appropriately in /etc/login.defs">
        <criterion test_ref="oval:ssg-test_accounts_maximum_age_login_defs:tst:1"/>
        <criterion test_ref="oval:ssg-test_accounts_maximum_age_login_defs_users:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_minimum_age_login_defs:def:1" version="1">
      <metadata>
        <title>Set Password Expiration Parameters</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The minimum password age policy should be set appropriately.</description>
      <reference ref_id="accounts_minimum_age_login_defs" source="ssg"/></metadata>
      <criteria comment="the value PASS_MIN_DAYS should be set appropriately in /etc/login.defs">
        <criterion test_ref="oval:ssg-test_accounts_minimum_age_login_defs:tst:1"/>
        <criterion test_ref="oval:ssg-test_accounts_minimum_age_login_defs_users:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_no_uid_except_zero:def:1" version="1">
      <metadata>
        <title>UID 0 Belongs Only To Root</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Only the root account should be assigned a user id of 0.</description>
      <reference ref_id="accounts_no_uid_except_zero" source="ssg"/></metadata>
      <criteria>
        <criterion comment="tests for reg exp ^[^r][^o][^o][^t].*:0 in /etc/passwd file" test_ref="oval:ssg-test_accounts_no_uid_except_root:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_all_shadowed:def:1" version="1">
      <metadata>
        <title>All Password Hashes Shadowed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>All password hashes should be shadowed.</description>
      <reference ref_id="accounts_password_all_shadowed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="password hashes are shadowed" test_ref="oval:ssg-test_accounts_password_all_shadowed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_cracklib_dcredit:def:1" version="1">
      <metadata>
        <title>Set Password dcredit Requirements</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The password dcredit should meet minimum requirements using pam_cracklib</description>
      <reference ref_id="accounts_password_pam_cracklib_dcredit" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions for dcredit are satisfied" test_ref="oval:ssg-test_password_pam_cracklib_dcredit:tst:1"/>
        <extend_definition comment="global account settings configured" definition_ref="oval:ssg-accounts_global_setting:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_cracklib_difok:def:1" version="1">
      <metadata>
        <title>Set Password difok Requirements</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The password difok should meet minimum requirements using pam_cracklib</description>
      <reference ref_id="accounts_password_pam_cracklib_difok" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions for difok are satisfied" test_ref="oval:ssg-test_accounts_password_pam_cracklib_difok:tst:1"/>
        <extend_definition comment="global account settings configured" definition_ref="oval:ssg-accounts_global_setting:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_cracklib_lcredit:def:1" version="1">
      <metadata>
        <title>Set Password lcredit Requirements</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The password lcredit should meet minimum requirements using pam_cracklib</description>
      <reference ref_id="accounts_password_pam_cracklib_lcredit" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions for lcredit are satisfied" test_ref="oval:ssg-test_password_pam_cracklib_lcredit:tst:1"/>
        <extend_definition comment="global account settings configured" definition_ref="oval:ssg-accounts_global_setting:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_cracklib_maxrepeat:def:1" version="1">
      <metadata>
        <title>Set Password maxrepeat Requirements</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The password maxrepeat should meet minimum requirements using pam_cracklib</description>
      <reference ref_id="accounts_password_pam_cracklib_maxrepeat" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion comment="Conditions for maxrepeat are satisfied" test_ref="oval:ssg-test_accounts_password_pam_cracklib_maxrepeat:tst:1"/>
          <extend_definition comment="global account settings configured" definition_ref="oval:ssg-accounts_global_setting:def:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_cracklib_minlen:def:1" version="1">
      <metadata>
        <title>Set Password minlen Requirements</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The password minlen should meet minimum requirements using pam_cracklib</description>
      <reference ref_id="accounts_password_pam_cracklib_minlen" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions for minlen are satisfied" test_ref="oval:ssg-test_accounts_password_pam_cracklib_minlen:tst:1"/>
        <extend_definition comment="global account settings configured" definition_ref="oval:ssg-accounts_global_setting:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_cracklib_ocredit:def:1" version="1">
      <metadata>
        <title>Set Password ocredit Requirements</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The password ocredit should meet minimum requirements using pam_cracklib</description>
      <reference ref_id="accounts_password_pam_cracklib_ocredit" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions for ocredit are satisfied" test_ref="oval:ssg-test_password_pam_cracklib_ocredit:tst:1"/>
        <extend_definition comment="global account settings configured" definition_ref="oval:ssg-accounts_global_setting:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_cracklib_ucredit:def:1" version="1">
      <metadata>
        <title>Set Password ucredit Requirements</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The password ucredit should meet minimum requirements using pam_cracklib</description>
      <reference ref_id="accounts_password_pam_cracklib_ucredit" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions for ucredit are satisfied" test_ref="oval:ssg-test_password_pam_cracklib_ucredit:tst:1"/>
        <extend_definition comment="global account settings configured" definition_ref="oval:ssg-accounts_global_setting:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_tally_deny:def:1" version="1">
      <metadata>
        <title>Lock out account after failed login attempts</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The number of allowed failed logins should be set correctly.</description>
      <reference ref_id="accounts_password_pam_tally_deny" source="ssg"/></metadata>
      <criteria>
        <criterion comment="default is set to 3" test_ref="oval:ssg-test_accounts_password_pam_tally2_deny_system-auth:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_unix_remember:def:1" version="1">
      <metadata>
        <title>Limit Password Reuse</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The passwords to remember should be set correctly.</description>
      <reference ref_id="accounts_password_pam_unix_remember" source="ssg"/></metadata>
      <criteria>
        <criterion comment="/etc/security/opasswd exists" test_ref="oval:ssg-test_etc_security_opasswd:tst:1"/>
        <criterion comment="remember parameter is set to 0 in /etc/pam.d/system-auth" test_ref="oval:ssg-test_accounts_password_pam_unix_remember:tst:1"/>
        <criteria operator="OR">
          <criterion comment="system-auth-ac is not included in /etc/pam.d/*" test_ref="oval:ssg-test_systemauthac_not_included:tst:1"/>
          <criterion comment="remember parameter is set to 0 in /etc/pam.d/system-auth-ac" test_ref="oval:ssg-test_accounts_password_pam_unix_remember_systemauthac:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_root_path_dirs_no_write:def:1" version="1">
      <metadata>
        <title>Roots PATH Does Not Include Group Writeable or World Writeable Directories</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The root account must not have world-writeable directories in its executable search path.</description>
      <reference ref_id="accounts_root_path_dirs_no_write" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_accounts_root_path_dirs_no_write:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_umask:def:1" version="1">
      <metadata>
        <title>The system and user default umask must be set</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The default umask for the system and users</description>
      <reference ref_id="accounts_umask" source="ssg"/></metadata>
      <criteria>
        <criterion negate="false" test_ref="oval:ssg-test_accounts_invalid_umask_system:tst:1"/>
        <criterion negate="false" test_ref="oval:ssg-test_accounts_invalid_umask_user_home:tst:1"/>
        <criterion negate="false" test_ref="oval:ssg-test_accounts_invalid_umask_user_root:tst:1"/>
        <criteria operator="OR">
          <criterion test_ref="oval:ssg-test_accounts_valid_umask_system:tst:1"/>
          <criterion test_ref="oval:ssg-test_accounts_valid_umask_user_home:tst:1"/>
          <criterion test_ref="oval:ssg-test_accounts_valid_umask_user_root:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_unique_name:def:1" version="1">
      <metadata>
        <title>All Accounts Have Unique Names</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>All accounts on the system must have unique user or account names.</description>
      <reference ref_id="accounts_unique_name" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_accounts_unique_name:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_unique_uid:def:1" version="1">
      <metadata>
        <title>All Accounts Have Unique IDs</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>All accounts on the system must have unique user or account IDs.</description>
      <reference ref_id="accounts_unique_uid" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_accounts_unique_id:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-aide_periodic_cron_checking:def:1" version="1">
      <metadata>
        <title>Aide must be configured to run, at least weekly.</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>A cron job must be configured to execute aide, at least weekly.</description>
      <reference ref_id="aide_periodic_cron_checking" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="check for aide in /etc/crontab" test_ref="oval:ssg-test_aide_periodic_cron_checking_etc_crontab:tst:1"/>
        <criterion comment="check for aide in /etc/cron.d/*" test_ref="oval:ssg-test_aide_periodic_cron_checking_etc_cron_d:tst:1"/>
        <criterion comment="check for aide in /etc/cron.hourly/*" test_ref="oval:ssg-test_aide_periodic_cron_checking_etc_cron_hourly:tst:1"/>
        <criterion comment="check for aide in /etc/cron.daily/*" test_ref="oval:ssg-test_aide_periodic_cron_checking_etc_cron_daily:tst:1"/>
        <criterion comment="check for aide in /etc/cron.weekly/*" test_ref="oval:ssg-test_aide_periodic_cron_checking_etc_cron_weekly:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-at_access_controlled:def:1" version="1">
      <metadata>
        <title>Files /etc/at.allow And /etc/at.deny Must Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/at.allow and /etc/at.deny must exist.</description>
      <reference ref_id="at_access_controlled" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_at_access_controlled_at_allow:tst:1"/>
        <criterion test_ref="oval:ssg-test_at_access_controlled_at_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-at_deny_nonempty:def:1" version="1">
      <metadata>
        <title>File /etc/at.deny Must Either Not Exist Or Not Be Empty</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The at.deny file must not be empty if it exists.</description>
      <reference ref_id="at_deny_nonempty" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_at_deny_nonempty_at_deny_not_exist:tst:1"/>
        <criterion test_ref="oval:ssg-test_at_deny_nonempty_at_deny_empty:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-at_system_accounts:def:1" version="1">
      <metadata>
        <title>Files /etc/at.allow And /etc/at.deny Must Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/at.allow and /etc/at.deny must exist.</description>
      <reference ref_id="at_system_accounts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_at_system_accounts_at_allow_exists:tst:1"/>
        <criterion test_ref="oval:ssg-test_at_system_accounts_at_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_audit_rules:def:1" version="1">
      <metadata>
        <title>Audit Changes To Audit Rules</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules should detect changes to the audit rules.</description>
      <reference ref_id="audit_rules_audit_rules" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="audit /etc/audit.rules" test_ref="oval:ssg-test_audit_rules_audit_rules_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="audit /etc/audit/audit.rules" test_ref="oval:ssg-test_audit_rules_audit_rules_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_chmod:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - chmod</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_chmod" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification chmod" test_ref="oval:ssg-test_audit_rules_dac_modification_chmod_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification chmod x32" test_ref="oval:ssg-test_audit_rules_dac_modification_chmod_x32_el4:tst:1"/>
              <criterion comment="dac modification chmod x64" test_ref="oval:ssg-test_audit_rules_dac_modification_chmod_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification chmod" test_ref="oval:ssg-test_audit_rules_dac_modification_chmod_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification chmod x32" test_ref="oval:ssg-test_audit_rules_dac_modification_chmod_x32_el5:tst:1"/>
              <criterion comment="dac modification chmod x64" test_ref="oval:ssg-test_audit_rules_dac_modification_chmod_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_chown:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - chown</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_chown" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification chown" test_ref="oval:ssg-test_audit_rules_dac_modification_chown_el4:tst:1"/>
              <criterion comment="dac modification chown" test_ref="oval:ssg-test_audit_rules_dac_modification_chown32_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification chown x32" test_ref="oval:ssg-test_audit_rules_dac_modification_chown_x64_el4:tst:1"/>
              <criterion comment="dac modification chown x64" test_ref="oval:ssg-test_audit_rules_dac_modification_chown32_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification chown" test_ref="oval:ssg-test_audit_rules_dac_modification_chown_el5:tst:1"/>
              <criterion comment="dac modification chown" test_ref="oval:ssg-test_audit_rules_dac_modification_chown32_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification chown x32" test_ref="oval:ssg-test_audit_rules_dac_modification_chown_x64_el5:tst:1"/>
              <criterion comment="dac modification chown x64" test_ref="oval:ssg-test_audit_rules_dac_modification_chown32_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fchmod:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - fchmod</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_fchmod" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fchmod" test_ref="oval:ssg-test_audit_rules_dac_modification_fchmod_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fchmod x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fchmod_x32_el4:tst:1"/>
              <criterion comment="dac modification fchmod x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fchmod_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fchmod" test_ref="oval:ssg-test_audit_rules_dac_modification_fchmod_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fchmod x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fchmod_x32_el5:tst:1"/>
              <criterion comment="dac modification fchmod x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fchmod_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fchmodat:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - fchmodat</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_fchmodat" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fchmodat" test_ref="oval:ssg-test_audit_rules_dac_modification_fchmodat_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fchmodat x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fchmodat_x32_el5:tst:1"/>
              <criterion comment="dac modification fchmodat x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fchmodat_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fchown:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - fchown</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_fchown" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fchown" test_ref="oval:ssg-test_audit_rules_dac_modification_fchown_el4:tst:1"/>
              <criterion comment="dac modification fchown" test_ref="oval:ssg-test_audit_rules_dac_modification_fchown32_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fchown x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fchown_x64_el4:tst:1"/>
              <criterion comment="dac modification fchown x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fchown32_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fchown" test_ref="oval:ssg-test_audit_rules_dac_modification_fchown_el5:tst:1"/>
              <criterion comment="dac modification fchown" test_ref="oval:ssg-test_audit_rules_dac_modification_fchown32_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fchown x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fchown_x64_el5:tst:1"/>
              <criterion comment="dac modification fchown x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fchown32_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fchownat:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - fchownat</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_fchownat" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fchownat" test_ref="oval:ssg-test_audit_rules_dac_modification_fchownat_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fchownat x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fchownat_x32_el5:tst:1"/>
              <criterion comment="dac modification fchownat x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fchownat_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fremovexattr:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - fremovexattr</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_fremovexattr" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fremovexattr" test_ref="oval:ssg-test_audit_rules_dac_modification_fremovexattr_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fremovexattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fremovexattr_x32_el4:tst:1"/>
              <criterion comment="dac modification fremovexattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fremovexattr_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fremovexattr" test_ref="oval:ssg-test_audit_rules_dac_modification_fremovexattr_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fremovexattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fremovexattr_x32_el5:tst:1"/>
              <criterion comment="dac modification fremovexattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fremovexattr_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_fsetxattr:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - fsetxattr</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_fsetxattr" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fsetxattr" test_ref="oval:ssg-test_audit_rules_dac_modification_fsetxattr_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fsetxattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fsetxattr_x32_el4:tst:1"/>
              <criterion comment="dac modification fsetxattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fsetxattr_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification fsetxattr" test_ref="oval:ssg-test_audit_rules_dac_modification_fsetxattr_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification fsetxattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_fsetxattr_x32_el5:tst:1"/>
              <criterion comment="dac modification fsetxattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_fsetxattr_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_lchown:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - lchown</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_lchown" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification lchown" test_ref="oval:ssg-test_audit_rules_dac_modification_lchown_el4:tst:1"/>
              <criterion comment="dac modification lchown" test_ref="oval:ssg-test_audit_rules_dac_modification_lchown32_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification lchown x32" test_ref="oval:ssg-test_audit_rules_dac_modification_lchown_x64_el4:tst:1"/>
              <criterion comment="dac modification lchown x64" test_ref="oval:ssg-test_audit_rules_dac_modification_lchown32_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification lchown" test_ref="oval:ssg-test_audit_rules_dac_modification_lchown_el5:tst:1"/>
              <criterion comment="dac modification lchown" test_ref="oval:ssg-test_audit_rules_dac_modification_lchown32_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification lchown x32" test_ref="oval:ssg-test_audit_rules_dac_modification_lchown_x64_el5:tst:1"/>
              <criterion comment="dac modification lchown x64" test_ref="oval:ssg-test_audit_rules_dac_modification_lchown32_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_lremovexattr:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - lremovexattr</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_lremovexattr" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification lremovexattr" test_ref="oval:ssg-test_audit_rules_dac_modification_lremovexattr_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification lremovexattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_lremovexattr_x32_el4:tst:1"/>
              <criterion comment="dac modification lremovexattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_lremovexattr_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification lremovexattr" test_ref="oval:ssg-test_audit_rules_dac_modification_lremovexattr_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification lremovexattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_lremovexattr_x32_el5:tst:1"/>
              <criterion comment="dac modification lremovexattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_lremovexattr_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_lsetxattr:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - lsetxattr</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_lsetxattr" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification lsetxattr" test_ref="oval:ssg-test_audit_rules_dac_modification_lsetxattr_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification lsetxattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_lsetxattr_x32_el4:tst:1"/>
              <criterion comment="dac modification lsetxattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_lsetxattr_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification lsetxattr" test_ref="oval:ssg-test_audit_rules_dac_modification_lsetxattr_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification lsetxattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_lsetxattr_x32_el5:tst:1"/>
              <criterion comment="dac modification lsetxattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_lsetxattr_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_removexattr:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - removexattr</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_removexattr" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification removexattr" test_ref="oval:ssg-test_audit_rules_dac_modification_removexattr_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification removexattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_removexattr_x32_el4:tst:1"/>
              <criterion comment="dac modification removexattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_removexattr_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification removexattr" test_ref="oval:ssg-test_audit_rules_dac_modification_removexattr_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification removexattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_removexattr_x32_el5:tst:1"/>
              <criterion comment="dac modification removexattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_removexattr_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_dac_modification_setxattr:def:1" version="1">
      <metadata>
        <title>Audit Discretionary Access Control Modification Events - setxattr</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The changing of file permissions and attributes should be 
      audited.</description>
      <reference ref_id="audit_rules_dac_modification_setxattr" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification setxattr" test_ref="oval:ssg-test_audit_rules_dac_modification_setxattr_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification setxattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_setxattr_x32_el4:tst:1"/>
              <criterion comment="dac modification setxattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_setxattr_x64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="dac modification setxattr" test_ref="oval:ssg-test_audit_rules_dac_modification_setxattr_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="dac modification setxattr x32" test_ref="oval:ssg-test_audit_rules_dac_modification_setxattr_x32_el5:tst:1"/>
              <criterion comment="dac modification setxattr x64" test_ref="oval:ssg-test_audit_rules_dac_modification_setxattr_x64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_file_deletion_events:def:1" version="1">
      <metadata>
        <title>Audit File Deletion Events</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit files deletion events.</description>
      <reference ref_id="audit_rules_file_deletion_events" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="audit file user delete - unlink" test_ref="oval:ssg-test_audit_rules_file_deletion_events_unlink_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="audit file user delete - unlink" test_ref="oval:ssg-test_audit_rules_file_deletion_events_unlink_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_file_deletion_events_rmdir:def:1" version="1">
      <metadata>
        <title>Audit File Deletion Events - rmdir</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit files deletion events - rmdir.</description>
      <reference ref_id="audit_rules_file_deletion_events_rmdir" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="audit file user delete - rmdir" test_ref="oval:ssg-test_audit_rules_file_deletion_events_rmdir_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="audit file user delete - rmdir" test_ref="oval:ssg-test_audit_rules_file_deletion_events_rmdir_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_kernel_module_loading:def:1" version="1">
      <metadata>
        <title>Audit Kernel Module Loading and Unloading</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The audit rules should be configured to log information about kernel module loading and unloading.</description>
      <reference ref_id="audit_rules_kernel_module_loading" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="audit insmod" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_insmod_el4:tst:1"/>
          <criterion comment="audit rmmod" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_rmmod_el4:tst:1"/>
          <criterion comment="audit rmmod" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_modprobe_el4:tst:1"/>
          <criterion comment="audit init_module" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_init_module_el4:tst:1"/>
          <criterion comment="audit delete_module" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_delete_module_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="audit insmod" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_insmod_el5:tst:1"/>
          <criterion comment="audit rmmod" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_rmmod_el5:tst:1"/>
          <criterion comment="audit rmmod" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_modprobe_el5:tst:1"/>
          <criterion comment="audit init_module" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_init_module_el5:tst:1"/>
          <criterion comment="audit delete_module" test_ref="oval:ssg-test_audit_rule_kernel_module_loading_delete_module_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_login_events:def:1" version="1">
      <metadata>
        <title>Audit Login Events</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules should detect login events.</description>
      <reference ref_id="audit_rules_login_events" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="audit /var/log/faillog" test_ref="oval:ssg-test_audit_rules_login_events_var_log_faillog_el4:tst:1"/>
          <criterion comment="audit /var/log/lastlog" test_ref="oval:ssg-test_audit_rules_login_events_var_log_lastlog_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="audit /var/log/faillog" test_ref="oval:ssg-test_audit_rules_login_events_var_log_faillog_el5:tst:1"/>
          <criterion comment="audit /var/log/lastlog" test_ref="oval:ssg-test_audit_rules_login_events_var_log_lastlog_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_sched_setparam:def:1" version="1">
      <metadata>
        <title>Record Attempts to Alter Scheduler Parameters</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Record attempts to alter scheduler parameters.</description>
      <reference ref_id="audit_rules_sched_setparam" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_audit_rules_sched_setparam_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_audit_rules_sched_setparam_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_sched_setscheduler:def:1" version="1">
      <metadata>
        <title>Record Attempts to Alter Scheduler Priorities</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Record attempts to alter scheduler priorities.</description>
      <reference ref_id="audit_rules_sched_setscheduler" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_audit_rules_sched_setscheduler_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_audit_rules_sched_setscheduler_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_setdomainname:def:1" version="1">
      <metadata>
        <title>Record Attempts to Alter Domain Name</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Record attempts to alter the domain name.</description>
      <reference ref_id="audit_rules_setdomainname" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_audit_rules_setdomainname_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_audit_rules_setdomainname_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_sethostname:def:1" version="1">
      <metadata>
        <title>Record Attempts to Alter Host Name</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Record attempts to alter the host name.</description>
      <reference ref_id="audit_rules_sethostname" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_audit_rules_sethostname_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_audit_rules_sethostname_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_time_adjtimex:def:1" version="1">
      <metadata>
        <title>Record Attempts to Alter Time Through Adjtimex</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Record attempts to alter time through adjtimex.
      </description>
      <reference ref_id="audit_rules_time_adjtimex" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="32bit line adjtimex and key present" test_ref="oval:ssg-test_audit_rules_time_adjtimex_x86_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="64bit line for adjtimex and key present" test_ref="oval:ssg-test_audit_rules_time_adjtimex_x86_64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="32bit line adjtimex and key present" test_ref="oval:ssg-test_audit_rules_time_adjtimex_x86_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="64bit line for adjtimex and key present" test_ref="oval:ssg-test_audit_rules_time_adjtimex_x86_64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_time_clock_settime:def:1" version="2">
      <metadata>
        <title>Record Attempts to Alter Time Through Clock_settime</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Record attempts to alter time through clock_settime.
      </description>
      <reference ref_id="audit_rules_time_clock_settime" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="32bit line clock_settime and key present" test_ref="oval:ssg-test_audit_rules_time_clock_settime_x86_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="64bit line for clock_settime and key present" test_ref="oval:ssg-test_audit_rules_time_clock_settime_x86_64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="32bit line clock_settime and key present" test_ref="oval:ssg-test_audit_rules_time_clock_settime_x86_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="64bit line for clock_settime and key present" test_ref="oval:ssg-test_audit_rules_time_clock_settime_x86_64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_time_settimeofday:def:1" version="1">
      <metadata>
        <title>Record Attempts to Alter Time Through Settimeofday</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Record attempts to alter time through settimeofday.
      </description>
      <reference ref_id="audit_rules_time_settimeofday" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="32bit line settimeofday and key present" test_ref="oval:ssg-test_audit_rules_time_settimeofday_x86_el4:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="64bit line for settimeofday and key present" test_ref="oval:ssg-test_audit_rules_time_settimeofday_x86_64_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criteria>
              <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
              <criterion comment="32bit line settimeofday and key present" test_ref="oval:ssg-test_audit_rules_time_settimeofday_x86_el5:tst:1"/>
            </criteria>
            <criteria>
              <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
              <criterion comment="64bit line for settimeofday and key present" test_ref="oval:ssg-test_audit_rules_time_settimeofday_x86_64_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_time_stime:def:1" version="1">
      <metadata>
        <title>Record Attempts to Alter Time Through Stime</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Record attempts to alter time through stime, note that this is only relevant on 32bit architecture.</description>
      <reference ref_id="audit_rules_time_stime" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="32bit line stime and key present" test_ref="oval:ssg-test_audit_rules_time_stime_x86_el4:tst:1"/>
        </criteria>
        <criteria>
          <extend_definition comment="32bit and ..." definition_ref="oval:ssg-system_info_architecture_x86:def:1"/>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="32bit line stime and key present" test_ref="oval:ssg-test_audit_rules_time_stime_x86_el5:tst:1"/>
        </criteria>
        <criteria comment="both ...">
          <extend_definition comment="64bit and ..." definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_creat:def:1" version="1">
      <metadata>
        <title>Ensure auditd Collects Unauthorized Access Attempts to
      Files (unsuccessful)</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules about the Unauthorized Access
      Attempts to Files (unsuccessful) are enabled</description>
      <reference ref_id="audit_rules_unsuccessful_file_creat" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="audit file user fail - creat" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_creat_el4:tst:1"/>
            <criteria operator="AND">
              <criterion comment="audit file user eacces - creat" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_creat_el4:tst:1"/>
              <criterion comment="audit file user eperm - creat" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_creat_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="audit file user fail - creat" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_creat_el5:tst:1"/>
            <criteria operator="AND">
              <criterion comment="audit file user eacces - creat" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_creat_el5:tst:1"/>
              <criterion comment="audit file user eperm - creat" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_creat_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_ftruncate:def:1" version="1">
      <metadata>
        <title>Ensure auditd Collects Unauthorized Access Attempts to
      Files (unsuccessful)</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules about the Unauthorized Access
      Attempts to Files (unsuccessful) are enabled</description>
      <reference ref_id="audit_rules_unsuccessful_file_ftruncate" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="audit file user fail - ftruncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_ftruncate_el4:tst:1"/>
            <criteria operator="AND">
              <criterion comment="audit file user eacces - ftruncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_ftruncate_el4:tst:1"/>
              <criterion comment="audit file user eperm - ftruncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_ftruncate_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="audit file user fail - ftruncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_ftruncate_el5:tst:1"/>
            <criteria operator="AND">
              <criterion comment="audit file user eacces - ftruncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_ftruncate_el5:tst:1"/>
              <criterion comment="audit file user eperm - ftruncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_ftruncate_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_open:def:1" version="1">
      <metadata>
        <title>Ensure auditd Collects Unauthorized Access Attempts to
      Files (unsuccessful)</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules about the Unauthorized Access
      Attempts to Files (unsuccessful) are enabled</description>
      <reference ref_id="audit_rules_unsuccessful_file_open" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="audit file user fail - open" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_open_el4:tst:1"/>
            <criteria operator="AND">
              <criterion comment="audit file user eacces - open" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_open_el4:tst:1"/>
              <criterion comment="audit file user eperm - open" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_open_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="audit file user fail - open" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_open_el5:tst:1"/>
            <criteria operator="AND">
              <criterion comment="audit file user eacces - open" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_open_el5:tst:1"/>
              <criterion comment="audit file user eperm - open" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_open_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_openat:def:1" version="1">
      <metadata>
        <title>Ensure auditd Collects Unauthorized Access Attempts to
      Files (unsuccessful)</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules about the Unauthorized Access
      Attempts to Files (unsuccessful) are enabled</description>
      <reference ref_id="audit_rules_unsuccessful_file_openat" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="audit file user fail - openat" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_openat_el5:tst:1"/>
            <criteria operator="AND">
              <criterion comment="audit file user eacces - openat" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_openat_el5:tst:1"/>
              <criterion comment="audit file user eperm - openat" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_openat_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_unsuccessful_file_truncate:def:1" version="1">
      <metadata>
        <title>Ensure auditd Collects Unauthorized Access Attempts to
      Files (unsuccessful)</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules about the Unauthorized Access
      Attempts to Files (unsuccessful) are enabled</description>
      <reference ref_id="audit_rules_unsuccessful_file_truncate" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="audit file user fail - truncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_truncate_el4:tst:1"/>
            <criteria operator="AND">
              <criterion comment="audit file user eacces - truncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_truncate_el4:tst:1"/>
              <criterion comment="audit file user eperm - truncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_truncate_el4:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="audit file user fail - truncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_truncate_el5:tst:1"/>
            <criteria operator="AND">
              <criterion comment="audit file user eacces - truncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_truncate_el5:tst:1"/>
              <criterion comment="audit file user eperm - truncate" test_ref="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_truncate_el5:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_usergroup_creation:def:1" version="1">
      <metadata>
        <title>Audit User/Group Information</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules should detect creation of users and groups.</description>
      <reference ref_id="audit_rules_usergroup_creation" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="audit /usr/sbin/useradd" test_ref="oval:ssg-test_audit_rules_usergroup_creation_usr_sbin_useradd_el4:tst:1"/>
          <criterion comment="audit /usr/sbin/groupadd" test_ref="oval:ssg-test_audit_rules_usergroup_creation_usr_sbin_groupadd_el4:tst:1"/>
          <criterion comment="audit /etc/passwd" test_ref="oval:ssg-test_audit_rules_usergroup_creation_etc_passwd_el4:tst:1"/>
          <criterion comment="audit /etc/shadow" test_ref="oval:ssg-test_audit_rules_usergroup_creation_etc_shadow_el4:tst:1"/>
          <criterion comment="audit /etc/group" test_ref="oval:ssg-test_audit_rules_usergroup_creation_etc_group_el4:tst:1"/>
          <criterion comment="audit /etc/gshadow" test_ref="oval:ssg-test_audit_rules_usergroup_creation_etc_gshadow_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="audit /usr/sbin/useradd" test_ref="oval:ssg-test_audit_rules_usergroup_creation_usr_sbin_useradd_el5:tst:1"/>
          <criterion comment="audit /usr/sbin/groupadd" test_ref="oval:ssg-test_audit_rules_usergroup_creation_usr_sbin_groupadd_el5:tst:1"/>
          <criterion comment="audit /etc/passwd" test_ref="oval:ssg-test_audit_rules_usergroup_creation_etc_passwd_el5:tst:1"/>
          <criterion comment="audit /etc/shadow" test_ref="oval:ssg-test_audit_rules_usergroup_creation_etc_shadow_el5:tst:1"/>
          <criterion comment="audit /etc/group" test_ref="oval:ssg-test_audit_rules_usergroup_creation_etc_group_el5:tst:1"/>
          <criterion comment="audit /etc/gshadow" test_ref="oval:ssg-test_audit_rules_usergroup_creation_etc_gshadow_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_usergroup_disabling:def:1" version="1">
      <metadata>
        <title>Audit User/Group Information</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules should detect disabling users and groups.</description>
      <reference ref_id="audit_rules_usergroup_disabling" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="audit /usr/bin/passwd" test_ref="oval:ssg-test_audit_rules_usergroup_disabling_usr_bin_passwd_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="audit /usr/bin/passwd" test_ref="oval:ssg-test_audit_rules_usergroup_disabling_usr_bin_passwd_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_usergroup_modification:def:1" version="1">
      <metadata>
        <title>Audit User/Group Information</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules should detect modification of users and groups.</description>
      <reference ref_id="audit_rules_usergroup_modification" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="audit /usr/sbin/usermod" test_ref="oval:ssg-test_audit_rules_usergroup_modification_usr_sbin_usermod_el4:tst:1"/>
          <criterion comment="audit /usr/sbin/groupmod" test_ref="oval:ssg-test_audit_rules_usergroup_modification_usr_sbin_groupmod_el4:tst:1"/>
          <criterion comment="audit /etc/passwd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_passwd_el4:tst:1"/>
          <criterion comment="audit /etc/shadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_shadow_el4:tst:1"/>
          <criterion comment="audit /etc/group" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_group_el4:tst:1"/>
          <criterion comment="audit /etc/gshadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_gshadow_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="audit /usr/sbin/usermod" test_ref="oval:ssg-test_audit_rules_usergroup_modification_usr_sbin_usermod_el5:tst:1"/>
          <criterion comment="audit /usr/sbin/groupmod" test_ref="oval:ssg-test_audit_rules_usergroup_modification_usr_sbin_groupmod_el5:tst:1"/>
          <criterion comment="audit /etc/passwd" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_passwd_el5:tst:1"/>
          <criterion comment="audit /etc/shadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_shadow_el5:tst:1"/>
          <criterion comment="audit /etc/group" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_group_el5:tst:1"/>
          <criterion comment="audit /etc/gshadow" test_ref="oval:ssg-test_audit_rules_usergroup_modification_etc_gshadow_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-audit_rules_usergroup_termination:def:1" version="1">
      <metadata>
        <title>Audit User/Group Information</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit rules should detect termination of users and groups.</description>
      <reference ref_id="audit_rules_usergroup_termination" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion comment="audit /usr/sbin/userdel" test_ref="oval:ssg-test_audit_rules_usergroup_termination_usr_sbin_userdel_el4:tst:1"/>
          <criterion comment="audit /usr/sbin/groupdel" test_ref="oval:ssg-test_audit_rules_usergroup_termination_usr_sbin_groupdel_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion comment="audit /usr/sbin/userdel" test_ref="oval:ssg-test_audit_rules_usergroup_termination_usr_sbin_userdel_el5:tst:1"/>
          <criterion comment="audit /usr/sbin/groupdel" test_ref="oval:ssg-test_audit_rules_usergroup_termination_usr_sbin_groupdel_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_audispd_syslog_plugin_activated:def:1" version="2">
      <metadata>
        <title>Send Audit Logs To Remote Server</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must be configured to send audit records to a remote audit server.</description>
      <reference ref_id="auditd_audispd_syslog_plugin_activated" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_audit_enabled_on_kernel_cmdline:tst:1" comment="check for audit=1 in /boot/grub/grub.conf"/>
        <criterion test_ref="oval:ssg-test_audispds_syslog_plugin_enabled:tst:1" comment="check if audispd's syslog plugin activated in /etc/audisp/plugins.d/syslog.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_data_retention_audit_processing_failure:def:1" version="1">
      <metadata>
        <title>Auditd Action to Take When Disk Has Errors</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>disk_error_action setting and disk_full_action in /etc/audit/auditd.conf is set to a certain action</description>
      <reference ref_id="auditd_data_retention_audit_processing_failure" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_auditd_data_retention_disk_error_action_el4:tst:1"/>
          <criterion test_ref="oval:ssg-test_auditd_data_retention_disk_full_action_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_auditd_data_retention_disk_error_action_el5:tst:1"/>
          <criterion test_ref="oval:ssg-test_auditd_data_retention_disk_full_action_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_data_retention_audit_storage_failure:def:1" version="1">
      <metadata>
        <title>Auditd Email Account to Notify Upon Action</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account</description>
      <reference ref_id="auditd_data_retention_audit_storage_failure" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="action_mail_acct setting in /etc/auditd.conf is set to syslog or exec" test_ref="oval:ssg-test_auditd_data_retention_space_left_action_exec_syslog_el4:tst:1"/>
            <criteria operator="AND">
              <criterion comment="action_mail_acct setting in /etc/auditd.conf is set to email" test_ref="oval:ssg-test_auditd_data_retention_space_left_action_email_el4:tst:1"/>
              <criteria operator="OR">
                <criterion comment="action_mail_acct setting in /etc/auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_action_mail_acct_root_el4:tst:1"/>
                <criteria operator="AND">
                  <criterion comment="action_mail_acct setting in /etc/auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_action_mail_acct_external_el4:tst:1"/>
                  <criterion comment="package sendmail is installed" test_ref="oval:ssg-test_auditd_data_retention_audit_storage_failure_package_sendmail_installed:tst:1"/>
                </criteria>
              </criteria>
            </criteria>
          </criteria>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="action_mail_acct setting in /etc/audit/auditd.conf is set to syslog or exec" test_ref="oval:ssg-test_auditd_data_retention_space_left_action_exec_syslog_el5:tst:1"/>
            <criteria operator="AND">
              <criterion comment="action_mail_acct setting in /etc/audit/auditd.conf is set to email" test_ref="oval:ssg-test_auditd_data_retention_space_left_action_email_el5:tst:1"/>
              <criteria operator="OR">
                <criterion comment="action_mail_acct setting in /etc/audit/auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_action_mail_acct_root_el5:tst:1"/>
                <criteria operator="AND">
                  <criterion comment="action_mail_acct setting in /etc/audit/auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_action_mail_acct_external_el5:tst:1"/>
                  <criterion comment="package sendmail is installed" test_ref="oval:ssg-test_auditd_data_retention_audit_storage_failure_package_sendmail_installed:tst:1"/>
                </criteria>
              </criteria>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-banner_etc_issue:def:1" version="1">
      <metadata>
        <title>System Login Banner Compliance</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system login banner text should be set correctly.</description>
      <reference ref_id="banner_etc_issue" source="ssg"/></metadata>
      <criteria>
        <criterion comment="/etc/issue is set appropriately" test_ref="oval:ssg-test_banner_etc_issue:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-banner_gui_enabled:def:1" version="1">
      <metadata>
        <title>Enable GUI Warning Banner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Enable the GUI warning banner.</description>
      <reference ref_id="banner_gui_enabled" source="ssg"/></metadata>
      <criteria>
        <criterion comment="check settings" test_ref="oval:ssg-test_banner_gui_enabled:tst:1"/>
        <criterion comment="check settings" test_ref="oval:ssg-test_set_gdm_login_banner_text:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-baseline_device_files:def:1" version="1">
      <metadata>
        <title>Device Files Baseline Exists and is Checked Weekly</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>A baseline of device files on the system should be generated and checked weekly for changes.</description>
      <reference ref_id="baseline_device_files" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure /var/log/device-file-list exists" test_ref="oval:ssg-test_baseline_device_files_exists:tst:1"/>
        <criterion comment="make sure /etc/cron.weekly/baseline_checker.sh exists" test_ref="oval:ssg-test_baseline_device_files_cron:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-baseline_sgid_files:def:1" version="1">
      <metadata>
        <title>SGID Files Baseline Exists and is Checked Weekly</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>A baseline of sgid files on the system should be generated and checked weekly for changes.</description>
      <reference ref_id="baseline_sgid_files" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure /var/log/sgid-file-list exists" test_ref="oval:ssg-test_baseline_sgid_files_exists:tst:1"/>
        <criterion comment="make sure /etc/cron.weekly/baseline_checker.sh exists" test_ref="oval:ssg-test_baseline_sgid_files_cron:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-baseline_suid_files:def:1" version="1">
      <metadata>
        <title>SUID Files Baseline Exists and is Checked Weekly</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>A baseline of suid files on the system should be generated and checked weekly for changes.</description>
      <reference ref_id="baseline_suid_files" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure /var/log/suid-file-list exists" test_ref="oval:ssg-test_baseline_suid_files_exists:tst:1"/>
        <criterion comment="make sure /etc/cron.weekly/baseline_checker.sh exists" test_ref="oval:ssg-test_baseline_suid_files_cron:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-bootloader_audit_argument:def:1" version="1">
      <metadata>
        <title>Enable Auditing for Processes Which Start Prior to the Audit Daemon</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Look for argument audit=1 in the kernel line in /boot/grub/grub.conf.</description>
      <reference ref_id="bootloader_audit_argument" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_bootloader_audit_argument:tst:1" comment="check for audit=1 in /boot/grub/grub.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-bootloader_exists:def:1" version="1">
      <metadata>
        <title>Boot Loader Configuration Exists</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The grub boot loader configuration should exist.</description>
      <reference ref_id="bootloader_exists" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure /boot/grub/grub.conf exists" test_ref="oval:ssg-test_bootloader_exists:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-bootloader_nousb_argument:def:1" version="1">
      <metadata>
        <title>Disable Kernel Support for USB via Bootloader Configuration</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Look for argument "nousb" in the kernel line in /boot/grub/grub.conf</description>
      <reference ref_id="bootloader_nousb_argument" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_bootloader_nousb_argument:tst:1" comment="look for argument 'nousb' in the kernel line in /boot/grub/grub.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-bootloader_password:def:1" version="1">
      <metadata>
        <title>Set Boot Loader Password</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The grub boot loader should have password protection enabled.</description>
      <reference ref_id="bootloader_password" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure a password is defined in /boot/grub/grub.conf" test_ref="oval:ssg-test_bootloader_password:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-bootloader_password_hash:def:1" version="1">
      <metadata>
        <title>Set Boot Loader Password Hash</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The grub boot loader password should use a compliant hash.</description>
      <reference ref_id="bootloader_password_hash" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure a compliant password hash is defined in /boot/grub/grub.conf" test_ref="oval:ssg-test_bootloader_password_hash:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-cron_access_controlled:def:1" version="1">
      <metadata>
        <title>Files /etc/cron.allow And /etc/cron.deny Must Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/cron.allow and /etc/cron.deny must exist.</description>
      <reference ref_id="cron_access_controlled" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_cron_access_controlled_cron_allow:tst:1"/>
        <criterion test_ref="oval:ssg-test_cron_access_controlled_cron_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-cron_system_accounts:def:1" version="1">
      <metadata>
        <title>Files /etc/cron.allow And /etc/cron.deny Must Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/cron.allow and /etc/cron.deny must exist.</description>
      <reference ref_id="cron_system_accounts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_cron_system_accounts_cron_allow_exists:tst:1"/>
        <criterion test_ref="oval:ssg-test_cron_system_accounts_cron_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-dhcp_client_disable_ddns:def:1" version="1">
      <metadata>
        <title>DHCP Client Dynamic DNS Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The DHCP client must not send dynamic DNS updates.</description>
      <reference ref_id="dhcp_client_disable_ddns" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Check do-forward-updates in /etc/dhclient.conf" test_ref="oval:ssg-test_dhcp_client_disable_ddns:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-dir_perms_world_writable_sticky_bits:def:1" version="1">
      <metadata>
        <title>Verify that All World-Writable Directories Have Sticky Bits Set</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The sticky bit should be set for all world-writable directories.</description>
      <reference ref_id="dir_perms_world_writable_sticky_bits" source="ssg"/></metadata>
      <criteria>
        <criterion comment="all local world writable directories have sticky bit set" test_ref="oval:ssg-test_dir_perms_world_writable_sticky_bits:tst:1" negate="true"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-dir_perms_world_writable_system_owned:def:1" version="1">
      <metadata>
        <title>Find world writable directories not owned by a system account</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>All world writable directories should be owned by a system user.</description>
      <reference ref_id="dir_perms_world_writable_system_owned" source="ssg"/></metadata>
      <criteria comment="check for local directories that are world writable and have uid greater than or equal to 500" negate="true">
        <criterion comment="check for local directories that are world writable and have uid greater than or equal to 500" test_ref="oval:ssg-test_dir_world_writable_uid_gt_500:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-disable_ctrlaltdel_reboot:def:1" version="1">
      <metadata>
        <title>Disable the ability to reboot the system via ctrl+alt+del key sequence.</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Look for argument 'ca::ctrlaltdel:/sbin/shutdown -t3 -r now' in /etc/inittab.</description>
      <reference ref_id="disable_ctrlaltdel_reboot" source="ssg"/></metadata>
      <criteria>
        <criterion negate="true" test_ref="oval:ssg-test_disable_ctrlaltdel_reboot_conf:tst:1" comment="Look for argument 'exec /sbin/shutdown -r now' in /etc/init/control-alt-delete.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-disable_users_coredumps:def:1" version="1">
      <metadata>
        <title>Disable Core Dumps</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Core dumps for all users should be disabled</description>
      <reference ref_id="disable_users_coredumps" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Are core dumps disabled" test_ref="oval:ssg-test_core_dumps_limitsconf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ensure_gpgcheck_never_disabled:def:1" version="1">
      <metadata>
        <title>Ensure gpgcheck Enabled For All Yum Package Repositories</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Ensure all yum repositories utilize signature checking.</description>
      <reference ref_id="ensure_gpgcheck_never_disabled" source="ssg"/></metadata>
      <criteria comment="ensure all yum repositories utilize signiature checking" operator="AND">
        <criterion comment="check for nosignature in /etc/rpmrc" test_ref="oval:ssg-test_nosignature_etc_rpmrc:tst:1"/>
        <criterion comment="check for nosignature in /usr/lib/rpm/rpmrc" test_ref="oval:ssg-test_nosignature_usr_lib_rpm_rpmrc:tst:1"/>
        <criterion comment="check for nosignature in /usr/lib/rpm/redhat/rpmrc" test_ref="oval:ssg-test_nosignature_usr_lib_rpm_redhat_rpmrc:tst:1"/>
        <criterion comment="check for nosignature in /root/rpmrc" test_ref="oval:ssg-test_nosignature_root_rpmrc:tst:1"/>
        <criterion comment="verify no gpgpcheck=0 present in /etc/yum.repos.d files" test_ref="oval:ssg-test_ensure_gpgcheck_never_disabled_repos:tst:1"/>
        <criterion comment="verify no gpgpcheck=0 present in /etc/yum.conf" test_ref="oval:ssg-test_ensure_gpgcheck_never_disabled_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_aliases:def:1" version="1">
      <metadata>
        <title>Alias Files Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File group owner for alias files should be root.</description>
      <reference ref_id="file_groupowner_aliases" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="postfix is not installed" negate="true" definition_ref="oval:ssg-package_postfix_installed:def:1"/>
          <criteria operator="OR">
            <criterion test_ref="oval:ssg-test_file_groupowner_aliases_postfix_aliases:tst:1"/>
            <criterion test_ref="oval:ssg-test_file_groupowner_aliases_postfix_aliases_db:tst:1"/>
          </criteria>
        </criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="OR">
            <criterion test_ref="oval:ssg-test_file_groupowner_aliases_sendmail_aliases:tst:1"/>
            <criterion test_ref="oval:ssg-test_file_groupowner_aliases_sendmail_aliases_db:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_aliases_files:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/aliases Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for files referenced in /etc/aliases must be root.</description>
      <reference ref_id="file_groupowner_aliases_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_aliases_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_audio_devices:def:1" version="1">
      <metadata>
        <title>Audio Device Files Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for audio device files must be root.</description>
      <reference ref_id="file_groupowner_audio_devices" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_dev_audio:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_dev_snd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_audit_log:def:1" version="1">
      <metadata>
        <title>Audit Log Files Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for audit log files must be root.</description>
      <reference ref_id="file_groupowner_audit_log" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_file_groupowner_audit_log_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_file_groupowner_audit_log_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_audit_tools:def:1" version="1">
      <metadata>
        <title>Audit Tools Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for audit tools must be root.</description>
      <reference ref_id="file_groupowner_audit_tools" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_sbin_auditctl:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_sbin_auditd:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_sbin_ausearch:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_sbin_aureport:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_sbin_autrace:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_sbin_audispd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_bin_traceroute:def:1" version="1">
      <metadata>
        <title>File /bin/traceroute Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /bin/traceroute must be root.</description>
      <reference ref_id="file_groupowner_bin_traceroute" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_bin_traceroute:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_binary_dirs:def:1" version="1">
      <metadata>
        <title>Verify that System Executables Have System Group Ownership</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Checks that /etc, /bin, /usr/bin, /usr/lbin, /usr/usb, /sbin, /usr/sbin and objects therein, are group owned by a system account.</description>
      <reference ref_id="file_groupowner_binary_dirs" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_etc_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_etc_files:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_bin_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_bin_files:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_usr_bin_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_usr_bin_files:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_usr_lbin_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_usr_lbin_files:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_usr_usb_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_usr_usb_files:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_sbin_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_sbin_files:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_usr_sbin_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_groupowner_binary_dirs_usr_sbin_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_core_dump_dir:def:1" version="1">
      <metadata>
        <title>Core Dump Directory Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for the core dump directory must be root.</description>
      <reference ref_id="file_groupowner_core_dump_dir" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_core_dump_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_crontab_dirs:def:1" version="1">
      <metadata>
        <title>Crontab Directories Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for crontab directories must be root or the crontab creator.</description>
      <reference ref_id="file_groupowner_crontab_dirs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_dir_etc_cron_d:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_dir_etc_cron_daily:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_dir_etc_cron_hourly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_dir_etc_cron_monthly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_dir_etc_cron_weekly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_dir_var_spool_cron:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_crontab_files:def:1" version="1">
      <metadata>
        <title>Crontab Files Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for crontab files must be root or the crontab creator.</description>
      <reference ref_id="file_groupowner_crontab_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_crontab:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_cron_d:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_cron_daily:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_cron_hourly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_cron_monthly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_cron_weekly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_var_spool_cron:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_at_allow:def:1" version="1">
      <metadata>
        <title>File /etc/at.allow Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/at.allow must be root.</description>
      <reference ref_id="file_groupowner_etc_at_allow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_at_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_at_deny:def:1" version="1">
      <metadata>
        <title>File /etc/at.deny Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/at.deny must be root.</description>
      <reference ref_id="file_groupowner_etc_at_deny" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_at_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_cron_allow:def:1" version="1">
      <metadata>
        <title>File /etc/cron.allow Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/cron.allow must be root.</description>
      <reference ref_id="file_groupowner_etc_cron_allow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_cron_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_cron_deny:def:1" version="1">
      <metadata>
        <title>File /etc/cron.deny Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/cron.deny must be root.</description>
      <reference ref_id="file_groupowner_etc_cron_deny" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_cron_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_cups_printers_conf:def:1" version="1">
      <metadata>
        <title>File /etc/cups/printers.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/cups/printers.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_cups_printers_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_cups_printers_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_exports:def:1" version="1">
      <metadata>
        <title>File /etc/exports Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/exports must be root.</description>
      <reference ref_id="file_groupowner_etc_exports" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_exports:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_group:def:1" version="1">
      <metadata>
        <title>Verify group who owns 'group' file</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The /etc/group file should be owned by the appropriate
      group.</description>
      <reference ref_id="file_groupowner_etc_group" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_group:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_gshadow:def:1" version="1">
      <metadata>
        <title>Verify group who owns 'gshadow' file</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The /etc/gshadow file should be owned by the appropriate
      group.</description>
      <reference ref_id="file_groupowner_etc_gshadow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_gshadow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_hosts:def:1" version="1">
      <metadata>
        <title>File /etc/hosts Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/hosts must be root.</description>
      <reference ref_id="file_groupowner_etc_hosts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_hosts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_ldap_conf:def:1" version="1">
      <metadata>
        <title>File /etc/ldap.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/ldap.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_ldap_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_ldap_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_nsswitch_conf:def:1" version="1">
      <metadata>
        <title>File /etc/nsswitch.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/nsswitch.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_nsswitch_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_nsswitch_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_ntp_conf:def:1" version="1">
      <metadata>
        <title>File /etc/ntp.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/ntp.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_ntp_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_ntp_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_passwd:def:1" version="1">
      <metadata>
        <title>Verify group who owns 'passwd' file</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The /etc/passwd file should be owned by the appropriate
      group.</description>
      <reference ref_id="file_groupowner_etc_passwd" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_passwd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_resolv_conf:def:1" version="1">
      <metadata>
        <title>File /etc/resolv.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/resolv.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_resolv_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_resolv_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_samba_smb_conf:def:1" version="1">
      <metadata>
        <title>File /etc/samba/smb.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/samba/smb.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_samba_smb_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_samba_smb_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_samba_tdb:def:1" version="1">
      <metadata>
        <title>Files /etc/samba/passdb.tdb /etc/samba/secrets.tdb Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/samba/passdb.tdb and /etc/samba/secrets.tdb must be root.</description>
      <reference ref_id="file_groupowner_etc_samba_tdb" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_samba_passdb_tdb:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_samba_secrets_tdb:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_securetty:def:1" version="1">
      <metadata>
        <title>File /etc/securetty Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/securetty must be root.</description>
      <reference ref_id="file_groupowner_etc_securetty" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_securetty:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_security_access_conf:def:1" version="1">
      <metadata>
        <title>File /etc/security/access.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/security/access.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_security_access_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_security_access_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_services:def:1" version="1">
      <metadata>
        <title>File /etc/services Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/services must be root.</description>
      <reference ref_id="file_groupowner_etc_services" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_services:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_skel:def:1" version="1">
      <metadata>
        <title>File /etc/skel/* Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/skel/* must be root.</description>
      <reference ref_id="file_groupowner_etc_skel" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_skel:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_sysctl_conf:def:1" version="1">
      <metadata>
        <title>File /etc/sysctl.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/sysctl.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_sysctl_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_sysctl_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_syslog_conf:def:1" version="1">
      <metadata>
        <title>File /etc/syslog.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/syslog.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_syslog_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_syslog_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_etc_xinetd_conf:def:1" version="1">
      <metadata>
        <title>File /etc/xinetd.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/xinetd.conf must be root.</description>
      <reference ref_id="file_groupowner_etc_xinetd_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_xinetd_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_exports_dirs:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/exports Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for files referenced in /etc/exports must be root.</description>
      <reference ref_id="file_groupowner_exports_dirs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_exports_dirs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_ftpusers:def:1" version="1">
      <metadata>
        <title>FTP Users Files Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for the FTP users files must be root.</description>
      <reference ref_id="file_groupowner_ftpusers" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_ftpusers:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_vsftpd_ftpusers1:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_vsftpd_ftpusers2:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_global_initialization_files:def:1" version="1">
      <metadata>
        <title>Global Initialization Files Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for global initialization files must be root.</description>
      <reference ref_id="file_groupowner_global_initialization_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_bashrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_csh_cshrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_csh_login:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_csh_logout:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_environment:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_ksh_kshrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_profile:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_suid_profile:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_profiled:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_grub_conf:def:1" version="1">
      <metadata>
        <title>File grub.conf Owned By root Group </title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The grub.conf file should be owned by the root group. By default, this file is located at /boot/grub/grub.conf.</description>
      <reference ref_id="file_groupowner_grub_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_file_groupowner_grub_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_home_dirs:def:1" version="1">
      <metadata>
        <title>Files /home/* Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /home/* must be root.</description>
      <reference ref_id="file_groupowner_home_dirs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_home_dirs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_home_files:def:1" version="1">
      <metadata>
        <title>Files /home/* Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /home/* must be root.</description>
      <reference ref_id="file_groupowner_home_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_home_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_ldap_cacerts:def:1" version="1">
      <metadata>
        <title>LDAP TLS CA Cert File Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for the LDAP TLS CA cert must be root.</description>
      <reference ref_id="file_groupowner_ldap_cacerts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_ldap_cacerts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_ldap_certs:def:1" version="1">
      <metadata>
        <title>LDAP TLS Cert File Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for the LDAP TLS cert must be root.</description>
      <reference ref_id="file_groupowner_ldap_certs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_ldap_certs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_ldap_keys:def:1" version="1">
      <metadata>
        <title>LDAP TLS Key File Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for the LDAP TLS key must be root.</description>
      <reference ref_id="file_groupowner_ldap_keys" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_ldap_keys:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_local_initialization_files:def:1" version="1">
      <metadata>
        <title>Local Initialization Files Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for local initialization files must be root.</description>
      <reference ref_id="file_groupowner_local_initialization_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_local_initialization_files_home:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_local_initialization_files_root:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_run_control_scripts:def:1" version="1">
      <metadata>
        <title>File /etc/rc*/* and /etc/init.d/* Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /etc/rc*/* and /etc/init.d/* must be root.</description>
      <reference ref_id="file_groupowner_run_control_scripts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_rc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_groupowner_etc_initd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_shell_files:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/shells Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for files referenced in /etc/shells must be root.</description>
      <reference ref_id="file_groupowner_shell_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_shell_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_snmpd_conf:def:1" version="1">
      <metadata>
        <title>Files snmpd.conf Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for snmpd.conf must be root.</description>
      <reference ref_id="file_groupowner_snmpd_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_snmpd_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_var_spool_at:def:1" version="1">
      <metadata>
        <title>File /var/spool/at/* Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /var/spool/at/* must be root.</description>
      <reference ref_id="file_groupowner_var_spool_at" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_var_spool_at:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_groupowner_var_yp:def:1" version="1">
      <metadata>
        <title>File /var/yp/* Group Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Group owner for /var/yp/* must be root.</description>
      <reference ref_id="file_groupowner_var_yp" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_groupowner_var_yp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_aliases:def:1" version="1">
      <metadata>
        <title>Alias Files Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for alias files must be root.</description>
      <reference ref_id="file_owner_aliases" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="postfix is not installed" negate="true" definition_ref="oval:ssg-package_postfix_installed:def:1"/>
          <criteria operator="OR">
            <criterion test_ref="oval:ssg-test_file_owner_aliases_postfix_aliases:tst:1"/>
            <criterion test_ref="oval:ssg-test_file_owner_aliases_postfix_aliases_db:tst:1"/>
          </criteria>
        </criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="OR">
            <criterion test_ref="oval:ssg-test_file_owner_aliases_sendmail_aliases:tst:1"/>
            <criterion test_ref="oval:ssg-test_file_owner_aliases_sendmail_aliases_db:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_aliases_files:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/aliases Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for files referenced in /etc/aliases must be root.</description>
      <reference ref_id="file_owner_aliases_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_aliases_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_audio_devices:def:1" version="1">
      <metadata>
        <title>Audio Device Files Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for audio device files must be root.</description>
      <reference ref_id="file_owner_audio_devices" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_dev_audio:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_dev_snd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_audit_log:def:1" version="1">
      <metadata>
        <title>Audit Log Files Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for audit log files must be root.</description>
      <reference ref_id="file_owner_audit_log" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_file_owner_audit_log_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_file_owner_audit_log_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_audit_tools:def:1" version="1">
      <metadata>
        <title>Audit Tools Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for audit tools must be root.</description>
      <reference ref_id="file_owner_audit_tools" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_sbin_auditctl:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_sbin_auditd:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_sbin_ausearch:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_sbin_aureport:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_sbin_autrace:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_sbin_audispd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_bin_traceroute:def:1" version="1">
      <metadata>
        <title>File /bin/traceroute Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /bin/traceroute must be root.</description>
      <reference ref_id="file_owner_bin_traceroute" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_bin_traceroute:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_core_dump_dir:def:1" version="1">
      <metadata>
        <title>Core Dump Directory Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for the core dump directory must be root.</description>
      <reference ref_id="file_owner_core_dump_dir" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_core_dump_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_crontab_dirs:def:1" version="1">
      <metadata>
        <title>Crontab Directories Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for crontab directories must be root or the crontab creator.</description>
      <reference ref_id="file_owner_crontab_dirs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_dir_etc_cron_d:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_dir_etc_cron_daily:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_dir_etc_cron_hourly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_dir_etc_cron_monthly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_dir_etc_cron_weekly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_dir_var_spool_cron:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_crontab_files:def:1" version="1">
      <metadata>
        <title>Crontab Files Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for crontab files must be root or the crontab creator.</description>
      <reference ref_id="file_owner_crontab_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_crontab:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_cron_d:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_cron_daily:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_cron_hourly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_cron_monthly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_cron_weekly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_var_spool_cron:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_at_allow:def:1" version="1">
      <metadata>
        <title>File /etc/at.allow Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/at.allow must be root.</description>
      <reference ref_id="file_owner_etc_at_allow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_at_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_at_deny:def:1" version="1">
      <metadata>
        <title>File /etc/at.deny Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/at.deny must be root.</description>
      <reference ref_id="file_owner_etc_at_deny" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_at_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_cron_allow:def:1" version="1">
      <metadata>
        <title>File /etc/cron.allow Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/cron.allow must be root.</description>
      <reference ref_id="file_owner_etc_cron_allow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_cron_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_cron_deny:def:1" version="1">
      <metadata>
        <title>File /etc/cron.deny Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/cron.deny must be root.</description>
      <reference ref_id="file_owner_etc_cron_deny" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_cron_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_cups_printers_conf:def:1" version="1">
      <metadata>
        <title>File /etc/cups/printers.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/cups/printers.conf must be root.</description>
      <reference ref_id="file_owner_etc_cups_printers_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_cups_printers_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_exports:def:1" version="1">
      <metadata>
        <title>File /etc/exports Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/exports must be root.</description>
      <reference ref_id="file_owner_etc_exports" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_exports:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_group:def:1" version="1">
      <metadata>
        <title>Verify user who owns 'group' file</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The /etc/group file should be owned by the appropriate
      user.</description>
      <reference ref_id="file_owner_etc_group" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_group:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_gshadow:def:1" version="1">
      <metadata>
        <title>Verify user who owns 'gshadow' file</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The /etc/gshadow file should be owned by the appropriate
      user.</description>
      <reference ref_id="file_owner_etc_gshadow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_gshadow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_hosts:def:1" version="1">
      <metadata>
        <title>File /etc/hosts Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/hosts must be root.</description>
      <reference ref_id="file_owner_etc_hosts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_hosts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_ldap_conf:def:1" version="1">
      <metadata>
        <title>File /etc/ldap.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/ldap.conf must be root.</description>
      <reference ref_id="file_owner_etc_ldap_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_ldap_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_nsswitch_conf:def:1" version="1">
      <metadata>
        <title>File /etc/nsswitch.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/nsswitch.conf must be root.</description>
      <reference ref_id="file_owner_etc_nsswitch_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_nsswitch_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_ntp_conf:def:1" version="1">
      <metadata>
        <title>File /etc/ntp.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/ntp.conf must be root.</description>
      <reference ref_id="file_owner_etc_ntp_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_ntp_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_passwd:def:1" version="1">
      <metadata>
        <title>Verify user who owns 'passwd' file</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The /etc/passwd file should be owned by the appropriate
      user.</description>
      <reference ref_id="file_owner_etc_passwd" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_passwd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_resolv_conf:def:1" version="1">
      <metadata>
        <title>File /etc/resolv.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/resolv.conf must be root.</description>
      <reference ref_id="file_owner_etc_resolv_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_resolv_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_samba_smb_conf:def:1" version="1">
      <metadata>
        <title>File /etc/samba/smb.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/samba/smb.conf must be root.</description>
      <reference ref_id="file_owner_etc_samba_smb_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_samba_smb_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_samba_tdb:def:1" version="1">
      <metadata>
        <title>Files /etc/samba/passdb.tdb /etc/samba/secrets.tdb Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/samba/passdb.tdb and /etc/samba/secrets.tdb must be root.</description>
      <reference ref_id="file_owner_etc_samba_tdb" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_samba_passdb_tdb:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_samba_secrets_tdb:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_securetty:def:1" version="1">
      <metadata>
        <title>File /etc/securetty Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/securetty must be root.</description>
      <reference ref_id="file_owner_etc_securetty" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_securetty:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_security_access_conf:def:1" version="1">
      <metadata>
        <title>File /etc/security/access.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/security/access.conf must be root.</description>
      <reference ref_id="file_owner_etc_security_access_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_security_access_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_services:def:1" version="1">
      <metadata>
        <title>File /etc/services Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/services must be root.</description>
      <reference ref_id="file_owner_etc_services" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_services:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_shadow:def:1" version="2">
      <metadata>
        <title>Verify user who owns 'shadow' file</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The /etc/shadow file should be owned by the
      appropriate user.</description>
      <reference ref_id="file_owner_etc_shadow" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Check file ownership of /etc/shadow" test_ref="oval:ssg-test_file_owner_etc_shadow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_skel:def:1" version="1">
      <metadata>
        <title>File /etc/skel/* Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/skel/* must be root.</description>
      <reference ref_id="file_owner_etc_skel" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_skel:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_sysctl_conf:def:1" version="1">
      <metadata>
        <title>File /etc/sysctl.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/sysctl.conf must be root.</description>
      <reference ref_id="file_owner_etc_sysctl_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_sysctl_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_syslog_conf:def:1" version="1">
      <metadata>
        <title>File /etc/syslog.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/syslog.conf must be root.</description>
      <reference ref_id="file_owner_etc_syslog_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_syslog_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_etc_xinetd_conf:def:1" version="1">
      <metadata>
        <title>File /etc/xinetd.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/xinetd.conf must be root.</description>
      <reference ref_id="file_owner_etc_xinetd_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_xinetd_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_exports_dirs:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/exports Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for files referenced in /etc/exports must be root.</description>
      <reference ref_id="file_owner_exports_dirs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_exports_dirs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_ftpusers:def:1" version="1">
      <metadata>
        <title>FTP Users Files Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for the FTP users files must be root.</description>
      <reference ref_id="file_owner_ftpusers" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_ftpusers:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_vsftpd_ftpusers1:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_vsftpd_ftpusers2:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_global_initialization_files:def:1" version="1">
      <metadata>
        <title>Global Initialization Files Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for global initialization files must be root.</description>
      <reference ref_id="file_owner_global_initialization_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_bashrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_csh_cshrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_csh_login:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_csh_logout:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_environment:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_ksh_kshrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_profile:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_suid_profile:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_profiled:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_grub_conf:def:1" version="1">
      <metadata>
        <title>File grub.conf Owned By root Group </title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The grub.conf file should be owned by the root user. By default, this file is located at /boot/grub/grub.conf.</description>
      <reference ref_id="file_owner_grub_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_file_owner_grub_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_home_dirs:def:1" version="1">
      <metadata>
        <title>Files /home/* Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /home/* must be root.</description>
      <reference ref_id="file_owner_home_dirs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_home_dirs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_home_files:def:1" version="1">
      <metadata>
        <title>Files /home/* Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /home/* must be root.</description>
      <reference ref_id="file_owner_home_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_home_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_ldap_cacerts:def:1" version="1">
      <metadata>
        <title>LDAP TLS CA Cert File Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for the LDAP TLS CA cert must be root.</description>
      <reference ref_id="file_owner_ldap_cacerts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_ldap_cacerts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_ldap_certs:def:1" version="1">
      <metadata>
        <title>LDAP TLS Cert File Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for the LDAP TLS cert must be root.</description>
      <reference ref_id="file_owner_ldap_certs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_ldap_certs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_ldap_keys:def:1" version="1">
      <metadata>
        <title>LDAP TLS Key File Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for the LDAP TLS key must be root.</description>
      <reference ref_id="file_owner_ldap_keys" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_ldap_keys:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_local_initialization_files:def:1" version="1">
      <metadata>
        <title>Local Initialization Files Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for local initialization files must be root.</description>
      <reference ref_id="file_owner_local_initialization_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_local_initialization_files_home:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_local_initialization_files_root:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_run_control_scripts:def:1" version="1">
      <metadata>
        <title>File /etc/rc*/* and /etc/init.d/* Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /etc/rc*/* and /etc/init.d/* must be root.</description>
      <reference ref_id="file_owner_run_control_scripts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_etc_rc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_owner_etc_initd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_shell_files:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/shells Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for files referenced in /etc/shells must be root.</description>
      <reference ref_id="file_owner_shell_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_shell_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_smtp_logs:def:1" version="1">
      <metadata>
        <title>SMTP Log File Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for for the SMTP log file must be root.</description>
      <reference ref_id="file_owner_smtp_logs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_smtp_logs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_snmpd_conf:def:1" version="1">
      <metadata>
        <title>Files snmpd.conf Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for snmpd.conf must be root.</description>
      <reference ref_id="file_owner_snmpd_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_snmpd_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_var_spool_at:def:1" version="1">
      <metadata>
        <title>File /var/spool/at/* Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /var/spool/at/* must be root.</description>
      <reference ref_id="file_owner_var_spool_at" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_var_spool_at:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_owner_var_yp:def:1" version="1">
      <metadata>
        <title>File /var/yp/* Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /var/yp/* must be root.</description>
      <reference ref_id="file_owner_var_yp" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_owner_var_yp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_aliases:def:1" version="1">
      <metadata>
        <title>Alias Files Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for alias files must be 0644.</description>
      <reference ref_id="file_permissions_aliases" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="postfix is not installed" negate="true" definition_ref="oval:ssg-package_postfix_installed:def:1"/>
          <criteria operator="OR">
            <criterion test_ref="oval:ssg-test_file_permissions_aliases_postfix_aliases:tst:1"/>
            <criterion test_ref="oval:ssg-test_file_permissions_aliases_postfix_aliases_db:tst:1"/>
          </criteria>
        </criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="OR">
            <criterion test_ref="oval:ssg-test_file_permissions_aliases_sendmail_aliases:tst:1"/>
            <criterion test_ref="oval:ssg-test_file_permissions_aliases_sendmail_aliases_db:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_aliases_files:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/aliases permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for files referenced in /etc/aliases must be 0755.</description>
      <reference ref_id="file_permissions_aliases_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_aliases_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_audio_devices:def:1" version="1">
      <metadata>
        <title>Audio Device Files Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for audio device files must be 0660.</description>
      <reference ref_id="file_permissions_audio_devices" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_dev_audio:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_dev_snd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_audit_log:def:1" version="1">
      <metadata>
        <title>Audit Log Files Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for audit log files must be 0640.</description>
      <reference ref_id="file_permissions_audit_log" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
            <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_audit_log_el4:tst:1"/>
        </criteria>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="CentOS 5 is installed" definition_ref="oval:ssg-installed_OS_is_centos5:def:1"/>
            <extend_definition comment="RedHat 5 is installed" definition_ref="oval:ssg-installed_OS_is_rhel5:def:1"/>
          </criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_audit_log_el5:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_audit_tools:def:1" version="1">
      <metadata>
        <title>Audit Tools Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for audit tools must be 0750.</description>
      <reference ref_id="file_permissions_audit_tools" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_sbin_auditctl:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_sbin_auditd:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_sbin_ausearch:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_sbin_aureport:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_sbin_autrace:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_sbin_audispd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_bin_traceroute:def:1" version="1">
      <metadata>
        <title>File /bin/traceroute Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /bin/traceroute must be 0700.</description>
      <reference ref_id="file_permissions_bin_traceroute" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_bin_traceroute:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_core_dump_dir:def:1" version="1">
      <metadata>
        <title>Core Dump Directory Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Directory permissions for core dump files must be 0700.</description>
      <reference ref_id="file_permissions_core_dump_dir" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_core_dump_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_cron_files:def:1" version="1">
      <metadata>
        <title>Crontab Files Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for crontab files must be 0700.</description>
      <reference ref_id="file_permissions_cron_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_cron_daily:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_cron_hourly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_cron_monthly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_cron_weekly:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_cron_log_files:def:1" version="1">
      <metadata>
        <title>Cron Log File Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Cron log file permissions must be 0600.</description>
      <reference ref_id="file_permissions_cron_log_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_cron_log_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_crontab_dirs:def:1" version="1">
      <metadata>
        <title>Crontab Directories Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Permissions for crontab directories must be 755.</description>
      <reference ref_id="file_permissions_crontab_dirs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_dir_etc_cron_d:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_dir_etc_cron_daily:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_dir_etc_cron_hourly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_dir_etc_cron_monthly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_dir_etc_cron_weekly:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_dir_var_spool_cron:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_crontab_files:def:1" version="1">
      <metadata>
        <title>Crontab Files Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for crontab files must be 0600.</description>
      <reference ref_id="file_permissions_crontab_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_crontab:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_cron_d:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_var_spool_cron:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_at_allow:def:1" version="1">
      <metadata>
        <title>File /etc/at.allow Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/at.allow must be 0600.</description>
      <reference ref_id="file_permissions_etc_at_allow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_at_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_at_deny:def:1" version="1">
      <metadata>
        <title>File /etc/at.deny Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/at.deny must be 0600.</description>
      <reference ref_id="file_permissions_etc_at_deny" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_at_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_cron_allow:def:1" version="1">
      <metadata>
        <title>File /etc/cron.allow Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/cron.allow must be 0600.</description>
      <reference ref_id="file_permissions_etc_cron_allow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_cron_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_cron_deny:def:1" version="1">
      <metadata>
        <title>File /etc/cron.deny Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/cron.deny must be 0600.</description>
      <reference ref_id="file_permissions_etc_cron_deny" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_cron_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_cups_printers_conf:def:1" version="1">
      <metadata>
        <title>File /etc/cups/printers.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/cups/printers.conf must be 0644.</description>
      <reference ref_id="file_permissions_etc_cups_printers_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_cups_printers_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_exports:def:1" version="1">
      <metadata>
        <title>File /etc/exports Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/exports must be 0644.</description>
      <reference ref_id="file_permissions_etc_exports" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_exports:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_group:def:1" version="1">
      <metadata>
        <title>Verify permissions on 'group' file</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/group should be set
      correctly.</description>
      <reference ref_id="file_permissions_etc_group" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_group:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_gshadow:def:1" version="1">
      <metadata>
        <title>Verify /etc/gshadow Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>This test makes sure that /etc/gshadow is owned by 0, group owned by 0, and has mode 0400. If
      the target file or directory has an extended ACL then it will fail the mode check.</description>
      <reference ref_id="file_permissions_etc_gshadow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_etc_gshadow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_hosts:def:1" version="1">
      <metadata>
        <title>File /etc/hosts Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/hosts must be 0644.</description>
      <reference ref_id="file_permissions_etc_hosts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_hosts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_ldap_conf:def:1" version="1">
      <metadata>
        <title>File /etc/ldap.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/ldap.conf must be 0644.</description>
      <reference ref_id="file_permissions_etc_ldap_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_ldap_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_news_incoming_conf:def:1" version="1">
      <metadata>
        <title>File /etc/news/incoming.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/news/incoming.conf must be 0600.</description>
      <reference ref_id="file_permissions_etc_news_incoming_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_news_incoming_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_news_infeed_conf:def:1" version="1">
      <metadata>
        <title>File /etc/news/infeed.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/news/infeed.conf must be 0600.</description>
      <reference ref_id="file_permissions_etc_news_infeed_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_news_infeed_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_news_passwd_nntp:def:1" version="1">
      <metadata>
        <title>File /etc/news/passwd.nntp Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/news/passwd.nntp must be 0600.</description>
      <reference ref_id="file_permissions_etc_news_passwd_nntp" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_news_passwd_nntp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_nsswitch_conf:def:1" version="1">
      <metadata>
        <title>File /etc/nsswitch.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/nsswitch.conf must be 0644.</description>
      <reference ref_id="file_permissions_etc_nsswitch_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_nsswitch_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_ntp_conf:def:1" version="1">
      <metadata>
        <title>File /etc/ntp.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/ntp.conf must be 0640.</description>
      <reference ref_id="file_permissions_etc_ntp_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_ntp_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_passwd:def:1" version="1">
      <metadata>
        <title>Verify /etc/passwd Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>This test makes sure that /etc/passwd is owned by 0, group owned by 0, and has mode 0644. If
      the target file or directory has an extended ACL then it will fail the mode check.</description>
      <reference ref_id="file_permissions_etc_passwd" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_etc_passwd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_resolv_conf:def:1" version="1">
      <metadata>
        <title>File /etc/resolv.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/resolv.conf must be 0644.</description>
      <reference ref_id="file_permissions_etc_resolv_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_resolv_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_samba_smb_conf:def:1" version="1">
      <metadata>
        <title>File /etc/samba/smb.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/samba/smb.conf must be 0644.</description>
      <reference ref_id="file_permissions_etc_samba_smb_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_samba_smb_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_samba_tdb:def:1" version="1">
      <metadata>
        <title>Files /etc/samba/passdb.tdb /etc/samba/secrets.tdb Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/samba/passdb.tdb and /etc/samba/secrets.tdb must be 0600.</description>
      <reference ref_id="file_permissions_etc_samba_tdb" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_samba_passdb_tdb:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_samba_secrets_tdb:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_securetty:def:1" version="1">
      <metadata>
        <title>File /etc/securetty Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Permissions for /etc/securetty must be 0600.</description>
      <reference ref_id="file_permissions_etc_securetty" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_securetty:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_security_access_conf:def:1" version="1">
      <metadata>
        <title>File /etc/security/access.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/security/access.conf must be 0640.</description>
      <reference ref_id="file_permissions_etc_security_access_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_security_access_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_services:def:1" version="1">
      <metadata>
        <title>File /etc/services Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/services must be 0644.</description>
      <reference ref_id="file_permissions_etc_services" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_services:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_shadow:def:1" version="1">
      <metadata>
        <title>Verify /etc/shadow Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>This test makes sure that /etc/shadow has mode 0400. If
      the target file or directory has an extended ACL then it will fail the mode check.</description>
      <reference ref_id="file_permissions_etc_shadow" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_etc_shadow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_skel:def:1" version="1">
      <metadata>
        <title>File /etc/skel/* Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/skel/* must be 0644.</description>
      <reference ref_id="file_permissions_etc_skel" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_skel:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_sysctl_conf:def:1" version="1">
      <metadata>
        <title>File /etc/sysctl.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/sysctl.conf must be 0600.</description>
      <reference ref_id="file_permissions_etc_sysctl_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_sysctl_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_syslog_conf:def:1" version="1">
      <metadata>
        <title>File /etc/syslog.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/syslog.conf must be 0640.</description>
      <reference ref_id="file_permissions_etc_syslog_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_syslog_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_xinetd_conf:def:1" version="1">
      <metadata>
        <title>File /etc/xinetd.conf and /etc/xinetd.d/* Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/xinetd.conf and /etc/xinetd.d/* must be 0640.</description>
      <reference ref_id="file_permissions_etc_xinetd_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_xinetd_conf:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_xinetd_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_etc_xinetd_dir:def:1" version="1">
      <metadata>
        <title>Directory /etc/xinetd.d Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Directory permissions for /etc/xinetd.d must be 0755.</description>
      <reference ref_id="file_permissions_etc_xinetd_dir" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_xinetd_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_aliases:def:1" version="1">
      <metadata>
        <title>Alias Files Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for alias files should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_aliases" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criteria operator="OR">
            <extend_definition comment="postfix is not installed" negate="true" definition_ref="oval:ssg-package_postfix_installed:def:1"/>
            <criteria operator="OR">
              <criterion test_ref="oval:ssg-test_file_permissions_extended_aliases_postfix_aliases:tst:1"/>
              <criterion test_ref="oval:ssg-test_file_permissions_extended_aliases_postfix_aliases_db:tst:1"/>
            </criteria>
          </criteria>
          <criteria operator="OR">
            <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
            <criteria operator="OR">
              <criterion test_ref="oval:ssg-test_file_permissions_extended_aliases_sendmail_aliases:tst:1"/>
              <criterion test_ref="oval:ssg-test_file_permissions_extended_aliases_sendmail_aliases_db:tst:1"/>
            </criteria>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_aliases_files:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/aliases extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for files referenced in /etc/aliases should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_aliases_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_aliases_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_audio_devices:def:1" version="1">
      <metadata>
        <title>Audio Device Files Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for audio device files should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_audio_devices" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_dev_audio:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_dev_snd:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_audit_log:def:1" version="1">
      <metadata>
        <title>Audit Log Files extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for audit log files should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_audit_log" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_audit_log:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_audit_tools:def:1" version="1">
      <metadata>
        <title>Audit Tools Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for audit tools should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_audit_tools" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_sbin_auditctl:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_sbin_auditd:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_sbin_ausearch:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_sbin_aureport:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_sbin_autrace:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_sbin_audispd:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_bin_traceroute:def:1" version="1">
      <metadata>
        <title>File /bin/traceroute Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /bin/traceroute should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_bin_traceroute" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_bin_traceroute:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_binary_dirs:def:1" version="1">
      <metadata>
        <title>Binary Files Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for files in binary directories should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_binary_dirs" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_binary_dirs_etc:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_binary_dirs_bin:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_binary_dirs_usr_bin:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_binary_dirs_usr_lbin:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_binary_dirs_usr_usb:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_binary_dirs_sbin:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_binary_dirs_usr_sbin:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_core_dump_dir:def:1" version="1">
      <metadata>
        <title>Core Dump Directory Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the core dump directory should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_core_dump_dir" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_core_dump_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_cron_log_files:def:1" version="1">
      <metadata>
        <title>Cron Log Files Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for cron log files should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_cron_log_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_cron_log_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_crontab_dirs:def:1" version="1">
      <metadata>
        <title>Crontab Directories Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Directory permissions for crontab directories should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_crontab_dirs" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_crontab:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_d:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_daily:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_hourly:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_monthly:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_weekly:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_dirs_var_spool_cron:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_crontab_files:def:1" version="1">
      <metadata>
        <title>Crontab Files Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for crontab files should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_crontab_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_files_etc_crontab:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_d:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_daily:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_hourly:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_monthly:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_weekly:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_crontab_files_var_spool_cron:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_at_allow:def:1" version="1">
      <metadata>
        <title>File /etc/at.allow Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/at.allow should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_at_allow" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_at_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_at_deny:def:1" version="1">
      <metadata>
        <title>File /etc/at.deny Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/at.deny should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_at_deny" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_at_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_cron_allow:def:1" version="1">
      <metadata>
        <title>File /etc/cron.allow Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/cron.allow should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_cron_allow" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_cron_allow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_cron_deny:def:1" version="1">
      <metadata>
        <title>File /etc/cron.deny Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/cron.deny should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_cron_deny" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_cron_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_cups_printers_conf:def:1" version="1">
      <metadata>
        <title>File /etc/cups/printers.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/cups/printers.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_cups_printers_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_cups_printers_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_exports:def:1" version="1">
      <metadata>
        <title>File /etc/exports Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/exports should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_exports" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_exports:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_group:def:1" version="1">
      <metadata>
        <title>File /etc/group Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/group should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_group" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_group:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_gshadow:def:1" version="1">
      <metadata>
        <title>File /etc/gshadow Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/gshadow should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_gshadow" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_gshadow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_hosts:def:1" version="1">
      <metadata>
        <title>File /etc/hosts Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/hosts should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_hosts" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_hosts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_ldap_conf:def:1" version="1">
      <metadata>
        <title>File /etc/ldap.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/ldap.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_ldap_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_ldap_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_news_incoming_conf:def:1" version="1">
      <metadata>
        <title>File /etc/news/incoming.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/news/incoming.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_news_incoming_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_news_incoming_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_news_infeed_conf:def:1" version="1">
      <metadata>
        <title>File /etc/news/infeed.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/news/infeed.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_news_infeed_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_news_infeed_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_news_nnrp_access:def:1" version="1">
      <metadata>
        <title>File /etc/news/nnrp.access Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/news/nnrp.access should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_news_nnrp_access" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_news_nnrp_access:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_news_passwd_nntp:def:1" version="1">
      <metadata>
        <title>File /etc/news/passwd.nntp Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/news/passwd.nntp should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_news_passwd_nntp" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_news_passwd_nntp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_nsswitch_conf:def:1" version="1">
      <metadata>
        <title>File /etc/nsswitch.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/nsswitch.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_nsswitch_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_nsswitch_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_ntp_conf:def:1" version="1">
      <metadata>
        <title>File /etc/ntp.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/ntp.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_ntp_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_ntp_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_passwd:def:1" version="1">
      <metadata>
        <title>File /etc/passwd Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/passwd should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_passwd" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_passwd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_resolv_conf:def:1" version="1">
      <metadata>
        <title>File /etc/resolv.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/resolv.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_resolv_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_resolv_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_samba_smb_conf:def:1" version="1">
      <metadata>
        <title>File /etc/samba/smb.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/samba/smb.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_samba_smb_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_samba_smb_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_samba_tdb:def:1" version="1">
      <metadata>
        <title>Files /etc/samba/passdb.tdb /etc/samba/secrets.tdb Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/samba/passdb.tdb and /etc/samba/secrets.tdb should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_samba_tdb" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_samba_passdb_tdb:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_samba_secrets_tdb:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_security_access_conf:def:1" version="1">
      <metadata>
        <title>File /etc/security/access.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/security/access.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_security_access_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_security_access_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_services:def:1" version="1">
      <metadata>
        <title>File /etc/services Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/services should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_services" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_services:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_shadow:def:1" version="1">
      <metadata>
        <title>File /etc/shadow Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/shadow should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_shadow" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_shadow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_skel:def:1" version="1">
      <metadata>
        <title>File /etc/skel/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/skel/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_skel" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_skel:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_sysctl_conf:def:1" version="1">
      <metadata>
        <title>File /etc/sysctl.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/sysctl.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_sysctl_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_sysctl_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_syslog_conf:def:1" version="1">
      <metadata>
        <title>File /etc/syslog.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/syslog.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_syslog_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_syslog_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_xinetd_conf:def:1" version="1">
      <metadata>
        <title>File /etc/xinetd.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/xinetd.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_xinetd_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_xinetd_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_etc_xinetd_dir:def:1" version="1">
      <metadata>
        <title>File /etc/xinetd.d/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/xinetd.d/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_etc_xinetd_dir" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_xinetd_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_ftpusers:def:1" version="1">
      <metadata>
        <title>FTP Users Files Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the FTP users files should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_ftpusers" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_ftpusers:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_vsftpd_ftpusers1:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_vsftpd_ftpusers2:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_global_initialization_files:def:1" version="1">
      <metadata>
        <title>Global Initialization Files Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for global initialization files should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_global_initialization_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_bashrc:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_csh_cshrc:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_csh_login:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_csh_logout:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_environment:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_ksh_kshrc:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_profile:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_suid_profile:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_profiled:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_grub_conf:def:1" version="1">
      <metadata>
        <title>File /boot/grub/grub.conf extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /boot/grub/grub.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_grub_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_grub_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_home_dirs:def:1" version="1">
      <metadata>
        <title>Files /home/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /home/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_home_dirs" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_home_dirs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_home_files:def:1" version="1">
      <metadata>
        <title>Files /home/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /home/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_home_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_home_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_ldap_cacerts:def:1" version="1">
      <metadata>
        <title>LDAP TLS CA Cert File Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the LDAP TLS CA cert should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_ldap_cacerts" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_ldap_cacerts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_ldap_certs:def:1" version="1">
      <metadata>
        <title>LDAP TLS Cert File Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the LDAP TLS cert should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_ldap_certs" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_ldap_certs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_ldap_keys:def:1" version="1">
      <metadata>
        <title>LDAP TLS Key File Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the LDAP TLS key should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_ldap_keys" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_ldap_keys:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_library_dirs:def:1" version="1">
      <metadata>
        <title>File /lib/* and /usr/lib/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /lib/* and /usr/lib/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_library_dirs" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_library_dirs_lib:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_library_dirs_usr_lib:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_local_initialization_files:def:1" version="1">
      <metadata>
        <title>Local Initialization Files Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for local initialization files should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_local_initialization_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_local_initialization_files_home:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_local_initialization_files_root:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_man_pages:def:1" version="1">
      <metadata>
        <title>File Man Pages Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for man pages should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_man_pages" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_usr_share_man:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_usr_share_info:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_usr_share_infopage:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_mib_files:def:1" version="1">
      <metadata>
        <title>Files *.mib Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for *.mib files should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_mib_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_mib_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_root_dir:def:1" version="1">
      <metadata>
        <title>Directory /root Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Directory permissions for /root should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_root_dir" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_root_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_run_control_scripts:def:1" version="1">
      <metadata>
        <title>File /etc/rc*/* and /etc/init.d/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/rc*/* and /etc/init.d/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_run_control_scripts" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_rc:tst:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_extended_etc_initd:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_shell_files:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/shells Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for files referenced in /etc/shells should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_shell_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_shell_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_smtp_logs:def:1" version="1">
      <metadata>
        <title>SMTP Log File Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the SMTP log file should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_smtp_logs" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_smtp_logs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_snmpd_conf:def:1" version="1">
      <metadata>
        <title>Files snmpd.conf Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for snmpd.conf should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_snmpd_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_snmpd_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_usr_sbin_dir:def:1" version="1">
      <metadata>
        <title>File /usr/sbin/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /usr/sbin/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_usr_sbin_dir" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_usr_sbin_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_var_log:def:1" version="1">
      <metadata>
        <title>File /var/log/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /var/log/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_var_log" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_var_log:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_var_spool_at:def:1" version="1">
      <metadata>
        <title>File /var/spool/at/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /var/spool/at/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_var_spool_at" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_var_spool_at:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_var_yp:def:1" version="1">
      <metadata>
        <title>File /var/yp/* Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /var/yp/* should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_var_yp" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_var_yp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_extended_xauthority_files:def:1" version="1">
      <metadata>
        <title>Files /home/.Xauthority and /home/.xauth Extended ACLs</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /home/.Xauthority and /home/.xauth should not have extended ACLs.</description>
      <reference ref_id="file_permissions_extended_xauthority_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_extended_xauthority_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_ftpusers:def:1" version="1">
      <metadata>
        <title>FTP Users Files Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the FTP users files must be 0640.</description>
      <reference ref_id="file_permissions_ftpusers" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_ftpusers:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_vsftpd_ftpusers1:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_vsftpd_ftpusers2:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_global_initialization_files:def:1" version="1">
      <metadata>
        <title>Global Initialization Files Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for global initialization files must be 0644.</description>
      <reference ref_id="file_permissions_global_initialization_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_bashrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_csh_cshrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_csh_login:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_csh_logout:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_environment:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_ksh_kshrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_profile:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_suid_profile:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_profiled:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_grub_conf:def:1" version="1">
      <metadata>
        <title>File /boot/grub/grub.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /boot/grub/grub.conf should be set to 0600.</description>
      <reference ref_id="file_permissions_grub_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_grub_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_home_dirs:def:1" version="1">
      <metadata>
        <title>Proper Permissions User Home Directories</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>All user home directories must have mode 0750 or less permissive.</description>
      <reference ref_id="file_permissions_home_dirs" source="ssg"/></metadata>
      <criteria>
        <criterion comment="home directories" test_ref="oval:ssg-test_file_permissions_home_dirs:tst:1" negate="true"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_home_files:def:1" version="1">
      <metadata>
        <title>Files /home/* Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /home/* must be 0750.</description>
      <reference ref_id="file_permissions_home_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_home_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_ldap_cacerts:def:1" version="1">
      <metadata>
        <title>LDAP TLS CA Cert File Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the LDAP TLS CA cert must be 0644.</description>
      <reference ref_id="file_permissions_ldap_cacerts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_ldap_cacerts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_ldap_certs:def:1" version="1">
      <metadata>
        <title>LDAP TLS cert File Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the LDAP TLS cert must be 0644.</description>
      <reference ref_id="file_permissions_ldap_certs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_ldap_certs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_ldap_keys:def:1" version="1">
      <metadata>
        <title>LDAP TLS Key File Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the LDAP TLS key must be 0600.</description>
      <reference ref_id="file_permissions_ldap_keys" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_ldap_keys:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_library_dirs:def:1" version="1">
      <metadata>
        <title>Verify that Shared Library Files Have Restrictive Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Checks that /lib, /usr/lib and objects therein, are not group-writable
      or world-writable.</description>
      <reference ref_id="file_permissions_library_dirs" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_perms_lib_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_perms_usr_lib_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_perms_lib_files:tst:1"/>
        <criterion test_ref="oval:ssg-test_perms_usr_lib_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_local_initialization_files:def:1" version="1">
      <metadata>
        <title>Local Initialization Files Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for local initialization files must be 0740.</description>
      <reference ref_id="file_permissions_local_initialization_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_local_initialization_files_home:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_local_initialization_files_root:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_man_pages:def:1" version="1">
      <metadata>
        <title>File Man Pages Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for man pages must be 0644.</description>
      <reference ref_id="file_permissions_man_pages" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_usr_share_man:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_usr_share_info:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_usr_share_infopage:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_mib_files:def:1" version="1">
      <metadata>
        <title>Files *.mib Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for *.mib files must be 0640.</description>
      <reference ref_id="file_permissions_mib_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_mib_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_root_dir:def:1" version="1">
      <metadata>
        <title>Directory /root Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Directory permissions for /root must be 0700.</description>
      <reference ref_id="file_permissions_root_dir" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_root_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_run_control_scripts:def:1" version="1">
      <metadata>
        <title>File /etc/rc*/* and /etc/init.d/* Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/rc*/* and /etc/init.d/* must be 0755.</description>
      <reference ref_id="file_permissions_run_control_scripts" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_rc:tst:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_etc_initd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_shell_files:def:1" version="1">
      <metadata>
        <title>Files Referenced In /etc/shells Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for files referenced in /etc/shells must be 0755.</description>
      <reference ref_id="file_permissions_shell_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_shell_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_smtp_logs:def:1" version="1">
      <metadata>
        <title>SMTP Log File Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>SMTP log file permissions must be 0640.</description>
      <reference ref_id="file_permissions_smtp_logs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_smtp_logs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_snmpd_conf:def:1" version="1">
      <metadata>
        <title>Files snmpd.conf Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for snmpd.conf must be 0600.</description>
      <reference ref_id="file_permissions_snmpd_conf" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_snmpd_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_ssh_private_host_keys:def:1" version="1">
      <metadata>
        <title>File /etc/ssh/*key Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/ssh/*key must be 0600.</description>
      <reference ref_id="file_permissions_ssh_private_host_keys" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_ssh_private_host_keys:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_ssh_public_host_keys:def:1" version="1">
      <metadata>
        <title>File /etc/ssh/*key.pub Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /etc/ssh/*key.pub must be 0644.</description>
      <reference ref_id="file_permissions_ssh_public_host_keys" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_ssh_public_host_keys:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_tftp_binary:def:1" version="1">
      <metadata>
        <title>TFTP Binary File Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for the TFTP binary must be 0755.</description>
      <reference ref_id="file_permissions_tftp_binary" source="ssg"/></metadata>
      <criteria comment="package tftp-server removed or /etc/xinetd.d/tftp configured correctly" operator="OR">
        <extend_definition comment="rpm package tftp-server removed" definition_ref="oval:ssg-package_tftp-server_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_tftp_binary:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_unauthorized_world_writable:def:1" version="1">
      <metadata>
        <title>Find Unauthorized World-Writable Files</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The world-write permission should be disabled for all files.</description>
      <reference ref_id="file_permissions_unauthorized_world_writable" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_unauthorized_world_write:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_usr_bin_ldd:def:1" version="1">
      <metadata>
        <title>File /usr/bin/ldd Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /usr/bin/ldd must not have executable permission bits set.</description>
      <reference ref_id="file_permissions_usr_bin_ldd" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_usr_bin_ldd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_usr_sbin_dir:def:1" version="1">
      <metadata>
        <title>File /usr/sbin/* Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /usr/sbin/* must be 0755.</description>
      <reference ref_id="file_permissions_usr_sbin_dir" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_usr_sbin_dir:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_var_log:def:1" version="1">
      <metadata>
        <title>File /var/log/* Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /var/log/* must be 0640.</description>
      <reference ref_id="file_permissions_var_log" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_var_log:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_var_spool_at:def:1" version="1">
      <metadata>
        <title>File /var/spool/at/* Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /var/spool/at/* must be 0755.</description>
      <reference ref_id="file_permissions_var_spool_at" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_var_spool_at:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_var_yp:def:1" version="1">
      <metadata>
        <title>File /var/yp/* Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /var/yp/* must be 0755.</description>
      <reference ref_id="file_permissions_var_yp" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_var_yp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_xauthority_files:def:1" version="1">
      <metadata>
        <title>Files /home/.Xauthority and /home/.xauth Permissions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>File permissions for /home/.Xauthority and /home/.xauth must be 0600.</description>
      <reference ref_id="file_permissions_xauthority_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_file_permissions_xauthority_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ftp_anonymous_shell:def:1" version="1">
      <metadata>
        <title>Anonymous FTP Shell</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Anonymous FTP accounts must not have a functional shell.</description>
      <reference ref_id="ftp_anonymous_shell" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_ftp_anonymous_shell:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ftp_default_umask:def:1" version="1">
      <metadata>
        <title>FTP Users Umask Must Be 077</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>All FTP users must have a default umask of 077.</description>
      <reference ref_id="ftp_default_umask" source="ssg"/></metadata>
      <criteria>
        <criteria comment="package krb5-workstation removed or service gssftp is not configured to start" operator="OR">
          <extend_definition comment="krb5-workstation removed" definition_ref="oval:ssg-package_krb5-workstation_removed:def:1"/>
          <criteria operator="AND" comment="service gssftp is not configured to start">
            <criterion test_ref="oval:ssg-test_ftp_default_umask_gssftp:tst:1"/>
          </criteria>
        </criteria>
        <criteria comment="package vsftpd removed or service vsftpd is not configured to start" operator="OR">
          <extend_definition comment="vsftpd removed" definition_ref="oval:ssg-package_vsftpd_removed:def:1"/>
          <criteria operator="AND" comment="service gssftp is not configured to start">
            <criterion test_ref="oval:ssg-test_ftp_default_umask_local_vsftpd:tst:1"/>
            <criterion test_ref="oval:ssg-test_ftp_default_umask_anon_vsftpd:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ftp_enable_warning_banner:def:1" version="1">
      <metadata>
        <title>Enable a Warning Banner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>FTP warning banner should be enabled (and dependencies are
      met)</description>
      <reference ref_id="ftp_enable_warning_banner" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="krb5-workstation removed" definition_ref="oval:ssg-package_krb5-workstation_removed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Check gssftp Banner in /etc/xinetd.d/gssftp" test_ref="oval:ssg-test_ftp_enable_warning_banner_gssftp:tst:1"/>
            <criterion comment="Check gssftp Banner Text" test_ref="oval:ssg-test_ftp_enable_warning_banner_gssftp_text:tst:1"/>
          </criteria>
        </criteria>
        <criteria operator="OR">
          <extend_definition comment="vsftpd removed" definition_ref="oval:ssg-package_vsftpd_removed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Check vsftpd Banner in /etc/vsftpd/vsftpd.conf" test_ref="oval:ssg-test_ftp_enable_warning_banner_vsftpd:tst:1"/>
            <criterion comment="Check vsftpd Banner Text" test_ref="oval:ssg-test_ftp_enable_warning_banner_vsftpd_text:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ftp_ftpusers_file_empty:def:1" version="1">
      <metadata>
        <title>FTP Users File Must Not Be Empty</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The ftpusers file must contain account names not allowed to use FTP.</description>
      <reference ref_id="ftp_ftpusers_file_empty" source="ssg"/></metadata>
      <criteria>
        <criteria comment="package krb5-workstation removed or service gssftp is not configured to start" operator="OR">
          <extend_definition comment="krb5-workstation removed" definition_ref="oval:ssg-package_krb5-workstation_removed:def:1"/>
          <criteria operator="AND" comment="service gssftp is not configured to start">
            <criterion test_ref="oval:ssg-test_ftp_ftpusers_file_empty_gssftp:tst:1"/>
          </criteria>
        </criteria>
        <criteria comment="package vsftpd removed or service vsftpd is not configured to start" operator="OR">
          <extend_definition comment="vsftpd removed" definition_ref="oval:ssg-package_vsftpd_removed:def:1"/>
          <criteria operator="OR" comment="service gssftp is not configured to start">
            <criterion test_ref="oval:ssg-test_ftp_ftpusers_file_empty_vsftpd1:tst:1"/>
            <criterion test_ref="oval:ssg-test_ftp_ftpusers_file_empty_vsftpd2:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ftp_ftpusers_file_exists:def:1" version="1">
      <metadata>
        <title>FTP Users File Must Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The ftpusers file must exist.</description>
      <reference ref_id="ftp_ftpusers_file_exists" source="ssg"/></metadata>
      <criteria>
        <criteria comment="package krb5-workstation removed or service gssftp is not configured to start" operator="OR">
          <extend_definition comment="krb5-workstation removed" definition_ref="oval:ssg-package_krb5-workstation_removed:def:1"/>
          <criteria operator="AND" comment="service gssftp is not configured to start">
            <criterion test_ref="oval:ssg-test_ftp_ftpusers_file_exists_gssftp:tst:1"/>
          </criteria>
        </criteria>
        <criteria comment="package vsftpd removed or service vsftpd is not configured to start" operator="OR">
          <extend_definition comment="vsftpd removed" definition_ref="oval:ssg-package_vsftpd_removed:def:1"/>
          <criteria operator="OR" comment="service gssftp is not configured to start">
            <criterion test_ref="oval:ssg-test_ftp_ftpusers_file_exists_vsftpd1:tst:1"/>
            <criterion test_ref="oval:ssg-test_ftp_ftpusers_file_exists_vsftpd2:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ftp_log_transactions:def:1" version="1">
      <metadata>
        <title>FTP Logging Enabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The FTP daemon must be configured for logging or verbose mode.</description>
      <reference ref_id="ftp_log_transactions" source="ssg"/></metadata>
      <criteria>
        <criteria comment="package krb5-workstation removed or service gssftp is not configured to start" operator="OR">
          <extend_definition comment="krb5-workstation removed" definition_ref="oval:ssg-package_krb5-workstation_removed:def:1"/>
          <criteria operator="AND" comment="service gssftp is not configured to start">
            <criterion test_ref="oval:ssg-test_ftp_log_transactions_gssftp:tst:1"/>
          </criteria>
        </criteria>
        <criteria comment="package vsftpd removed or service vsftpd is not configured to start" operator="OR">
          <extend_definition comment="vsftpd removed" definition_ref="oval:ssg-package_vsftpd_removed:def:1"/>
          <criteria operator="OR" comment="service gssftp is not configured to start">
            <criterion test_ref="oval:ssg-test_ftp_log_transactions_vsftpd:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-gconf_gnome_screensaver_idle_activation_enabled:def:1" version="1">
      <metadata>
        <title>Implement idle activation of screen saver</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Idle activation of the screen saver should be enabled.</description>
      <reference ref_id="gconf_gnome_screensaver_idle_activation_enabled" source="ssg"/></metadata>
      <criteria>
        <criterion comment="gnome screensaver is activated on idle" test_ref="oval:ssg-test_gnome_screensaver_idle_activated:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-gconf_gnome_screensaver_idle_delay:def:1" version="1">
      <metadata>
        <title>Configure GUI Screen Locking</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The allowed period of inactivity before the screensaver is activated.</description>
      <reference ref_id="gconf_gnome_screensaver_idle_delay" source="ssg"/></metadata>
      <criteria>
        <criterion comment="check value of idle_delay in GCONF" test_ref="oval:ssg-test_gnome_screensaver_idle_delay:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-gconf_gnome_screensaver_lock_enabled:def:1" version="1">
      <metadata>
        <title>Implement idle activation of screen lock</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Idle activation of the screen lock should be enabled.</description>
      <reference ref_id="gconf_gnome_screensaver_lock_enabled" source="ssg"/></metadata>
      <criteria>
        <criterion comment="screensaver lock is enabled" test_ref="oval:ssg-test_screensaver_lock_enabled:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-global_initialization_files_mesg:def:1" version="1">
      <metadata>
        <title>Global Initialization Files Messaging</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Global initialization files should have mesg n or mesg -n to disable messaging.</description>
      <reference ref_id="global_initialization_files_mesg" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_global_initialization_files_mesg_etc_bashrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_global_initialization_files_mesg_etc_csh_cshrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_global_initialization_files_mesg_etc_csh_login:tst:1"/>
        <criterion test_ref="oval:ssg-test_global_initialization_files_mesg_etc_csh_logout:tst:1"/>
        <criterion test_ref="oval:ssg-test_global_initialization_files_mesg_etc_environment:tst:1"/>
        <criterion test_ref="oval:ssg-test_global_initialization_files_mesg_etc_ksh_kshrc:tst:1"/>
        <criterion test_ref="oval:ssg-test_global_initialization_files_mesg_etc_profile:tst:1"/>
        <criterion test_ref="oval:ssg-test_global_initialization_files_mesg_etc_suid_profile:tst:1"/>
        <criterion test_ref="oval:ssg-test_global_initialization_files_mesg_etc_profiled:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_centos4:def:1" version="1">
      <metadata>
        <title>CentOS 4</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <reference ref_id="cpe:/o:centos:centos:4" source="CPE"/>
        <description>The operating system installed on the system is
      CentOS 4</description>
      <reference ref_id="installed_OS_is_centos4" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Installed operating system is part of the unix family" test_ref="oval:ssg-test_centos4_unix_family:tst:1"/>
        <criterion comment="CentOS 4 is installed" test_ref="oval:ssg-test_centos_4:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_centos5:def:1" version="1">
      <metadata>
        <title>CentOS 5</title>
        <affected family="unix">
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <reference ref_id="cpe:/o:centos:centos:5" source="CPE"/>
        <description>The operating system installed on the system is
      CentOS 5</description>
      <reference ref_id="installed_OS_is_centos5" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Installed operating system is part of the unix family" test_ref="oval:ssg-test_centos5_unix_family:tst:1"/>
        <criterion comment="CentOS 5 is installed" test_ref="oval:ssg-test_centos_5:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_rhel4:def:1" version="1">
      <metadata>
        <title>Red Hat Enterprise Linux 4</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <reference ref_id="cpe:/o:redhat:enterprise_linux:4" source="CPE"/>
        <description>The operating system installed on the system is
      Red Hat Enterprise Linux 4</description>
      <reference ref_id="installed_OS_is_rhel4" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Installed operating system is part of the unix family" test_ref="oval:ssg-test_rhel4_unix_family:tst:1"/>
        <criterion comment="Red Hat Enterprise Linux 4 is installed" test_ref="oval:ssg-test_rhel_4:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_rhel5:def:1" version="2">
      <metadata>
        <title>Red Hat Enterprise Linux 5</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <reference ref_id="cpe:/o:redhat:enterprise_linux:5" source="CPE"/>
        <description>The operating system installed on the system is
      Red Hat Enterprise Linux 5</description>
      <reference ref_id="installed_OS_is_rhel5" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Installed operating system is part of the unix family" test_ref="oval:ssg-test_rhel5_unix_family:tst:1"/>
        <criteria operator="OR">
          <criterion comment="Red Hat Enterprise Linux 5 Workstation is installed" test_ref="oval:ssg-test_rhel5_workstation:tst:1"/>
          <criterion comment="Red Hat Enterprise Linux 5 Server is installed" test_ref="oval:ssg-test_rhel5_server:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ip6tables_input_icmpv6_broadcast:def:1" version="1">
      <metadata>
        <title>Ignore ICMPv6 Echo Requests On a Broadcast Address.</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Add Drop Rule for the INPUT built-in chain to ignore any 
	  ICMPv6 echo requests sent to a broadcast address.</description>
      <reference ref_id="ip6tables_input_icmpv6_broadcast" source="ssg"/></metadata>
      <criteria>
        <criterion comment="-A INPUT -p icmpv6 -d ff02::1 --icmpv6-type 128 -j DROP" test_ref="oval:ssg-test_ip6tables_input_icmpv6_broadcast:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ip_6to4_tunnels:def:1" version="1">
      <metadata>
        <title>The system must not have 6to4 enabled.</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>6to4 is an IPv6 transition mechanism involving tunnelling 
	  IPv6 packets encapsulated in IPv4 packets on an ad-hoc basis.  This is 
	  not a preferred transition strategy and increases the attack surface of 
	  the system.</description>
      <reference ref_id="ip_6to4_tunnels" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_ip_6to4_tunnels:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ip_teredo:def:1" version="1">
      <metadata>
        <title>The system must not have Teredo enabled.</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Teredo is an IPv6 transition mechanism involving 
	  tunneling IPv6 packets encapsulated in IPv4 packets. Unauthorized 
	  tunneling may circumvent network security.</description>
      <reference ref_id="ip_teredo" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_ip_teredo:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ip_tunnels:def:1" version="1">
      <metadata>
        <title>The system must not have IP tunnels configured.</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>IP tunneling mechanisms can be used to bypass network filtering.</description>
      <reference ref_id="ip_tunnels" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_ip_tunnels:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-iptables_input_reject_rule:def:1" version="1">
      <metadata>
        <title>Add Reject Rule for
      the INPUT built-in chain</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Add a reject rule 
      for the INPUT built-in chain.</description>
      <reference ref_id="iptables_input_reject_rule" source="ssg"/></metadata>
      <criteria>
        <criterion comment="-A INPUT -j REJECT --reject-with icmp-host-prohibited" test_ref="oval:ssg-test_iptables_input_reject_rule:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-iptables_timestamp_reject_rule:def:1" version="1">
      <metadata>
        <title>Add Reject Rule Timestamp Requests and Timestamp Replies</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Add Reject Rule Timestamp Requests and Timestamp Replies.</description>
      <reference ref_id="iptables_timestamp_reject_rule" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Reject rule for timestamp requests" test_ref="oval:ssg-test_iptables_timestamp_reject_rule_requests:tst:1"/>
        <criterion comment="Reject rule for timestamp replies" test_ref="oval:ssg-test_iptables_timestamp_reject_rule_replies:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_appletalk_disabled:def:1" version="1">
      <metadata>
        <title>Disable appletalk Kernel Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module appletalk should be disabled.</description>
      <reference ref_id="kernel_module_appletalk_disabled" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_kernmod_appletalk_modprobed:tst:1" comment="kernel module appletalk disabled in /etc/modprobe.d"/>
        <criterion test_ref="oval:ssg-test_kernmod_appletalk_modprobeconf:tst:1" comment="kernel module appletalk disabled in /etc/modprobe.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_bluetooth_disabled:def:1" version="1">
      <metadata>
        <title>Disable bluetooth Kernel Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module bluetooth should be disabled.</description>
      <reference ref_id="kernel_module_bluetooth_disabled" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_kernmod_bluetooth_modprobed:tst:1" comment="kernel module bluetooth disabled in /etc/modprobe.d"/>
        <criterion test_ref="oval:ssg-test_kernmod_bluetooth_modprobeconf:tst:1" comment="kernel module bluetooth disabled in /etc/modprobe.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_bridge_disabled:def:1" version="1">
      <metadata>
        <title>Disable bridge Kernel Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module bridge should be disabled.</description>
      <reference ref_id="kernel_module_bridge_disabled" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_kernmod_bridge_modprobed:tst:1" comment="kernel module bridge disabled in /etc/modprobe.d"/>
        <criterion test_ref="oval:ssg-test_kernmod_bridge_modprobeconf:tst:1" comment="kernel module bridge disabled in /etc/modprobe.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_dccp_disabled:def:1" version="1">
      <metadata>
        <title>Disable dccp Kernel Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module dccp should be disabled.</description>
      <reference ref_id="kernel_module_dccp_disabled" source="ssg"/></metadata>
      <criteria operator="AND">
        <criteria operator="OR">
          <criterion test_ref="oval:ssg-test_kernmod_dccp_modprobed:tst:1" comment="kernel module dccp disabled in /etc/modprobe.d"/>
          <criterion test_ref="oval:ssg-test_kernmod_dccp_modprobeconf:tst:1" comment="kernel module dccp disabled in /etc/modprobe.conf"/>
        </criteria>
        <criteria operator="OR">
          <criterion test_ref="oval:ssg-test_kernmod_dccp_ipv4_modprobed:tst:1" comment="kernel module dccp_ipv4 disabled in /etc/modprobe.d"/>
          <criterion test_ref="oval:ssg-test_kernmod_dccp_ipv4_modprobeconf:tst:1" comment="kernel module dccp_ipv4 disabled in /etc/modprobe.conf"/>
        </criteria>
        <criteria operator="OR">
          <criterion test_ref="oval:ssg-test_kernmod_dccp_ipv6_modprobed:tst:1" comment="kernel module dccp_ipv6 disabled in /etc/modprobe.d"/>
          <criterion test_ref="oval:ssg-test_kernmod_dccp_ipv6_modprobeconf:tst:1" comment="kernel module dccp_ipv6 disabled in /etc/modprobe.conf"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_ieee1394_disabled:def:1" version="1">
      <metadata>
        <title>Disable ieee1394 Kernel Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module ieee1394 should be disabled.</description>
      <reference ref_id="kernel_module_ieee1394_disabled" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_kernmod_ieee1394_modprobed:tst:1" comment="kernel module ieee1394 disabled in /etc/modprobe.d"/>
        <criterion test_ref="oval:ssg-test_kernmod_ieee1394_modprobeconf:tst:1" comment="kernel module ieee1394 disabled in /etc/modprobe.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_ipv6_option_disabled:def:1" version="1">
      <metadata>
        <title>Disable IPv6 Kernel Module Functionality via Disable Option</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module ipv6 should be disabled.</description>
      <reference ref_id="kernel_module_ipv6_option_disabled" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_kernmod_ipv6_modprobed:tst:1" comment="kernel module ipv6 disabled in /etc/modprobe.d"/>
        <criterion test_ref="oval:ssg-test_kernmod_ipv6_modprobeconf:tst:1" comment="kernel module ipv6 disabled in /etc/modprobe.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_rds_disabled:def:1" version="1">
      <metadata>
        <title>Disable rds Kernel Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module rds should be disabled.</description>
      <reference ref_id="kernel_module_rds_disabled" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_kernmod_rds_modprobed:tst:1" comment="kernel module rds disabled in /etc/modprobe.d"/>
        <criterion test_ref="oval:ssg-test_kernmod_rds_modprobeconf:tst:1" comment="kernel module rds disabled in /etc/modprobe.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_sctp_disabled:def:1" version="1">
      <metadata>
        <title>Disable sctp Kernel Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module sctp should be disabled.</description>
      <reference ref_id="kernel_module_sctp_disabled" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_kernmod_sctp_modprobed:tst:1" comment="kernel module sctp disabled in /etc/modprobe.d"/>
        <criterion test_ref="oval:ssg-test_kernmod_sctp_modprobeconf:tst:1" comment="kernel module sctp disabled in /etc/modprobe.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_tipc_disabled:def:1" version="1">
      <metadata>
        <title>Disable tipc Kernel Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module tipc should be disabled.</description>
      <reference ref_id="kernel_module_tipc_disabled" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_kernmod_tipc_modprobed:tst:1" comment="kernel module tipc disabled in /etc/modprobe.d"/>
        <criterion test_ref="oval:ssg-test_kernmod_tipc_modprobeconf:tst:1" comment="kernel module tipc disabled in /etc/modprobe.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-kernel_module_usb-storage_disabled:def:1" version="1">
      <metadata>
        <title>Disable usb-storage Kernel Module</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel module usb-storage should be disabled.</description>
      <reference ref_id="kernel_module_usb-storage_disabled" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_kernmod_usb-storage_modprobed:tst:1" comment="kernel module usb-storage disabled in /etc/modprobe.d"/>
        <criterion test_ref="oval:ssg-test_kernmod_usb-storage_modprobeconf:tst:1" comment="kernel module usb-storage disabled in /etc/modprobe.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ldap_client_bindpw:def:1" version="1">
      <metadata>
        <title>Ensure LDAP Does Not Store Passwords In Clear Text</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>If the system is using LDAP for authentication or 
	  account information, the /etc/ldap.conf file (or equivalent) 
	  must not contain passwords.</description>
      <reference ref_id="ldap_client_bindpw" source="ssg"/></metadata>
      <criteria>
        <criterion comment="look for bindpw in /etc/ldap.conf" test_ref="oval:ssg-test_ldap_client_bindpw:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ldap_client_start_tls:def:1" version="1">
      <metadata>
        <title>Configure LDAP to Use TLS for All Transactions</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Require the use of TLS for ldap clients.</description>
      <reference ref_id="ldap_client_start_tls" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="look for ldap in /etc/nsswitch.conf" test_ref="oval:ssg-test_ldap_client_start_tls_nsswitch:tst:1"/>
        <criteria operator="AND">
          <criterion comment="look for ssl start_tls in /etc/ldap.conf" test_ref="oval:ssg-test_ldap_client_start_tls_ssl:tst:1"/>
          <criterion comment="look for tls_ciphers in /etc/ldap.conf" test_ref="oval:ssg-test_ldap_client_start_tls_ciphers:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ldap_client_tls_cert:def:1" version="1">
      <metadata>
        <title>Configure LDAP to Use Approved TLS Certificate</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>If the system is using LDAP for authentication or account information, 
	  certificates used to authenticate to the LDAP server must be provided from DoD PKI 
	  or a DoD-approved external PKI.</description>
      <reference ref_id="ldap_client_tls_cert" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="look for ldap in /etc/nsswitch.conf" test_ref="oval:ssg-test_ldap_client_tls_cert_nsswitch:tst:1"/>
        <criterion comment="look for tls_cert in /etc/ldap.conf" test_ref="oval:ssg-test_ldap_client_tls_cert:tst:1"/>
        <!-- <criterion comment="Confirm certificate is issued by DoD"  test_ref="TODO" /> -->
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ldap_client_tls_checkpeer:def:1" version="1">
      <metadata>
        <title>Configure LDAP To Require Trusted CA</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>If the system is using LDAP for authentication or account 
	  information, the LDAP TLS connection must require the server provide a 
	  certificate with a valid trust path to a trusted CA.</description>
      <reference ref_id="ldap_client_tls_checkpeer" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="look for ldap in /etc/nsswitch.conf" test_ref="oval:ssg-test_ldap_client_tls_checkpeer_nsswitch:tst:1"/>
        <criterion comment="look for tls_checkpeer in /etc/ldap.conf" test_ref="oval:ssg-test_ldap_client_tls_checkpeer:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ldap_client_tls_crlcheck:def:1" version="1">
      <metadata>
        <title>Configure LDAP To Require Verifying Certificate Revocation</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>If the system is using LDAP for authentication or 
	  account information, the system must verify the LDAP server's 
	  certificate has not been revoked.</description>
      <reference ref_id="ldap_client_tls_crlcheck" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="look for ldap in /etc/nsswitch.conf" test_ref="oval:ssg-test_ldap_client_tls_crlcheck_nsswitch:tst:1"/>
        <criterion comment="look for tls_crlcheck in /etc/ldap.conf" test_ref="oval:ssg-test_ldap_client_tls_crlcheck:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-logrotate_rotate_all_files:def:1" version="1">
      <metadata>
        <title>Ensure All Logs are Rotated by logrotate</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The logrotate (syslog rotater) service should be enabled.</description>
      <reference ref_id="logrotate_rotate_all_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="check for logrotate in /etc/crontab" test_ref="oval:ssg-test_logrotate_rotate_all_files_etc_crontab:tst:1"/>
        <criterion comment="check for logrotate in /etc/cron.d/*" test_ref="oval:ssg-test_logrotate_rotate_all_files_etc_cron_d:tst:1"/>
        <criterion comment="check for logrotate in /etc/cron.hourly/*" test_ref="oval:ssg-test_logrotate_rotate_all_files_etc_cron_hourly:tst:1"/>
        <criterion comment="check for logrotate in /etc/cron.daily/*" test_ref="oval:ssg-test_logrotate_rotate_all_files_etc_cron_daily:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_debug_enabled:def:1" version="1">
      <metadata>
        <title>SMTP DEBUG Command Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The sendmail server must have the debug feature disabled.</description>
      <reference ref_id="mail_debug_enabled" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Installed version of sendmail is greater than 8.13.8-8" test_ref="oval:ssg-test_mail_debug_enabled:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_decode_active:def:1" version="1">
      <metadata>
        <title>SMTP DECODE Command Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SMTP service must not have a uudecode alias active.</description>
      <reference ref_id="mail_decode_active" source="ssg"/></metadata>
      <criteria>
        <criterion comment="decode and uudecode in /etc/aliases should not include file paths" test_ref="oval:ssg-test_mail_decode_active:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_expn_active:def:1" version="1">
      <metadata>
        <title>SMTP EXPN Command Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SMTP service must not have the EXPN feature active.</description>
      <reference ref_id="mail_expn_active" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Check PrivacyOptions in /etc/mail/sendmail.cf" test_ref="oval:ssg-test_mail_expn_active_sendmail:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_forward_files:def:1" version="1">
      <metadata>
        <title>SMTP Mail Forwarding Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must not use .forward files.</description>
      <reference ref_id="mail_forward_files" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criterion comment="Check ForwardPath in /etc/mail/sendmail.cf" test_ref="oval:ssg-test_mail_forward_files_sendmail:tst:1"/>
        </criteria>
        <criterion comment="Check for .forward files" test_ref="oval:ssg-test_mail_forward_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_help_command:def:1" version="1">
      <metadata>
        <title>SMTP HELP Command Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SMTP service HELP command must not be enabled.</description>
      <reference ref_id="mail_help_command" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="/etc/mail/helpfile must be empty" test_ref="oval:ssg-test_mail_help_command_sendmail:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_log_enabled:def:1" version="1">
      <metadata>
        <title>SMTP Logging Enabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system syslog service must log informational and more severe SMTP service messages.</description>
      <reference ref_id="mail_log_enabled" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Check mail in /etc/syslog.conf" test_ref="oval:ssg-test_mail_log_enabled:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_log_level:def:1" version="1">
      <metadata>
        <title>Sendmail Log Level</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Sendmail logging must not be set to less than nine in the sendmail.cf file.</description>
      <reference ref_id="mail_log_level" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Check LogLevel in /etc/mail/sendmail.cf" test_ref="oval:ssg-test_mail_log_level_sendmail:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_relaying_disabled:def:1" version="1">
      <metadata>
        <title>Postfix network listening should be disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Postfix network listening should be disabled.</description>
      <reference ref_id="mail_relaying_disabled" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="postfix is not installed" negate="true" definition_ref="oval:ssg-package_postfix_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Check inet_interfaces in /etc/postfix/main.cf for local-only" test_ref="oval:ssg-test_mail_external_enabled_postfix:tst:1"/>
            <criterion comment="Check smtpd_client_restrictions in /etc/postfix/main.mc" test_ref="oval:ssg-test_mail_relaying_disabled_postfix:tst:1"/>
          </criteria>
        </criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Check DaemonPortOptions in /etc/mail/sendmail.cf for local-only" test_ref="oval:ssg-test_mail_external_enabled_sendmail:tst:1"/>
            <criterion comment="Check promiscuous_relay in /etc/mail/sendmail.cf" test_ref="oval:ssg-test_mail_relaying_disabled_sendmail:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_up_to_date:def:1" version="1">
      <metadata>
        <title>SMTP Service Updated</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SMTP service must be an up-to-date version.</description>
      <reference ref_id="mail_up_to_date" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="postfix is not installed" negate="true" definition_ref="oval:ssg-package_postfix_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Installed version of postfix is greater than 2.3.3-6" test_ref="oval:ssg-test_mail_up_to_date_postfix:tst:1"/>
          </criteria>
        </criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Installed version of sendmail is greater than 8.13.8-8" test_ref="oval:ssg-test_mail_up_to_date_sendmail:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_version_info:def:1" version="1">
      <metadata>
        <title>SMTP Version Info Must Not Be Advertised</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SMTP service's SMTP greeting must not provide version information.</description>
      <reference ref_id="mail_version_info" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="postfix is not installed" negate="true" definition_ref="oval:ssg-package_postfix_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Check smtpd_banner in /etc/postfix/main.mc" test_ref="oval:ssg-test_mail_version_info_postfix:tst:1"/>
          </criteria>
        </criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Check SmtpGreetingMessage in /etc/mail/sendmail.cf" test_ref="oval:ssg-test_mail_version_info_sendmail:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_vrfy_active:def:1" version="1">
      <metadata>
        <title>SMTP VRFY Command Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SMTP service must not have the Verify (VRFY) feature active.</description>
      <reference ref_id="mail_vrfy_active" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Check PrivacyOptions in /etc/mail/sendmail.cf" test_ref="oval:ssg-test_mail_vrfy_active_sendmail:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mail_wiz_active:def:1" version="1">
      <metadata>
        <title>SMTP WIZ Command Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The sendmail service must not have the wizard backdoor active.</description>
      <reference ref_id="mail_wiz_active" source="ssg"/></metadata>
      <criteria>
        <criteria operator="OR">
          <extend_definition comment="sendmail is not installed" negate="true" definition_ref="oval:ssg-package_sendmail_installed:def:1"/>
          <criteria operator="AND">
            <criterion comment="Installed version of sendmail is greater than 8.13.8-8" test_ref="oval:ssg-test_mail_wiz_active:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_nodev_removable_filesystems:def:1" version="1">
      <metadata>
        <title>Mount Remote Filesystems with nodev</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The nodev option should be enabled for all NFS mounts in /etc/fstab.</description>
      <reference ref_id="mount_option_nodev_removable_filesystems" source="ssg"/></metadata>
      <criteria operator="XOR">
        <!-- these tests are designed to be mutually exclusive; either no nfs mounts exist in /etc/fstab -->
        <!-- or all of the nfs mounts defined in /etc/fstab have the nodev mount option specified -->
        <criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_no_nfs_defined_etc_fstab_nodev:tst:1"/>
        <criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_nfs_nodev_etc_fstab:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_nosuid_removable_filesystems:def:1" version="1">
      <metadata>
        <title>Mount Remote Filesystems with nosuid</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The nosuid option should be enabled for all NFS mounts in /etc/fstab.</description>
      <reference ref_id="mount_option_nosuid_removable_filesystems" source="ssg"/></metadata>
      <criteria operator="XOR">
        <!-- these tests are designed to be mutually exclusive; either no nfs mounts exist in /etc/fstab -->
        <!-- or all of the nfs mounts defined in /etc/fstab have the nosuid mount option specified -->
        <criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_no_nfs_defined_etc_fstab_nosuid:tst:1"/>
        <criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_nfs_nosuid_etc_fstab:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-network_ipv6_default_gateway:def:1" version="1">
      <metadata>
        <title>Disable DHCP Client</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>DHCP configuration should be static for all
      interfaces.</description>
      <reference ref_id="network_ipv6_default_gateway" source="ssg"/></metadata>
      <criteria comment="Test for IPV6_DEFAULTGW across all interfaces if IPV6 is enabled" operator="OR">
        <criterion test_ref="oval:ssg-test_network_ipv6_default_gateway_ipv6_disabled:tst:1"/>
        <criterion test_ref="oval:ssg-test_network_ipv6_default_gateway:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-network_ipv6_disable_interfaces:def:1" version="1">
      <metadata>
        <title>The IPv6 Protocol Binding.</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The IPv6 protocol handler must not be bound to the network stack unless needed.</description>
      <reference ref_id="network_ipv6_disable_interfaces" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_network_ipv6_disable_interfaces_conf:tst:1" comment="Look for argument 'NETWORKING_IPV6=no' in /etc/sysconfig/network"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-nfs_enforce_host_access:def:1" version="1">
      <metadata>
        <title>NFS Restrict Local Access</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The Network File System (NFS) server must be configured to restrict file system access to local hosts.</description>
      <reference ref_id="nfs_enforce_host_access" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure ro or rw options are used in /etc/exports" test_ref="oval:ssg-test_nfs_enforce_host_access:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-nfs_mount_option_nosuid_remote_filesystems:def:1" version="1">
      <metadata>
        <title>All NFS Mounts Have NOSUID Option</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The nosuid option must be enabled on all Network File System (NFS) client mounts.</description>
      <reference ref_id="nfs_mount_option_nosuid_remote_filesystems" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_nfs_mount_option_nosuid_remote_filesystems:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-nfs_no_anonymous:def:1" version="1">
      <metadata>
        <title>NFS Anonymous IDs Configured Appropriately</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The Network File System (NFS) anonymous UID and GID must be configured to values without permissions.</description>
      <reference ref_id="nfs_no_anonymous" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="/etc/exports is empty" test_ref="oval:ssg-test_nfs_no_anonymous_empty:tst:1"/>
        <criterion comment="make sure anonuid and anongid options are used in /etc/exports" test_ref="oval:ssg-test_nfs_no_anonymous:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-nfs_no_insecure_locks_exports:def:1" version="1">
      <metadata>
        <title>No insecure_locks Option in /etc/exports</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Insecure file locking could allow for sensitive 
	  data to be viewed or edited by an unauthorized user.</description>
      <reference ref_id="nfs_no_insecure_locks_exports" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure the insecure_locks option is not used in /etc/exports" test_ref="oval:ssg-test_nfs_no_insecure_locks_exports:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-nfs_use_root_squashing_all_exports:def:1" version="1">
      <metadata>
        <title>No Remote Root NFS Access</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The Network File System (NFS) server must not allow remote root access.</description>
      <reference ref_id="nfs_use_root_squashing_all_exports" source="ssg"/></metadata>
      <criteria>
        <criterion comment="no_root_squash is not used in /etc/exports" test_ref="oval:ssg-test_nfs_use_root_squashing_all_exports_no_root_squash:tst:1"/>
        <criterion comment="root_squash or all_squash is used for each nfs mount in /etc/exports" test_ref="oval:ssg-test_nfs_use_root_squashing_all_exports_squash:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-no_empty_passwords:def:1" version="1">
      <metadata>
        <title>No nullok Option in /etc/pam.d/system-auth</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The file /etc/pam.d/system-auth should not contain the nullok option</description>
      <reference ref_id="no_empty_passwords" source="ssg"/></metadata>
      <criteria>
        <criterion comment="make sure the nullok option is not used in /etc/pam.d/system-auth" test_ref="oval:ssg-test_no_empty_passwords_system_auth:tst:1"/>
        <criterion comment="make sure the nullok option is not used in /etc/pam.d/system-auth-ac" test_ref="oval:ssg-test_no_empty_passwords_system_auth_ac:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-no_files_unowned_by_user:def:1" version="1">
      <metadata>
        <title>Find files unowned by a user</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>All files should be owned by a
      user</description>
      <reference ref_id="no_files_unowned_by_user" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Check all files and make sure they are owned by a user" test_ref="oval:ssg-no_files_unowned_by_user_test:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-no_netrc_files:def:1" version="1">
      <metadata>
        <title>Verify No netrc Files Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed.</description>
      <reference ref_id="no_netrc_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_no_netrc_files_home:tst:1" negate="true"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-no_root_webbrowsing:def:1" version="1">
      <metadata>
        <title>File /root/* Owner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Owner for /root/* must be root.</description>
      <reference ref_id="no_root_webbrowsing" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_no_root_webbrowsing:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-no_rsh_trust_files:def:1" version="1">
      <metadata>
        <title>No Legacy .rhosts Or hosts.equiv Files</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>There should not be any .rhosts or hosts.equiv files on the system.</description>
      <reference ref_id="no_rsh_trust_files" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_no_rsh_trust_files_root:tst:1" negate="true"/>
        <criterion test_ref="oval:ssg-test_no_rsh_trust_files_home:tst:1" negate="true"/>
        <criterion test_ref="oval:ssg-test_no_rsh_trust_files_etc:tst:1" negate="true"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ntp_multiple_remote_servers:def:1" version="1">
      <metadata>
        <title>Specify Multiple Remote NTP Servers for Time Data</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>At least two or more remote NTP Servers for time synchronization should be
      specified (and dependencies are met)</description>
      <reference ref_id="ntp_multiple_remote_servers" source="ssg"/></metadata>
      <criteria comment="ntpd is enabled and conditions are met" operator="AND">
        <extend_definition comment="ntpd is enabled" definition_ref="oval:ssg-service_ntpd_enabled:def:1"/>
        <criterion test_ref="oval:ssg-test_ntp_multiple_remote_servers:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ntp_remote_server:def:1" version="1">
      <metadata>
        <title>Specify a Remote NTP Server for Time Data</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>A remote NTP Server for time synchronization should be
      specified (and dependencies are met)</description>
      <reference ref_id="ntp_remote_server" source="ssg"/></metadata>
      <criteria comment="ntpd is enabled and conditions are met" operator="AND">
        <extend_definition comment="ntpd is enabled" definition_ref="oval:ssg-service_ntpd_enabled:def:1"/>
        <criterion test_ref="oval:ssg-test_ntp_remote_server:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_autofs_removed:def:1" version="1">
      <metadata>
        <title>Package autofs Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package autofs should be removed.</description>
      <reference ref_id="package_autofs_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package autofs is removed" test_ref="oval:ssg-test_package_autofs_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_av_installed:def:1" version="1">
      <metadata>
        <title>Antivirus Installed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system should have AntiVirus software installed.</description>
      <reference ref_id="package_av_installed" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria operator="AND">
          <criterion comment="package uvscan is installed" test_ref="oval:ssg-test_package_uvscan_installed:tst:1"/>
          <criteria operator="OR">
            <criterion comment="check for uvscan in /etc/crontab" test_ref="oval:ssg-test_uvscan_periodic_cron_checking_etc_crontab:tst:1"/>
            <criterion comment="check for uvscan in /etc/cron.d/*" test_ref="oval:ssg-test_uvscan_periodic_cron_checking_etc_cron_d:tst:1"/>
            <criterion comment="check for uvscan in /etc/cron.hourly/*" test_ref="oval:ssg-test_uvscan_periodic_cron_checking_etc_cron_hourly:tst:1"/>
            <criterion comment="check for uvscan in /etc/cron.daily/*" test_ref="oval:ssg-test_uvscan_periodic_cron_checking_etc_cron_daily:tst:1"/>
          </criteria>
        </criteria>
        <criterion comment="package LinuxShield is installed" test_ref="oval:ssg-test_package_linuxshield_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_hids_installed:def:1" version="1">
      <metadata>
        <title>Package HIDS Installed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system should have a Host Intrusion Detection 
	  System (HIDS) installed and enabled.</description>
      <reference ref_id="package_hids_installed" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria>
          <criterion comment="package MFEhiplsm is installed" test_ref="oval:ssg-test_package_mfehiplsm_installed:tst:1"/>
        </criteria>
        <criteria>
          <extend_definition comment="Selinux is Enforcing" definition_ref="oval:ssg-selinux_enforcing:def:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_iptables_installed:def:1" version="1">
      <metadata>
        <title>Package iptables Installed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package iptables should be installed.</description>
      <reference ref_id="package_iptables_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package iptables is installed" test_ref="oval:ssg-test_package_iptables_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_kexec-tools_removed:def:1" version="1">
      <metadata>
        <title>Package kexec-tools Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package kexec-tools should be removed.</description>
      <reference ref_id="package_kexec-tools_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package kexec-tools is removed" test_ref="oval:ssg-test_package_kexec-tools_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_krb5-workstation_removed:def:1" version="1">
      <metadata>
        <title>Package krb5-workstation Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package krb5-workstation should be removed.</description>
      <reference ref_id="package_krb5-workstation_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package krb5-workstation is removed" test_ref="oval:ssg-test_package_krb5-workstation_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_openssh-clients_removed:def:1" version="1">
      <metadata>
        <title>Package openssh-clients Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package openssh-clients should be removed.</description>
      <reference ref_id="package_openssh-clients_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package openssh-clients is removed" test_ref="oval:ssg-test_package_openssh-clients_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_openssh-server_removed:def:1" version="1">
      <metadata>
        <title>Package openssh-server Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package openssh-server should be removed.</description>
      <reference ref_id="package_openssh-server_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package openssh-server is removed" test_ref="oval:ssg-test_package_openssh-server_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_postfix_installed:def:1" version="1">
      <metadata>
        <title>Package Postfix Installed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package postfix should be installed.</description>
      <reference ref_id="package_postfix_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package postfix is installed" test_ref="oval:ssg-test_package_postfix_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_rpc_removed:def:1" version="1">
      <metadata>
        <title>Packages portmap and rpcbind Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM packages portmap and rpcbind should be removed.</description>
      <reference ref_id="package_rpc_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package portmap is removed" test_ref="oval:ssg-test_package_portmap_removed:tst:1"/>
        <criterion comment="package rpcbind is removed" test_ref="oval:ssg-test_package_rpcbind_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_rsh-server_removed:def:1" version="1">
      <metadata>
        <title>Package rsh-server Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package rsh-server should be removed.</description>
      <reference ref_id="package_rsh-server_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package rsh-server is removed" test_ref="oval:ssg-test_package_rsh-server_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_samba-common_removed:def:1" version="1">
      <metadata>
        <title>Package samba-common Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package samba-common should be removed.</description>
      <reference ref_id="package_samba-common_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package samba is removed" test_ref="oval:ssg-test_package_samba-common_removed:tst:1"/>
        <criterion comment="package samba3x is removed" test_ref="oval:ssg-test_package_samba3x-common_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_samba-swat_removed:def:1" version="1">
      <metadata>
        <title>Package samba-swat Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package samba-swat should be removed.</description>
      <reference ref_id="package_samba-swat_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package samba-swat is removed" test_ref="oval:ssg-test_package_samba-swat_removed:tst:1"/>
        <criterion comment="package samba3x-swat is removed" test_ref="oval:ssg-test_package_samba3x-swat_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_samba_removed:def:1" version="1">
      <metadata>
        <title>Package samba Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package samba should be removed.</description>
      <reference ref_id="package_samba_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package samba is removed" test_ref="oval:ssg-test_package_samba_removed:tst:1"/>
        <criterion comment="package samba3x is removed" test_ref="oval:ssg-test_package_samba3x_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_sendmail_installed:def:1" version="1">
      <metadata>
        <title>Package Sendmail Installed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package sendmail should be installed.</description>
      <reference ref_id="package_sendmail_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package sendmail is installed" test_ref="oval:ssg-test_package_sendmail_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_telnet-server_removed:def:1" version="1">
      <metadata>
        <title>Package telnet-server Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package telnet-server should be removed.</description>
      <reference ref_id="package_telnet-server_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package telnet-server is removed" test_ref="oval:ssg-test_package_telnet-server_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_tftp-server_removed:def:1" version="1">
      <metadata>
        <title>Package tftp-server Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package tftp-server should be removed.</description>
      <reference ref_id="package_tftp-server_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package tftp-server is removed" test_ref="oval:ssg-test_package_tftp-server_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_vsftpd_removed:def:1" version="1">
      <metadata>
        <title>Package vsftpd Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package vsftpd should be removed.</description>
      <reference ref_id="package_vsftpd_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package vsftpd is removed" test_ref="oval:ssg-test_package_vsftpd_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_xinetd_removed:def:1" version="1">
      <metadata>
        <title>Package xinetd Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package xinetd should be removed.</description>
      <reference ref_id="package_xinetd_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package xinetd is removed" test_ref="oval:ssg-test_package_xinetd_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_ypbind_removed:def:1" version="1">
      <metadata>
        <title>Package ypbind Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package ypbind should be removed.</description>
      <reference ref_id="package_ypbind_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package ypbind is removed" test_ref="oval:ssg-test_package_ypbind_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_yum-updatesd_removed:def:1" version="1">
      <metadata>
        <title>Package yum-updatesd Removed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The RPM package yum-updatesd should be removed.</description>
      <reference ref_id="package_yum-updatesd_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package yum-updatesd is removed" test_ref="oval:ssg-test_package_yum-updatesd_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-partition_for_home:def:1" version="1">
      <metadata>
        <title>Ensure /home Located On Separate Partition</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>If user home directories will be stored locally, create a
      separate partition for /home. If /home will be mounted from another
      system such as an NFS server, then creating a separate partition is not
      necessary at this time, and the mountpoint can instead be configured
      later.</description>
      <reference ref_id="partition_for_home" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_home_partition:tst:1" comment="/home on own partition"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-partition_for_tmp:def:1" version="1">
      <metadata>
        <title>Ensure /tmp Located On Separate Partition</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The /tmp directory is a world-writable directory used for
      temporary file storage. Verify that it has its own partition or logical
      volume.</description>
      <reference ref_id="partition_for_tmp" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_tmp_partition:tst:1" comment="/tmp on own partition"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-partition_for_var:def:1" version="1">
      <metadata>
        <title>Ensure /var Located On Separate Partition</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Ensuring that /var is mounted on its own partition enables
      the setting of more restrictive mount options, which is used as temporary
      storage by many program, particularly system services such as daemons. It
      is not uncommon for the /var directory to contain world-writable
      directories, installed by other software packages.</description>
      <reference ref_id="partition_for_var" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_var_partition:tst:1" comment="/var on own partition"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-partition_for_var_log_audit:def:1" version="1">
      <metadata>
        <title>Ensure /var/log/audit Located On Separate Partition</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Audit logs are stored in the /var/log/audit directory.
      Ensure that it has its own partition or logical volume. Make absolutely
      certain that it is large enough to store all audit logs that will be
      created by the auditing daemon.</description>
      <reference ref_id="partition_for_var_log_audit" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_var_log_audit_partition:tst:1" comment="/var/log/audit on own partition"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-require_singleuser_auth:def:1" version="1">
      <metadata>
        <title>Require Authentication for Single-User Mode</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The requirement for a password to boot into single-user mode
      should be configured correctly.</description>
      <reference ref_id="require_singleuser_auth" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_require_singleuser_auth:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-restricted_accounts:def:1" version="1">
      <metadata>
        <title>Special Privilege Accounts Must Not Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>If special privilege accounts are compromised, the 
	  accounts could provide privileges to execute malicious commands 
	  on a system.</description>
      <reference ref_id="restricted_accounts" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_restricted_accounts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-restricted_accounts_ftp:def:1" version="1">
      <metadata>
        <title>Ftp Account Must Not Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must not have the unnecessary "ftp" account.</description>
      <reference ref_id="restricted_accounts_ftp" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_restricted_accounts_ftp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-restricted_accounts_games:def:1" version="1">
      <metadata>
        <title>Games Account Must Not Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must not have the unnecessary "games" account.</description>
      <reference ref_id="restricted_accounts_games" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_restricted_accounts_games:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-restricted_accounts_gopher:def:1" version="1">
      <metadata>
        <title>Gopher Account Must Not Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must not have the unnecessary "gopher" account.</description>
      <reference ref_id="restricted_accounts_gopher" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_restricted_accounts_gopher:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-restricted_accounts_news:def:1" version="1">
      <metadata>
        <title>News Account Must Not Exist</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must not have the unnecessary "news" account.</description>
      <reference ref_id="restricted_accounts_news" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_restricted_accounts_news:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-rhosts_auth_pam_files:def:1" version="1">
      <metadata>
        <title>The .rhosts file must not be supported in PAM</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>No rhosts_auth entries must exist in /etc/pam.d/* files.</description>
      <reference ref_id="rhosts_auth_pam_files" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_rhosts_auth_pam_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-rpm_verify_hashes:def:1" version="2">
      <metadata>
        <title>Verify File Hashes with RPM</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Verify the MD5 hashes of system binaries using the RPM database.</description>
      <reference ref_id="rpm_verify_hashes" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_files_fail_md5_hash:tst:1" comment="verify file md5 hashes"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-samba_encrypt_passwords_option:def:1" version="1">
      <metadata>
        <title>Require Passwords To Be Encrypted</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The smb.conf file must require Samba passwords to be encrypted.</description>
      <reference ref_id="samba_encrypt_passwords_option" source="ssg"/></metadata>
      <criteria comment="packages samba-common and samba3x-common removed or /etc/samba/smb.conf configured correctly" operator="OR">
        <extend_definition comment="rpm packages samba-common and samba3x-common removed" definition_ref="oval:ssg-package_samba-common_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_samba_encrypt_passwords_option:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-samba_guest_ok_option:def:1" version="1">
      <metadata>
        <title>Restrict Guest Access To Samba</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The smb.conf file must not have the "guest ok" 
	  option set to "yes".</description>
      <reference ref_id="samba_guest_ok_option" source="ssg"/></metadata>
      <criteria comment="packages samba-common and samba3x-common removed or /etc/samba/smb.conf configured correctly" operator="OR">
        <extend_definition comment="rpm packages samba-common and samba3x-common removed" definition_ref="oval:ssg-package_samba-common_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_samba_guest_ok_option:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-samba_hosts_option:def:1" version="1">
      <metadata>
        <title>Restrict Access To Samba</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The smb.conf file must use the "hosts" 
	  option to restrict access to Samba.</description>
      <reference ref_id="samba_hosts_option" source="ssg"/></metadata>
      <criteria comment="packages samba-common and samba3x-common removed or /etc/samba/smb.conf configured correctly" operator="OR">
        <extend_definition comment="rpm packages samba-common and samba3x-common removed" definition_ref="oval:ssg-package_samba-common_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_samba_hosts_option:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-samba_security_option:def:1" version="1">
      <metadata>
        <title>Disable Share Security</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The smb.conf file must not have the "security" 
	  option set to "share".</description>
      <reference ref_id="samba_security_option" source="ssg"/></metadata>
      <criteria comment="packages samba-common and samba3x-common removed or /etc/samba/smb.conf configured correctly" operator="OR">
        <extend_definition comment="rpm packages samba-common and samba3x-common removed" definition_ref="oval:ssg-package_samba-common_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_samba_security_option:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-samba-swat_restricted:def:1" version="1">
      <metadata>
        <title>Restrict Access To SWAT</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The Samba Web Administration Tool (SWAT) 
	  must be restricted to the local host or require SSL.</description>
      <reference ref_id="samba-swat_restricted" source="ssg"/></metadata>
      <criteria comment="packages samba-swat and samba3x-swat removed or /etc/xinetd.d/swat configured correctly" operator="OR">
        <extend_definition comment="rpm packages samba-swat and samba3x-swat removed" definition_ref="oval:ssg-package_samba-swat_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_samba-swat_restricted_disabled:tst:1"/>
        <criterion test_ref="oval:ssg-test_samba-swat_restricted_access:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-securetty_root_login_console_only:def:1" version="1">
      <metadata>
        <title>Restrict Virtual Console Root Logins</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Preventing direct root login to virtual console devices
      helps ensure accountability for actions taken on the system using the
      root account.</description>
      <reference ref_id="securetty_root_login_console_only" source="ssg"/></metadata>
      <criteria>
        <criterion comment="virtual consoles /etc/securetty" test_ref="oval:ssg-test_virtual_consoles_etc_securetty:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-selinux_enforcing:def:1" version="2">
      <metadata>
        <title>SELinux Enforcing</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SELinux state should be enforcing the local policy.</description>
      <reference ref_id="selinux_enforcing" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="Check for enforcing value" test_ref="oval:ssg-test_selinux_enforcing:tst:1"/>
        <criterion comment="Check policy type" test_ref="oval:ssg-test_selinuxtype_targeted:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_auditd_enabled:def:1" version="1">
      <metadata>
        <title>Service auditd Enabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The auditd service should be enabled if possible.</description>
      <reference ref_id="service_auditd_enabled" source="ssg"/></metadata>
      <criteria comment="package audit installed and service auditd is configured to start" operator="AND">
        <extend_definition comment="audit installed" definition_ref="oval:ssg-package_audit_installed:def:1"/>
        <criteria operator="OR" comment="service auditd is configured to start">
          <criterion comment="auditd runlevel 0" test_ref="oval:ssg-test_runlevel0_auditd:tst:1"/>
          <criterion comment="auditd runlevel 1" test_ref="oval:ssg-test_runlevel1_auditd:tst:1"/>
          <criterion comment="auditd runlevel 2" test_ref="oval:ssg-test_runlevel2_auditd:tst:1"/>
          <criterion comment="auditd runlevel 3" test_ref="oval:ssg-test_runlevel3_auditd:tst:1"/>
          <criterion comment="auditd runlevel 4" test_ref="oval:ssg-test_runlevel4_auditd:tst:1"/>
          <criterion comment="auditd runlevel 5" test_ref="oval:ssg-test_runlevel5_auditd:tst:1"/>
          <criterion comment="auditd runlevel 6" test_ref="oval:ssg-test_runlevel6_auditd:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_autofs_disabled:def:1" version="1">
      <metadata>
        <title>Service autofs Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The autofs service should be disabled if possible.</description>
      <reference ref_id="service_autofs_disabled" source="ssg"/></metadata>
      <criteria comment="package autofs removed or service sshd is not configured to start" operator="OR">
        <extend_definition comment="autofs removed" definition_ref="oval:ssg-package_autofs_removed:def:1"/>
        <criteria operator="AND" comment="service autofs is not configured to start">
          <criterion comment="autofs runlevel 0" test_ref="oval:ssg-test_runlevel0_autofs:tst:1"/>
          <criterion comment="autofs runlevel 1" test_ref="oval:ssg-test_runlevel1_autofs:tst:1"/>
          <criterion comment="autofs runlevel 2" test_ref="oval:ssg-test_runlevel2_autofs:tst:1"/>
          <criterion comment="autofs runlevel 3" test_ref="oval:ssg-test_runlevel3_autofs:tst:1"/>
          <criterion comment="autofs runlevel 4" test_ref="oval:ssg-test_runlevel4_autofs:tst:1"/>
          <criterion comment="autofs runlevel 5" test_ref="oval:ssg-test_runlevel5_autofs:tst:1"/>
          <criterion comment="autofs runlevel 6" test_ref="oval:ssg-test_runlevel6_autofs:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_dovecot_disabled:def:1" version="1">
      <metadata>
        <title>Service dovecot Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The dovecot service should be disabled if possible.</description>
      <reference ref_id="service_dovecot_disabled" source="ssg"/></metadata>
      <criteria comment="package dovecot removed or service dovecot is not configured to start" operator="OR">
        <extend_definition comment="dovecot removed" definition_ref="oval:ssg-package_dovecot_removed:def:1"/>
        <criteria operator="AND" comment="service dovecot is not configured to start">
          <criterion comment="dovecot runlevel 0" test_ref="oval:ssg-test_runlevel0_dovecot:tst:1"/>
          <criterion comment="dovecot runlevel 1" test_ref="oval:ssg-test_runlevel1_dovecot:tst:1"/>
          <criterion comment="dovecot runlevel 2" test_ref="oval:ssg-test_runlevel2_dovecot:tst:1"/>
          <criterion comment="dovecot runlevel 3" test_ref="oval:ssg-test_runlevel3_dovecot:tst:1"/>
          <criterion comment="dovecot runlevel 4" test_ref="oval:ssg-test_runlevel4_dovecot:tst:1"/>
          <criterion comment="dovecot runlevel 5" test_ref="oval:ssg-test_runlevel5_dovecot:tst:1"/>
          <criterion comment="dovecot runlevel 6" test_ref="oval:ssg-test_runlevel6_dovecot:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_iptables_enabled:def:1" version="1">
      <metadata>
        <title>Service iptables Enabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The iptables service should be enabled if possible.</description>
      <reference ref_id="service_iptables_enabled" source="ssg"/></metadata>
      <criteria comment="package iptables installed and service iptables is configured to start" operator="AND">
        <extend_definition comment="iptables installed" definition_ref="oval:ssg-package_iptables_installed:def:1"/>
        <criteria operator="OR" comment="service iptables is configured to start">
          <criterion comment="iptables runlevel 0" test_ref="oval:ssg-test_runlevel0_iptables:tst:1"/>
          <criterion comment="iptables runlevel 1" test_ref="oval:ssg-test_runlevel1_iptables:tst:1"/>
          <criterion comment="iptables runlevel 2" test_ref="oval:ssg-test_runlevel2_iptables:tst:1"/>
          <criterion comment="iptables runlevel 3" test_ref="oval:ssg-test_runlevel3_iptables:tst:1"/>
          <criterion comment="iptables runlevel 4" test_ref="oval:ssg-test_runlevel4_iptables:tst:1"/>
          <criterion comment="iptables runlevel 5" test_ref="oval:ssg-test_runlevel5_iptables:tst:1"/>
          <criterion comment="iptables runlevel 6" test_ref="oval:ssg-test_runlevel6_iptables:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_kdump_disabled:def:1" version="1">
      <metadata>
        <title>Service kdump Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kdump service should be disabled if possible.</description>
      <reference ref_id="service_kdump_disabled" source="ssg"/></metadata>
      <criteria comment="package kexec-tools removed or service kdump is not configured to start" operator="OR">
        <extend_definition comment="kexec-tools removed" definition_ref="oval:ssg-package_kexec-tools_removed:def:1"/>
        <criteria operator="AND" comment="service kdump is not configured to start">
          <criterion comment="kdump runlevel 0" test_ref="oval:ssg-test_runlevel0_kdump:tst:1"/>
          <criterion comment="kdump runlevel 1" test_ref="oval:ssg-test_runlevel1_kdump:tst:1"/>
          <criterion comment="kdump runlevel 2" test_ref="oval:ssg-test_runlevel2_kdump:tst:1"/>
          <criterion comment="kdump runlevel 3" test_ref="oval:ssg-test_runlevel3_kdump:tst:1"/>
          <criterion comment="kdump runlevel 4" test_ref="oval:ssg-test_runlevel4_kdump:tst:1"/>
          <criterion comment="kdump runlevel 5" test_ref="oval:ssg-test_runlevel5_kdump:tst:1"/>
          <criterion comment="kdump runlevel 6" test_ref="oval:ssg-test_runlevel6_kdump:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_ntpd_enabled:def:1" version="1">
      <metadata>
        <title>Service ntpd Enabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The ntpd service should be enabled if possible.</description>
      <reference ref_id="service_ntpd_enabled" source="ssg"/></metadata>
      <criteria comment="package ntp installed and service ntpd is configured to start" operator="AND">
        <extend_definition comment="ntp installed" definition_ref="oval:ssg-package_ntp_installed:def:1"/>
        <criteria operator="OR" comment="service ntpd is configured to start">
          <criterion comment="ntpd runlevel 0" test_ref="oval:ssg-test_runlevel0_ntpd:tst:1"/>
          <criterion comment="ntpd runlevel 1" test_ref="oval:ssg-test_runlevel1_ntpd:tst:1"/>
          <criterion comment="ntpd runlevel 2" test_ref="oval:ssg-test_runlevel2_ntpd:tst:1"/>
          <criterion comment="ntpd runlevel 3" test_ref="oval:ssg-test_runlevel3_ntpd:tst:1"/>
          <criterion comment="ntpd runlevel 4" test_ref="oval:ssg-test_runlevel4_ntpd:tst:1"/>
          <criterion comment="ntpd runlevel 5" test_ref="oval:ssg-test_runlevel5_ntpd:tst:1"/>
          <criterion comment="ntpd runlevel 6" test_ref="oval:ssg-test_runlevel6_ntpd:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_postfix_enabled:def:1" version="1">
      <metadata>
        <title>Service postfix Enabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The postfix service should be enabled if possible.</description>
      <reference ref_id="service_postfix_enabled" source="ssg"/></metadata>
      <criteria comment="package postfix installed and service postfix is configured to start" operator="AND">
        <extend_definition comment="postfix installed" definition_ref="oval:ssg-package_postfix_installed:def:1"/>
        <criteria operator="OR" comment="service postfix is configured to start">
          <criterion comment="postfix runlevel 0" test_ref="oval:ssg-test_runlevel0_postfix:tst:1"/>
          <criterion comment="postfix runlevel 1" test_ref="oval:ssg-test_runlevel1_postfix:tst:1"/>
          <criterion comment="postfix runlevel 2" test_ref="oval:ssg-test_runlevel2_postfix:tst:1"/>
          <criterion comment="postfix runlevel 3" test_ref="oval:ssg-test_runlevel3_postfix:tst:1"/>
          <criterion comment="postfix runlevel 4" test_ref="oval:ssg-test_runlevel4_postfix:tst:1"/>
          <criterion comment="postfix runlevel 5" test_ref="oval:ssg-test_runlevel5_postfix:tst:1"/>
          <criterion comment="postfix runlevel 6" test_ref="oval:ssg-test_runlevel6_postfix:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_rexec_disabled:def:1" version="1">
      <metadata>
        <title>Service rexec Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The rexec service should be disabled if possible.</description>
      <reference ref_id="service_rexec_disabled" source="ssg"/></metadata>
      <criteria comment="package rsh-server removed or service rexec is not configured to start" operator="OR">
        <extend_definition comment="rpm package rsh-server removed" definition_ref="oval:ssg-package_rsh-server_removed:def:1"/>
        <criterion comment="rexec disabled" test_ref="oval:ssg-test_etc_xinetd_rexec_disabled:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_rlogin_disabled:def:1" version="1">
      <metadata>
        <title>Service rlogin Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The rlogin service should be disabled if possible.</description>
      <reference ref_id="service_rlogin_disabled" source="ssg"/></metadata>
      <criteria comment="package rsh-server removed or service rlogin is not configured to start" operator="OR">
        <extend_definition comment="rpm package rsh-server removed" definition_ref="oval:ssg-package_rsh-server_removed:def:1"/>
        <criterion comment="rlogin disabled" test_ref="oval:ssg-test_etc_xinetd_rlogin_disabled:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_rpc_disabled:def:1" version="1">
      <metadata>
        <title>Services portmap and rpcbind Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The portmap and rpcbind services should be disabled if possible.</description>
      <reference ref_id="service_rpc_disabled" source="ssg"/></metadata>
      <criteria comment="packages portmap and rpcbind removed or disabled" operator="OR">
        <extend_definition comment="rpm package portmap and rpcbind removed" definition_ref="oval:ssg-package_rpc_removed:def:1"/>
        <criteria operator="AND" comment="services portmap and rpcbind are not configured to start">
          <criterion comment="portmap runlevel 0" test_ref="oval:ssg-test_runlevel0_portmap:tst:1"/>
          <criterion comment="portmap runlevel 1" test_ref="oval:ssg-test_runlevel1_portmap:tst:1"/>
          <criterion comment="portmap runlevel 2" test_ref="oval:ssg-test_runlevel2_portmap:tst:1"/>
          <criterion comment="portmap runlevel 3" test_ref="oval:ssg-test_runlevel3_portmap:tst:1"/>
          <criterion comment="portmap runlevel 4" test_ref="oval:ssg-test_runlevel4_portmap:tst:1"/>
          <criterion comment="portmap runlevel 5" test_ref="oval:ssg-test_runlevel5_portmap:tst:1"/>
          <criterion comment="portmap runlevel 6" test_ref="oval:ssg-test_runlevel6_portmap:tst:1"/>
          <criterion comment="rpcbind runlevel 0" test_ref="oval:ssg-test_runlevel0_rpcbind:tst:1"/>
          <criterion comment="rpcbind runlevel 1" test_ref="oval:ssg-test_runlevel1_rpcbind:tst:1"/>
          <criterion comment="rpcbind runlevel 2" test_ref="oval:ssg-test_runlevel2_rpcbind:tst:1"/>
          <criterion comment="rpcbind runlevel 3" test_ref="oval:ssg-test_runlevel3_rpcbind:tst:1"/>
          <criterion comment="rpcbind runlevel 4" test_ref="oval:ssg-test_runlevel4_rpcbind:tst:1"/>
          <criterion comment="rpcbind runlevel 5" test_ref="oval:ssg-test_runlevel5_rpcbind:tst:1"/>
          <criterion comment="rpcbind runlevel 6" test_ref="oval:ssg-test_runlevel6_rpcbind:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_rsh_disabled:def:1" version="1">
      <metadata>
        <title>Service rsh Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The rsh service should be disabled if possible.</description>
      <reference ref_id="service_rsh_disabled" source="ssg"/></metadata>
      <criteria comment="package rsh-server removed or service rsh is not configured to start" operator="OR">
        <extend_definition comment="rpm package rsh-server removed" definition_ref="oval:ssg-package_rsh-server_removed:def:1"/>
        <criterion comment="rsh disabled" test_ref="oval:ssg-test_etc_xinetd_rsh_disabled:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_sshd_disabled:def:1" version="1">
      <metadata>
        <title>Service sshd Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The sshd service should be disabled if possible.</description>
      <reference ref_id="service_sshd_disabled" source="ssg"/></metadata>
      <criteria comment="package openssh-server removed or service sshd is not configured to start" operator="OR">
        <extend_definition comment="openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criteria operator="AND" comment="service sshd is not configured to start">
          <criterion comment="sshd runlevel 0" test_ref="oval:ssg-test_runlevel0_sshd:tst:1"/>
          <criterion comment="sshd runlevel 1" test_ref="oval:ssg-test_runlevel1_sshd:tst:1"/>
          <criterion comment="sshd runlevel 2" test_ref="oval:ssg-test_runlevel2_sshd:tst:1"/>
          <criterion comment="sshd runlevel 3" test_ref="oval:ssg-test_runlevel3_sshd:tst:1"/>
          <criterion comment="sshd runlevel 4" test_ref="oval:ssg-test_runlevel4_sshd:tst:1"/>
          <criterion comment="sshd runlevel 5" test_ref="oval:ssg-test_runlevel5_sshd:tst:1"/>
          <criterion comment="sshd runlevel 6" test_ref="oval:ssg-test_runlevel6_sshd:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_telnetd_disabled:def:1" version="1">
      <metadata>
        <title>Disable telnet Service</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Disable telnet Service</description>
      <reference ref_id="service_telnetd_disabled" source="ssg"/></metadata>
      <criteria comment="package telnet-server removed or service telnetd is not configured to start" operator="OR">
        <extend_definition comment="rpm package telnet-server removed" definition_ref="oval:ssg-package_telnet-server_removed:def:1"/>
        <criterion comment="Disable telnet Service" test_ref="oval:ssg-test_disable_telnet_service:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_tftp_disabled:def:1" version="1">
      <metadata>
        <title>Service tftp Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The tftp service should be disabled if possible.</description>
      <reference ref_id="service_tftp_disabled" source="ssg"/></metadata>
      <criteria comment="package tftp-server removed or service tftp is not configured to start" operator="OR">
        <extend_definition comment="tftp-server removed" definition_ref="oval:ssg-package_tftp-server_removed:def:1"/>
        <criteria operator="AND" comment="service tftp is not configured to start">
          <criterion comment="tftp runlevel 0" test_ref="oval:ssg-test_runlevel0_tftp:tst:1"/>
          <criterion comment="tftp runlevel 1" test_ref="oval:ssg-test_runlevel1_tftp:tst:1"/>
          <criterion comment="tftp runlevel 2" test_ref="oval:ssg-test_runlevel2_tftp:tst:1"/>
          <criterion comment="tftp runlevel 3" test_ref="oval:ssg-test_runlevel3_tftp:tst:1"/>
          <criterion comment="tftp runlevel 4" test_ref="oval:ssg-test_runlevel4_tftp:tst:1"/>
          <criterion comment="tftp runlevel 5" test_ref="oval:ssg-test_runlevel5_tftp:tst:1"/>
          <criterion comment="tftp runlevel 6" test_ref="oval:ssg-test_runlevel6_tftp:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_unencrypted_ftp_disabled:def:1" version="1">
      <metadata>
        <title>Service Unencrypted FTP Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The gssftp and vsftpd services should be disabled if possible.</description>
      <reference ref_id="service_unencrypted_ftp_disabled" source="ssg"/></metadata>
      <criteria>
        <criteria comment="package krb5-workstation removed or service gssftp is not configured to start" operator="OR">
          <extend_definition comment="krb5-workstation removed" definition_ref="oval:ssg-package_krb5-workstation_removed:def:1"/>
          <criteria operator="AND" comment="service gssftp is not configured to start">
            <criterion comment="gssftp runlevel 0" test_ref="oval:ssg-test_runlevel0_gssftp:tst:1"/>
            <criterion comment="gssftp runlevel 1" test_ref="oval:ssg-test_runlevel1_gssftp:tst:1"/>
            <criterion comment="gssftp runlevel 2" test_ref="oval:ssg-test_runlevel2_gssftp:tst:1"/>
            <criterion comment="gssftp runlevel 3" test_ref="oval:ssg-test_runlevel3_gssftp:tst:1"/>
            <criterion comment="gssftp runlevel 4" test_ref="oval:ssg-test_runlevel4_gssftp:tst:1"/>
            <criterion comment="gssftp runlevel 5" test_ref="oval:ssg-test_runlevel5_gssftp:tst:1"/>
            <criterion comment="gssftp runlevel 6" test_ref="oval:ssg-test_runlevel6_gssftp:tst:1"/>
          </criteria>
        </criteria>
        <criteria comment="package vsftpd removed or service vsftpd is not configured to start" operator="OR">
          <extend_definition comment="vsftpd removed" definition_ref="oval:ssg-package_vsftpd_removed:def:1"/>
          <criteria operator="AND" comment="service gssftp is not configured to start">
            <criterion comment="vsftpd runlevel 0" test_ref="oval:ssg-test_runlevel0_vsftpd:tst:1"/>
            <criterion comment="vsftpd runlevel 1" test_ref="oval:ssg-test_runlevel1_vsftpd:tst:1"/>
            <criterion comment="vsftpd runlevel 2" test_ref="oval:ssg-test_runlevel2_vsftpd:tst:1"/>
            <criterion comment="vsftpd runlevel 3" test_ref="oval:ssg-test_runlevel3_vsftpd:tst:1"/>
            <criterion comment="vsftpd runlevel 4" test_ref="oval:ssg-test_runlevel4_vsftpd:tst:1"/>
            <criterion comment="vsftpd runlevel 5" test_ref="oval:ssg-test_runlevel5_vsftpd:tst:1"/>
            <criterion comment="vsftpd runlevel 6" test_ref="oval:ssg-test_runlevel6_vsftpd:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_xinetd_disabled:def:1" version="1">
      <metadata>
        <title>Service xinetd Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The xinetd service should be disabled if possible.</description>
      <reference ref_id="service_xinetd_disabled" source="ssg"/></metadata>
      <criteria comment="package xinetd removed or service xinetd is not configured to start" operator="OR">
        <extend_definition comment="xinetd removed" definition_ref="oval:ssg-package_xinetd_removed:def:1"/>
        <criteria operator="AND" comment="service xinetd is not configured to start">
          <criterion comment="xinetd runlevel 0" test_ref="oval:ssg-test_runlevel0_xinetd:tst:1"/>
          <criterion comment="xinetd runlevel 1" test_ref="oval:ssg-test_runlevel1_xinetd:tst:1"/>
          <criterion comment="xinetd runlevel 2" test_ref="oval:ssg-test_runlevel2_xinetd:tst:1"/>
          <criterion comment="xinetd runlevel 3" test_ref="oval:ssg-test_runlevel3_xinetd:tst:1"/>
          <criterion comment="xinetd runlevel 4" test_ref="oval:ssg-test_runlevel4_xinetd:tst:1"/>
          <criterion comment="xinetd runlevel 5" test_ref="oval:ssg-test_runlevel5_xinetd:tst:1"/>
          <criterion comment="xinetd runlevel 6" test_ref="oval:ssg-test_runlevel6_xinetd:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_ypbind_disabled:def:1" version="1">
      <metadata>
        <title>Service ypbind Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The ypbind service should be disabled if possible.</description>
      <reference ref_id="service_ypbind_disabled" source="ssg"/></metadata>
      <criteria comment="package ypbind removed or service ypbind is not configured to start" operator="OR">
        <extend_definition comment="ypbind removed" definition_ref="oval:ssg-package_ypbind_removed:def:1"/>
        <criteria operator="AND" comment="service ypbind is not configured to start">
          <criterion comment="ypbind runlevel 0" test_ref="oval:ssg-test_runlevel0_ypbind:tst:1"/>
          <criterion comment="ypbind runlevel 1" test_ref="oval:ssg-test_runlevel1_ypbind:tst:1"/>
          <criterion comment="ypbind runlevel 2" test_ref="oval:ssg-test_runlevel2_ypbind:tst:1"/>
          <criterion comment="ypbind runlevel 3" test_ref="oval:ssg-test_runlevel3_ypbind:tst:1"/>
          <criterion comment="ypbind runlevel 4" test_ref="oval:ssg-test_runlevel4_ypbind:tst:1"/>
          <criterion comment="ypbind runlevel 5" test_ref="oval:ssg-test_runlevel5_ypbind:tst:1"/>
          <criterion comment="ypbind runlevel 6" test_ref="oval:ssg-test_runlevel6_ypbind:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-service_yum-updatesd_disabled:def:1" version="1">
      <metadata>
        <title>Service yum-updatesd Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The yum-updatesd service should be disabled if possible.</description>
      <reference ref_id="service_yum-updatesd_disabled" source="ssg"/></metadata>
      <criteria comment="package yum-updatesd removed or service yum-updatesd is not configured to start" operator="OR">
        <extend_definition comment="yum-updatesd removed" definition_ref="oval:ssg-package_yum-updatesd_removed:def:1"/>
        <criteria operator="AND" comment="service yum-updatesd is not configured to start">
          <criterion comment="yum-updatesd runlevel 0" test_ref="oval:ssg-test_runlevel0_yum-updatesd:tst:1"/>
          <criterion comment="yum-updatesd runlevel 1" test_ref="oval:ssg-test_runlevel1_yum-updatesd:tst:1"/>
          <criterion comment="yum-updatesd runlevel 2" test_ref="oval:ssg-test_runlevel2_yum-updatesd:tst:1"/>
          <criterion comment="yum-updatesd runlevel 3" test_ref="oval:ssg-test_runlevel3_yum-updatesd:tst:1"/>
          <criterion comment="yum-updatesd runlevel 4" test_ref="oval:ssg-test_runlevel4_yum-updatesd:tst:1"/>
          <criterion comment="yum-updatesd runlevel 5" test_ref="oval:ssg-test_runlevel5_yum-updatesd:tst:1"/>
          <criterion comment="yum-updatesd runlevel 6" test_ref="oval:ssg-test_runlevel6_yum-updatesd:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-set_password_hashing_algorithm_systemauth:def:1" version="1">
      <metadata>
        <title>Set Password Hashing Algorithm</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The password hashing algorithm should be set correctly in /etc/pam.d/system-auth and /etc/pam.d/system-auth-ac.</description>
      <reference ref_id="set_password_hashing_algorithm_systemauth" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
        <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
        <criteria>
          <criterion test_ref="oval:ssg-test_set_password_hashing_algorithm_systemauth:tst:1"/>
          <criterion test_ref="oval:ssg-test_set_password_hashing_algorithm_systemauthac:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-shells_file_references:def:1" version="1">
      <metadata>
        <title>All User Login Shells Must Be Listed In The Shells File</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>All shells referenced in /etc/passwd must be listed 
	  in the /etc/shells file, except any shells specified for the purpose 
	  of preventing logins.</description>
      <reference ref_id="shells_file_references" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_shells_file_references:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-snmpd_not_default_password:def:1" version="1">
      <metadata>
        <title>SNMPD Default Passwords</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>SNMP communities, users, and passphrases must be changed from the default.</description>
      <reference ref_id="snmpd_not_default_password" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_snmpd_not_default_password:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-snmpd_use_approved_encryption:def:1" version="1">
      <metadata>
        <title>SNMPD Must Use Approved Encryption Algorithm</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SNMP service must require the use of a 
	  FIPS 140-2 approved encryption algorithm for protecting 
	  the privacy of SNMP messages.</description>
      <reference ref_id="snmpd_use_approved_encryption" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_snmpd_use_approved_encryption:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-snmpd_use_approved_hash:def:1" version="1">
      <metadata>
        <title>SNMPD Must Use Approved Hash Algorithm</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SNMP service must require the use of a FIPS 140-2 
	  approved cryptographic hash algorithm as part of its authentication 
	  and integrity methods.</description>
      <reference ref_id="snmpd_use_approved_hash" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_snmpd_use_approved_hash:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-snmpd_use_newer_protocol:def:1" version="1">
      <metadata>
        <title>SNMPD Must Use SNMPv3 Or Greater</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SNMP service must use only SNMPv3 or its successors.</description>
      <reference ref_id="snmpd_use_newer_protocol" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_snmpd_use_newer_protocol:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ssh_gssapiauthentication:def:1" version="1">
      <metadata>
        <title>Ensure GSSAPI Authentication is Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SSH client must not permit GSSAPI authentication unless needed.</description>
      <reference ref_id="ssh_gssapiauthentication" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-clients removed" definition_ref="oval:ssg-package_openssh-clients_removed:def:1"/>
        <criterion comment="Check GSSAPIAuthentication in /etc/ssh/ssh_config" test_ref="oval:ssg-test_ssh_gssapiauthentication:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ssh_no_cbc:def:1" version="1">
      <metadata>
        <title>No Cipher-Block Chaining Ciphers</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Ensure no Cipher-Block Chaining ciphers are configured.</description>
      <reference ref_id="ssh_no_cbc" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-clients removed" definition_ref="oval:ssg-package_openssh-clients_removed:def:1"/>
        <criterion comment="Check Ciphers in /etc/ssh/ssh_config" test_ref="oval:ssg-test_ssh_no_cbc:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ssh_protocol_2:def:1" version="1">
      <metadata>
        <title>Ensure Only Protocol 2 Connections Allowed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The OpenSSH daemon should be running protocol 2.</description>
      <reference ref_id="ssh_protocol_2" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-clients removed" definition_ref="oval:ssg-package_openssh-clients_removed:def:1"/>
        <criterion comment="Check Protocol in /etc/ssh/ssh_config" test_ref="oval:ssg-test_ssh_protocol_2:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ssh_use_approved_ciphers:def:1" version="1">
      <metadata>
        <title>Use Only Approved Ciphers</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Limit the ciphers to those which are FIPS-approved.</description>
      <reference ref_id="ssh_use_approved_ciphers" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-clients removed" definition_ref="oval:ssg-package_openssh-clients_removed:def:1"/>
        <criterion comment="Check Ciphers in /etc/ssh/ssh_config" test_ref="oval:ssg-test_ssh_use_approved_ciphers:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ssh_use_approved_macs:def:1" version="1">
      <metadata>
        <title>Use Only Approved Macs</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Limit the Message Authentication Codes (MACs) to those which are FIPS-approved.</description>
      <reference ref_id="ssh_use_approved_macs" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-clients removed" definition_ref="oval:ssg-package_openssh-clients_removed:def:1"/>
        <criterion comment="Check Macs in /etc/ssh/ssh_config" test_ref="oval:ssg-test_ssh_use_approved_macs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_compression:def:1" version="1">
      <metadata>
        <title>Ensure SSH Compression is Either Disabled Or Delayed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SSH daemon must not allow compression or 
	  must only allow compression after successful authentication.</description>
      <reference ref_id="sshd_compression" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check Compression in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_compression:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_disable_root_login:def:1" version="1">
      <metadata>
        <title>Disable root Login via SSH</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Root login via SSH should be disabled (and dependencies are
      met)</description>
      <reference ref_id="sshd_disable_root_login" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criteria comment="No 'PermitRootLogin yes' entries exists and a 'PremitRootLogin no' entry does exist." operator="AND">
          <criterion comment="Check PermitRootLogin in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_permitrootlogin_yes:tst:1"/>
          <criterion comment="Check PermitRootLogin in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_permitrootlogin_no:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_enable_warning_banner:def:1" version="1">
      <metadata>
        <title>Enable a Warning Banner</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>SSH warning banner should be enabled (and dependencies are
      met)</description>
      <reference ref_id="sshd_enable_warning_banner" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check Banner in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_banner_set:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_gssapiauthentication:def:1" version="1">
      <metadata>
        <title>Ensure GSSAPI Authentication is Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SSH Server must not permit GSSAPI authentication unless needed.</description>
      <reference ref_id="sshd_gssapiauthentication" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check GSSAPIAuthentication in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_gssapiauthentication:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_ipfiltering:def:1" version="1">
      <metadata>
        <title>Ensure IP Filtering For SSH</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SSH daemon must be configured for IP filtering.</description>
      <reference ref_id="sshd_ipfiltering" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check sshd in /etc/hosts.allow" test_ref="oval:ssg-test_sshd_ipfiltering_allow:tst:1"/>
        <criterion comment="Check sshd in /etc/hosts.deny" test_ref="oval:ssg-test_sshd_ipfiltering_deny:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_kerberosauthentication:def:1" version="1">
      <metadata>
        <title>Ensure Kerberos Authentication is Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SSH daemon must not permit Kerberos authentication unless needed.</description>
      <reference ref_id="sshd_kerberosauthentication" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check KerberosAuthentication in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_kerberosauthentication:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_listen_addresses:def:1" version="1">
      <metadata>
        <title>Ensure SSH Listens On Designated Interface</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SSH daemon must only listen on management network addresses 
	  unless authorized for uses other than management.</description>
      <reference ref_id="sshd_listen_addresses" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check ListenAddress in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_listen_addresses:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_no_cbc:def:1" version="1">
      <metadata>
        <title>No Cipher-Block Chaining Ciphers</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Ensure no Cipher-Block Chaining ciphers are configured.</description>
      <reference ref_id="sshd_no_cbc" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check Ciphers in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_no_cbc:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_printlastlog:def:1" version="1">
      <metadata>
        <title>Ensure SSH Displays Last Login Details</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must display the date and time of the last successful account login upon login.</description>
      <reference ref_id="sshd_printlastlog" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criteria operator="OR">
          <criterion comment="Check pam_lastlog in /etc/pam.d/sshd" test_ref="oval:ssg-test_sshd_pam_lastlog:tst:1"/>
          <criterion comment="Check PrintLastLog in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_printlastlog:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_privilegeseparation:def:1" version="1">
      <metadata>
        <title>Ensure Privilege Separation is Enabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SSH daemon must use privilege separation.</description>
      <reference ref_id="sshd_privilegeseparation" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check UsePrivilegeSeparation in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_privilegeseparation:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_protocol_2:def:1" version="1">
      <metadata>
        <title>Ensure Only Protocol 2 Connections Allowed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The OpenSSH daemon should be running protocol 2.</description>
      <reference ref_id="sshd_protocol_2" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check Protocol in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_protocol_2:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_rhostsrsaauthentication:def:1" version="1">
      <metadata>
        <title>Ensure Rhosts RSA Authentication is Disabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SSH daemon must not allow rhosts RSA authentication.</description>
      <reference ref_id="sshd_rhostsrsaauthentication" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check RhostsRSAAuthentication in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_rhostsrsaauthentication:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_strictmodes:def:1" version="1">
      <metadata>
        <title>Ensure StrictModes is Enabled</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The SSH daemon must perform strict mode checking of home directory configuration files.</description>
      <reference ref_id="sshd_strictmodes" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check StrictModes in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_strictmodes:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_use_approved_ciphers:def:1" version="1">
      <metadata>
        <title>Use Only Approved Ciphers</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Limit the ciphers to those which are FIPS-approved.</description>
      <reference ref_id="sshd_use_approved_ciphers" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check Ciphers in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_use_approved_ciphers:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_use_approved_macs:def:1" version="1">
      <metadata>
        <title>Use Only Approved Macs</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Limit the Message Authentication Codes (MACs) to those which are FIPS-approved.</description>
      <reference ref_id="sshd_use_approved_macs" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check Macs in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_use_approved_macs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_users_groups:def:1" version="1">
      <metadata>
        <title>Ensure SSH Displays Last Login Details</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must display the date and time of the last successful account login upon login.</description>
      <reference ref_id="sshd_users_groups" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check pam_access in /etc/pam.d/sshd" test_ref="oval:ssg-test_sshd_pam_access:tst:1"/>
        <criterion comment="Check AllowGroups or AllowUsers in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_users_groups:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sudo_wheel:def:1" version="1">
      <metadata>
        <title>Switching User To Root Requires Wheel Group Membership</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system must restrict the ability to switch to the root user to members of a defined group.</description>
      <reference ref_id="sudo_wheel" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_sudo_wheel:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysconfig_networking_bootproto_ifcfg:def:1" version="1">
      <metadata>
        <title>Disable DHCP Client</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>DHCP configuration should be static for all
      interfaces.</description>
      <reference ref_id="sysconfig_networking_bootproto_ifcfg" source="ssg"/></metadata>
      <criteria comment="Test for BOOTPROTO=static across all interfaces">
        <criterion test_ref="oval:ssg-test_sysconfig_networking_bootproto_ifcfg:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysconfig_networking_userctl_ifcfg:def:1" version="1">
      <metadata>
        <title>Disable User Control Of Network Interfaces</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Network interfaces must only be configurable by privileged users.</description>
      <reference ref_id="sysconfig_networking_userctl_ifcfg" source="ssg"/></metadata>
      <criteria comment="Test for USERCTL=no across all interfaces">
        <criterion test_ref="oval:ssg-test_sysconfig_networking_userctl_ifcfg:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_kernel_execshield:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "kernel.exec-shield" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "kernel.exec-shield" should be set to "1".</description>
      <reference ref_id="sysctl_kernel_execshield" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter kernel.exec-shield set to 1" test_ref="oval:ssg-test_runtime_sysctl_kernel_execshield:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter kernel.exec-shield set to 1" test_ref="oval:ssg-test_static_sysctl_kernel_execshield:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_kernel_nonexec_stack:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameters "kernel.exec-shield" and "kernel.randomize_va_space" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameters "kernel.exec-shield" and "kernel.randomize_va_space" should be set to "1".</description>
      <reference ref_id="sysctl_kernel_nonexec_stack" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter kernel.exec-shield set to 1" test_ref="oval:ssg-test_runtime_sysctl_kernel_exec_shield:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter kernel.exec-shield set to 1" test_ref="oval:ssg-test_static_sysctl_kernel_exec_shield:tst:1"/>
        <criteria operator="OR">
          <extend_definition comment="CentOS 4 is installed" definition_ref="oval:ssg-installed_OS_is_centos4:def:1"/>
          <extend_definition comment="RedHat 4 is installed" definition_ref="oval:ssg-installed_OS_is_rhel4:def:1"/>
          <criteria operator="AND">
            <criterion comment="kernel runtime parameter kernel.randomize_va_space set to 1" test_ref="oval:ssg-test_runtime_sysctl_kernel_randomize_va_space:tst:1"/>
            <criterion comment="kernel /etc/sysctl.conf parameter kernel.randomize_va_space set to 1" test_ref="oval:ssg-test_static_sysctl_kernel_randomize_va_space:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv4_conf_accept_redirects:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv4.conf.all.accept_redirects" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0".</description>
      <reference ref_id="sysctl_net_ipv4_conf_accept_redirects" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 0" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_conf_all_accept_redirects:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.conf.all.accept_redirects set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv4_conf_all_accept_redirects:tst:1"/>
        <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 0" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_conf_default_accept_redirects:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.conf.default.accept_redirects set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv4_conf_default_accept_redirects:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv4_conf_accept_source_route:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv4.conf.all.accept_source_route" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0".</description>
      <reference ref_id="sysctl_net_ipv4_conf_accept_source_route" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 0" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_conf_all_accept_source_route:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.conf.all.accept_source_route set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv4_conf_all_accept_source_route:tst:1"/>
        <criterion comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 0" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_conf_default_accept_source_route:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.conf.default.accept_source_route set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv4_conf_default_accept_source_route:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv4_conf_log_martians:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv4.conf.all.log_martians" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1".</description>
      <reference ref_id="sysctl_net_ipv4_conf_log_martians" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter net.ipv4.conf.all.log_martians set to 1" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_conf_all_log_martians:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.conf.all.log_martians set to 1" test_ref="oval:ssg-test_static_sysctl_net_ipv4_conf_all_log_martians:tst:1"/>
        <criterion comment="kernel runtime parameter net.ipv4.conf.default.log_martians set to 1" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_conf_default_log_martians:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.conf.default.log_martians set to 1" test_ref="oval:ssg-test_static_sysctl_net_ipv4_conf_default_log_martians:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv4_conf_send_redirects:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv4.conf.all.send_redirects" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0".</description>
      <reference ref_id="sysctl_net_ipv4_conf_send_redirects" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 0" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_conf_all_send_redirects:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.conf.all.send_redirects set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv4_conf_all_send_redirects:tst:1"/>
        <criterion comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 0" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_conf_default_send_redirects:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.conf.default.send_redirects set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv4_conf_default_send_redirects:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv4_icmp_echo_ignore_broadcasts:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv4.icmp_echo_ignore_broadcasts" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1".</description>
      <reference ref_id="sysctl_net_ipv4_icmp_echo_ignore_broadcasts" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter net.ipv4.icmp_echo_ignore_broadcasts set to 1" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.icmp_echo_ignore_broadcasts set to 1" test_ref="oval:ssg-test_static_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv4_ip_forward:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv4.ip_forward" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0".</description>
      <reference ref_id="sysctl_net_ipv4_ip_forward" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter net.ipv4.ip_forward set to 0" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_ip_forward:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.ip_forward set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv4_ip_forward:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv4_tcp_max_syn_backlog:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv4.tcp_max_syn_backlog" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv4.tcp_max_syn_backlog" should be set to "1280".</description>
      <reference ref_id="sysctl_net_ipv4_tcp_max_syn_backlog" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter net.ipv4.tcp_max_syn_backlog set to 1280" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_tcp_max_syn_backlog:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.tcp_max_syn_backlog set to 1280" test_ref="oval:ssg-test_static_sysctl_net_ipv4_tcp_max_syn_backlog:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv4_tcp_syncookies:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv4.tcp_syncookies" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1".</description>
      <reference ref_id="sysctl_net_ipv4_tcp_syncookies" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter net.ipv4.tcp_syncookies set to 1" test_ref="oval:ssg-test_runtime_sysctl_net_ipv4_tcp_syncookies:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv4.tcp_syncookies set to 1" test_ref="oval:ssg-test_static_sysctl_net_ipv4_tcp_syncookies:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv6_conf_all_accept_redirects:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv6.conf.all.accept_redirects" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv6.conf.all.accept_redirects" should be set to "0".</description>
      <reference ref_id="sysctl_net_ipv6_conf_all_accept_redirects" source="ssg"/></metadata>
      <criteria operator="AND">
        <!-- The test below is disabled since it causes failure if IPv6 is not enabled. -->
        <!-- <criterion comment="kernel runtime parameter net.ipv6.conf.all.accept_redirects set to 0" test_ref="test_runtime_sysctl_net_ipv6_conf_all_accept_redirects" /> -->
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv6.conf.all.accept_redirects set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv6_conf_all_accept_redirects:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_net_ipv6_conf_forwarding:def:1" version="1">
      <metadata>
        <title>Kernel Runtime Parameter "net.ipv6.conf.all.forwarding" Check</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The kernel runtime parameter "net.ipv6.conf.all.forwarding" should be set to "0".</description>
      <reference ref_id="sysctl_net_ipv6_conf_forwarding" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv6.conf.all.forwarding set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv6_conf_forwarding_all:tst:1"/>
        <criterion comment="kernel /etc/sysctl.conf parameter net.ipv6.conf.default.forwarding set to 0" test_ref="oval:ssg-test_static_sysctl_net_ipv6_conf_forwarding_default:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-syslog_nolisten:def:1" version="1">
      <metadata>
        <title>Syslog Configured as Log Server</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The syslog daemon must not accept remote 
	  messages unless it is a syslog server documented using 
	  site-defined procedures.</description>
      <reference ref_id="syslog_nolisten" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_syslog_nolisten:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-syslog_remote_loghost:def:1" version="1">
      <metadata>
        <title>Send Logs to a Remote Loghost</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Syslog logs should be sent to a remote loghost</description>
      <reference ref_id="syslog_remote_loghost" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_syslog_remote_loghost:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-system_access_control:def:1" version="1">
      <metadata>
        <title>Files /etc/hosts.allow and /etc/hosts.deny Must Exist and Be Configured</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The system's access control program must be configured to grant or deny system access to specific hosts.</description>
      <reference ref_id="system_access_control" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_system_access_control_hosts_allow_exists:tst:1"/>
        <criterion test_ref="oval:ssg-test_system_access_control_hosts_deny_configured:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-system_info_architecture_x86:def:1" version="1">
      <!-- Note that this does not meet requirements for class=inventory as
         that only tests for patches per 5.10.1 Revision 1 -->
      <metadata>
        <title>Test for x86 Architecture</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Generic test for x86 architecture to be used by other tests</description>
      <reference ref_id="system_info_architecture_x86" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Generic test for x86 architecture" test_ref="oval:ssg-test_system_info_architecture_x86:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-system_info_architecture_x86_64:def:1" version="1">
      <!-- Note that this does not meet requirements for class=inventory as
         that only tests for patches per 5.10.1 Revision 1 -->
      <metadata>
        <title>Test for x86_64 Architecture</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Generic test for x86_64 architecture to be used by other tests</description>
      <reference ref_id="system_info_architecture_x86_64" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Generic test for x86_64 architecture" test_ref="oval:ssg-test_system_info_architecture_x86_64:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-tftpd_user_shell:def:1" version="1">
      <metadata>
        <title>TFTP User Shell</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The TFTP daemon must be configured to vendor specifications, including a 
	  dedicated TFTP user account, a non-login shell such as /bin/false, and a home directory 
	  owned by the TFTP user.</description>
      <reference ref_id="tftpd_user_shell" source="ssg"/></metadata>
      <criteria comment="package tftp-server removed or /etc/xinetd.d/tftp configured correctly" operator="OR">
        <extend_definition comment="rpm package tftp-server removed" definition_ref="oval:ssg-package_tftp-server_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_tftpd_user_shell_disabled:tst:1"/>
        <criteria operator="AND">
          <criterion test_ref="oval:ssg-test_tftpd_user_shell_user:tst:1"/>
          <criterion test_ref="oval:ssg-test_tftpd_user_shell:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-tftpd_uses_secure_mode:def:1" version="1">
      <metadata>
        <title>TFTP Daemon Uses Secure Mode</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The TFTP daemon should use secure mode.</description>
      <reference ref_id="tftpd_uses_secure_mode" source="ssg"/></metadata>
      <criteria comment="package tftp-server removed or /etc/xinetd.d/tftp configured correctly" operator="OR">
        <extend_definition comment="rpm package tftp-server removed" definition_ref="oval:ssg-package_tftp-server_removed:def:1"/>
        <criterion comment="tftpd secure mode" test_ref="oval:ssg-test_tftpd_uses_secure_mode:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-xwindows_runlevel_setting:def:1" version="1">
      <metadata>
        <title>Disable X Windows Startup By Setting Runlevel</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>Checks /etc/inittab to ensure that default runlevel is set to 3.</description>
      <reference ref_id="xwindows_runlevel_setting" source="ssg"/></metadata>
      <criteria>
        <criterion comment="default runlevel is 3" test_ref="oval:ssg-test_etc_inittab_default_runlevel:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-account_disable_post_pw_expiration:def:1" version="2">
      <metadata>
        <title>Set Accounts to Expire Following Password Expiration</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The accounts should be configured to expire automatically following password expiration.</description>
      <reference ref_id="account_disable_post_pw_expiration" source="ssg"/></metadata>
      <criteria comment="the value INACTIVE parameter should be set appropriately in /etc/default/useradd">
        <criterion test_ref="oval:ssg-test_etc_default_useradd_inactive:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-account_unique_name:def:1" version="1">
      <metadata>
        <title>Set All Accounts To Have Unique Names</title>
        <affected family="unix">
        </affected>
        <description>All accounts on the system should have unique names for proper accountability.</description>
      <reference ref_id="account_unique_name" source="ssg"/></metadata>
      <criteria comment="There should not exist duplicate user name entries in /etc/passwd">
        <criterion test_ref="oval:ssg-test_etc_passwd_no_duplicate_user_names:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_minlen_login_defs:def:1" version="3">
      <metadata>
        <title>Set Password Expiration Parameters</title>
        <affected family="unix">
        </affected>
        <description>The password minimum length should be set appropriately.</description>
      <reference ref_id="accounts_password_minlen_login_defs" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_pass_min_len:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_pam_retry:def:1" version="1">
      <metadata>
        <title>Set Password retry Requirements</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
        </affected>
        <description>The password retry should meet minimum requirements</description>
      <reference ref_id="accounts_password_pam_retry" source="ssg"/></metadata>
      <criteria operator="OR" comment="Conditions for retry are satisfied">
        <criteria operator="AND" comment="system is RHEL6 with pam_cracklib configured">
          <extend_definition comment="RHEL6 OS installed" definition_ref="oval:ssg-installed_OS_is_rhel6:def:1"/>
          <criterion comment="rhel6 pam_cracklib" test_ref="oval:ssg-test_password_pam_cracklib_retry:tst:1"/>
        </criteria>
        <criteria operator="AND" comment="system is RHEL7 with pam_pwquality configured">
          <extend_definition comment="RHEL7 OS installed" definition_ref="oval:ssg-installed_OS_is_rhel7:def:1"/>
          <criterion comment="rhel7 pam_pwquality" test_ref="oval:ssg-test_password_pam_pwquality_retry:tst:1"/>
        </criteria>
        <criteria operator="AND" comment="system is Fedora with pam_pwquality configured">
          <extend_definition comment="Fedora OS installed" definition_ref="oval:ssg-installed_OS_is_fedora:def:1"/>
          <criterion comment="Fedora pam_pwquality" test_ref="oval:ssg-test_password_pam_pwquality_retry:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_password_warn_age_login_defs:def:1" version="3">
      <metadata>
        <title>Set Password Expiration Parameters</title>
        <affected family="unix">
        </affected>
        <description>The password expiration warning age should be set appropriately.</description>
      <reference ref_id="accounts_password_warn_age_login_defs" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_pass_warn_age:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_passwords_pam_faillock_deny:def:1" version="4">
      <metadata>
        <title>Lock out account after failed login attempts</title>
        <affected family="unix">
        </affected>
        <description>The number of allowed failed logins should be set correctly.</description>
      <reference ref_id="accounts_passwords_pam_faillock_deny" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_preauth_silent_system-auth:tst:1" comment="pam_faillock.so preauth silent set in system-auth"/>
        <criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_authfail_deny_system-auth:tst:1" comment="pam_faillock.so authfail deny value set in system-auth"/>
        <criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_account_phase_system-auth:tst:1" comment="pam_faillock.so set in account phase of system-auth"/>
        <criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_preauth_silent_password-auth:tst:1" comment="pam_faillock.so preauth silent set in password-auth"/>
        <criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_authfail_deny_password-auth:tst:1" comment="pam_faillock.so authfail deny value set in password-auth"/>
        <criterion test_ref="oval:ssg-test_accounts_passwords_pam_faillock_account_phase_password-auth:tst:1" comment="pam_faillock.so set in account phase of password-auth"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_passwords_pam_faillock_interval:def:1" version="2">
      <metadata>
        <title>Lock out account after failed login attempts</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The number of allowed failed logins should be set correctly.</description>
      <reference ref_id="accounts_passwords_pam_faillock_interval" source="ssg"/></metadata>
      <criteria>
        <criterion comment="preauth default is set to 900" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_system-auth:tst:1"/>
        <criterion comment="authfail default is set to 900" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_authfail_fail_interval_system-auth:tst:1"/>
        <criterion comment="authfail default is set to 900" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_password-auth:tst:1"/>
        <criterion comment="preauth default is set to 900" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_preauth_fail_interval_password-auth:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_passwords_pam_faillock_unlock_time:def:1" version="2">
      <metadata>
        <title>Lock out account after failed login attempts</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The number of allowed failed logins should be set correctly.</description>
      <reference ref_id="accounts_passwords_pam_faillock_unlock_time" source="ssg"/></metadata>
      <criteria>
        <criterion comment="preauth default is set to 604800" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_unlock_time_system-auth:tst:1"/>
        <criterion comment="authfail default is set to 604800" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_authfail_unlock_time_system-auth:tst:1"/>
        <criterion comment="authfail default is set to 604800" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_unlock_time_password-auth:tst:1"/>
        <criterion comment="preauth default is set to 604800" test_ref="oval:ssg-test_accounts_passwords_pam_faillock_preauth_unlock_time_password-auth:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_tmout:def:1" version="2">
      <metadata>
        <title>Set Interactive Session Timeout</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Checks interactive shell timeout</description>
      <reference ref_id="accounts_tmout" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="TMOUT value in /etc/profile &gt;= var_accounts_tmout" test_ref="oval:ssg-test_etc_profile_tmout:tst:1"/>
        <criterion comment="TMOUT value in /etc/profile.d/*.sh &gt;= var_accounts_tmout" test_ref="oval:ssg-test_etc_profiled_tmout:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_umask_etc_bashrc:def:1" version="2">
      <metadata>
        <title>Ensure that Users Have Sensible Umask Values set for bash</title>
        <affected family="unix">
          <platform>Wind River Linux 8</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The default umask for users of the bash shell</description>
      <reference ref_id="accounts_umask_etc_bashrc" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_accounts_user_umask_as_number:def:1"/>
        <criterion test_ref="oval:ssg-tst_accounts_umask_etc_bashrc:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_umask_etc_csh_cshrc:def:1" version="2">
      <metadata>
        <title>Ensure that Users Have Sensible Umask Values set for csh</title>
        <affected family="unix">
          <platform>Wind River Linux 8</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The default umask for users of the csh shell</description>
      <reference ref_id="accounts_umask_etc_csh_cshrc" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_accounts_user_umask_as_number:def:1"/>
        <criterion test_ref="oval:ssg-tst_accounts_umask_etc_csh_cshrc:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_umask_etc_login_defs:def:1" version="2">
      <metadata>
        <title>Ensure that Users Have Sensible Umask Values in /etc/login.defs</title>
        <affected family="unix">
          <platform>Wind River Linux 8</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The default umask for all users specified in /etc/login.defs</description>
      <reference ref_id="accounts_umask_etc_login_defs" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_accounts_user_umask_as_number:def:1"/>
        <criterion test_ref="oval:ssg-tst_accounts_umask_etc_login_defs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-accounts_umask_etc_profile:def:1" version="2">
      <metadata>
        <title>Ensure that Users Have Sensible Umask Values in /etc/profile</title>
        <affected family="unix">
          <platform>Wind River Linux 8</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The default umask for all users should be set correctly</description>
      <reference ref_id="accounts_umask_etc_profile" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_accounts_user_umask_as_number:def:1"/>
        <criterion test_ref="oval:ssg-tst_accounts_umask_etc_profile:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-aide_build_database:def:1" version="2">
      <metadata>
        <title>Aide Database Must Exist</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The aide database must be initialized.</description>
      <reference ref_id="aide_build_database" source="ssg"/></metadata>
      <criteria operator="AND">
        <!-- Only the configuration when location of the Aide database file is specified in the
           form of absolute path is checked. To check any possible relative path configuration
           that might happen would require to browse whole file system (resources expensive operation).
           Case when Aide database file is configured to be written into an SQL table (possibly
           even on remote host) is out of scope of this check -->
        <criterion test_ref="oval:ssg-test_aide_build_new_database_absolute_path:tst:1"/>
        <criterion test_ref="oval:ssg-test_aide_operational_database_absolute_path:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-aide_scan_notification:def:1" version="1">
      <metadata>
        <title>Configure Notification of Post-AIDE Scan Details</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>AIDE should notify appropriate personnel of the details
      of a scan after the scan has been run.</description>
      <reference ref_id="aide_scan_notification" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
        <criteria operator="OR">
          <criterion comment="notify personnel when aide completes" test_ref="oval:ssg-test_aide_scan_notification:tst:1"/>
          <criterion comment="notify personnel when aide completes" test_ref="oval:ssg-test_aide_var_cron_notification:tst:1"/>
          <criterion comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)" test_ref="oval:ssg-test_aide_crontabs_notification:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-aide_use_fips_hashes:def:1" version="1">
      <metadata>
        <title>Configure AIDE to Use FIPS 140-2 for Validating Hashes</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>AIDE should be configured to use the FIPS 140-2 
      cryptographic hashes.</description>
      <reference ref_id="aide_use_fips_hashes" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Installed OS is certified" definition_ref="oval:ssg-installed_OS_is_certified:def:1"/>
        <extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
        <criterion comment="non-FIPS hashes are not configured" test_ref="oval:ssg-test_aide_non_fips_hashes:tst:1"/>
        <criterion comment="FIPS hashes are configured" test_ref="oval:ssg-test_aide_use_fips_hashes:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-aide_verify_acls:def:1" version="1">
      <metadata>
        <title>Configure AIDE to Verify Access Control Lists (ACLs)</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>AIDE should be configured to verify Access Control Lists (ACLs).</description>
      <reference ref_id="aide_verify_acls" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
        <criterion comment="acl is set in /etc/aide.conf" test_ref="oval:ssg-test_aide_verify_acls:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-aide_verify_ext_attributes:def:1" version="1">
      <metadata>
        <title>Configure AIDE to Verify Extended Attributes</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>AIDE should be configured to verify extended file attributes.</description>
      <reference ref_id="aide_verify_ext_attributes" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Aide is installed" definition_ref="oval:ssg-package_aide_installed:def:1"/>
        <criterion comment="xattrs is set in /etc/aide.conf" test_ref="oval:ssg-test_aide_verify_ext_attributes:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_conf_log_group_not_root:def:1" version="1">
      <metadata>
        <title>'log_group' Not Set To 'root' In /etc/audit/auditd.conf</title>
        <affected family="unix">
        </affected>
        <description>Verify 'log_group' is not set to 'root' in
      /etc/audit/auditd.conf.</description>
      <reference ref_id="auditd_conf_log_group_not_root" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_auditd_conf_log_group_not_root:tst:1" comment="Verify 'log_group' not set to 'root' in /etc/audit/auditd.conf"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_data_retention_action_mail_acct:def:1" version="2">
      <metadata>
        <title>Auditd Email Account to Notify Upon Action</title>
        <affected family="unix">
        </affected>
        <description>action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account</description>
      <reference ref_id="auditd_data_retention_action_mail_acct" source="ssg"/></metadata>
      <criteria>
        <criterion comment="action_mail_acct setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_action_mail_acct:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_data_retention_admin_space_left_action:def:1" version="2">
      <metadata>
        <title>Auditd Action to Take When Disk is Low on Space</title>
        <affected family="unix">
        </affected>
        <description>admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action</description>
      <reference ref_id="auditd_data_retention_admin_space_left_action" source="ssg"/></metadata>
      <criteria>
        <criterion comment="admin_space_left_action setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_admin_space_left_action:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_data_retention_flush:def:1" version="1">
      <metadata>
        <title>Auditd priority for flushing data to disk</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The setting for flush in /etc/audit/auditd.conf</description>
      <reference ref_id="auditd_data_retention_flush" source="ssg"/></metadata>
      <criteria>
        <criterion comment="flush setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_flush:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_data_retention_max_log_file:def:1" version="2">
      <metadata>
        <title>Auditd Maximum Log File Size</title>
        <affected family="unix">
        </affected>
        <description>max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value</description>
      <reference ref_id="auditd_data_retention_max_log_file" source="ssg"/></metadata>
      <criteria>
        <criterion comment="max_log_file setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_max_log_file:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_data_retention_max_log_file_action:def:1" version="2">
      <metadata>
        <title>Auditd Action to Take When Maximum Log Size Reached</title>
        <affected family="unix">
        </affected>
        <description>max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action</description>
      <reference ref_id="auditd_data_retention_max_log_file_action" source="ssg"/></metadata>
      <criteria>
        <criterion comment="max_log_file_action setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_max_log_file_action:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_data_retention_num_logs:def:1" version="2">
      <metadata>
        <title>Auditd Maximum Number of Logs to Retain</title>
        <affected family="unix">
        </affected>
        <description>num_logs setting in /etc/audit/auditd.conf is set to at least a certain value</description>
      <reference ref_id="auditd_data_retention_num_logs" source="ssg"/></metadata>
      <criteria>
        <criterion comment="num_logs setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_num_logs:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-auditd_data_retention_space_left_action:def:1" version="3">
      <metadata>
        <title>Auditd Action to Take When Disk Starting to Run Low on Space</title>
        <affected family="unix">
        </affected>
        <description>space_left_action setting in /etc/audit/auditd.conf is set to a certain action</description>
      <reference ref_id="auditd_data_retention_space_left_action" source="ssg"/></metadata>
      <criteria>
        <criterion comment="space_left_action setting in auditd.conf" test_ref="oval:ssg-test_auditd_data_retention_space_left_action:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-cups_disable_browsing:def:1" version="1">
      <metadata>
        <title>Disable Printer Browsing Entirely if Possible</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The CUPS print service can be configured to broadcast a list
      of available printers to the network. Other machines on the network, also
      running the CUPS print service, can be configured to listen to these
      broadcasts and add and configure these printers for immediate use. By
      disabling this browsing capability, the machine will no longer generate
      or receive such broadcasts.</description>
      <reference ref_id="cups_disable_browsing" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="Ensure remote printer browsing is off" test_ref="oval:ssg-test_cups_disable_browsing_browsing_off:tst:1"/>
        <criterion comment="Ensure no incoming printer information packets are allowed" test_ref="oval:ssg-test_cups_disable_browsing_browseallow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-cups_disable_printserver:def:1" version="1">
      <metadata>
        <title>Disable Printer Server if Possible</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>By default, locally configured printers will not be shared
      over the network, but if this functionality has somehow been enabled,
      these recommendations will disable it again. Be sure to disable outgoing
      printer list broadcasts, or remote users will still be able to see the
      locally configured printers, even if they cannot actually print to them.
      To limit print serving to a particular set of users, use the Policy
      directive.</description>
      <reference ref_id="cups_disable_printserver" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="Don't use port directive" test_ref="oval:ssg-test_cups_disable_printserver_disable_port:tst:1"/>
        <criterion comment="Do use the listen directive" test_ref="oval:ssg-test_cups_disable_printserver_use_listen:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-dir_perms_etc_httpd_conf:def:1" version="2">
      <metadata>
        <title>Directory /etc/httpd/conf/ Permissions</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Directory permissions for /etc/httpd/conf/ should be set to 0750 (or stronger).</description>
      <reference ref_id="dir_perms_etc_httpd_conf" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="httpd not present or in use" definition_ref="oval:ssg-package_httpd_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_dir_perms_etc_httpd_conf:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-dir_perms_var_log_httpd:def:1" version="2">
      <metadata>
        <title>Directory /var/log/httpd/ Permissions</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Directory permissions for /var/log/httpd should be set to 0700 (or stronger).</description>
      <reference ref_id="dir_perms_var_log_httpd" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="httpd not present or in use" definition_ref="oval:ssg-package_httpd_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_dir_perms_var_log_httpd:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-disable_host_auth:def:1" version="2">
      <metadata>
        <title>Disable Host-Based Authentication</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>SSH host-based authentication should be disabled.</description>
      <reference ref_id="disable_host_auth" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check HostbasedAuthentication in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_hostbasedauthentication:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-disable_prelink:def:1" version="3">
      <metadata>
        <title>Disable Prelinking</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
        </affected>
        <description>The prelinking feature can interfere with the operation of
      checksum integrity tools (e.g. AIDE), mitigates the protection provided
      by ASLR, and requires additional CPU cycles by software upgrades.
      </description>
      <reference ref_id="disable_prelink" source="ssg"/></metadata>
      <criteria operator="OR" comment="Conditions for prelinking disabled are satisfied">
        <!-- Part for testing RHEL-6 system -->
        <!-- On RHEL6 system the prelink RPM package is installed by default -->
        <criteria operator="AND" comment="System is RHEL6 with prelinking disabled">
          <extend_definition comment="Installed OS is RHEL6" definition_ref="oval:ssg-installed_OS_is_rhel6:def:1"/>
          <criterion comment="Prelinking is disabled" test_ref="oval:ssg-test_prelinking_disabled:tst:1"/>
        </criteria>
        <!-- Part for testing RHEL-7 or Fedora system -->
        <!-- On RHEL7 and Fedora systems the prelink RPM package is *not* installed by default -->
        <criteria operator="AND" comment="System is RHEL7 or Fedora and prelink RPM is not installed or prelinking is disabled">
          <criteria operator="OR" comment="System is RHEL7 or Fedora">
            <extend_definition comment="Installed OS is RHEL7" definition_ref="oval:ssg-installed_OS_is_rhel7:def:1"/>
            <extend_definition comment="Installed OS is Fedora" definition_ref="oval:ssg-installed_OS_is_fedora:def:1"/>
          </criteria>
          <criteria operator="OR" comment="prelink RPM package not installed or prelinking disabled">
            <extend_definition comment="prelink RPM package not installed" definition_ref="oval:ssg-package_prelink_removed:def:1"/>
            <criterion comment="Prelinking is disabled" test_ref="oval:ssg-test_prelinking_disabled:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ensure_gpgcheck_globally_activated:def:1" version="1">
      <metadata>
        <title>Ensure Yum gpgcheck Globally Activated</title>
        <affected family="unix">
        </affected>
        <description>The gpgcheck option should be used to ensure that checking
      of an RPM package's signature always occurs prior to its
      installation.</description>
      <reference ref_id="ensure_gpgcheck_globally_activated" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria operator="AND">
          <extend_definition comment="Fedora installed" definition_ref="oval:ssg-installed_OS_is_fedora:def:1"/>
          <criterion comment="check value of gpgcheck in /etc/dnf/dnf.conf" test_ref="oval:ssg-test_dnf_ensure_gpgcheck_globally_activated:tst:1"/>
        </criteria>
        <criterion comment="check value of gpgcheck in /etc/yum.conf" test_ref="oval:ssg-test_yum_ensure_gpgcheck_globally_activated:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ensure_logrotate_activated:def:1" version="1">
      <metadata>
        <title>Ensure the logrotate utility performs the automatic rotation of log files on daily basis</title>
        <affected family="unix">
          <platform>Ubuntu 1604</platform>
          <platform>Debian 8</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>
      The frequency of automatic log files rotation performed by the logrotate utility should be configured to run daily
      </description>
      <reference ref_id="ensure_logrotate_activated" source="ssg"/></metadata>
      <criteria comment="/etc/logrotate.conf contains daily setting or /etc/cron.daily/logrotate file exists" operator="OR">
        <criterion comment="Check if daily is set in /etc/logrotate.conf" test_ref="oval:ssg-test_logrotate_conf_daily_setting:tst:1"/>
        <criterion comment="Check if /etc/cron.daily/logrotate file exists (and calls logrotate)" test_ref="oval:ssg-test_cron_daily_logrotate_existence:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ensure_redhat_gpgkey_installed:def:1" version="2">
      <metadata>
        <title>Red Hat Release and Auxiliary gpg-pubkey Packages Installed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The Red Hat release and auxiliary key packages are required to be installed.</description>
      <reference ref_id="ensure_redhat_gpgkey_installed" source="ssg"/></metadata>
      <criteria comment="Vendor GPG keys" operator="OR">
        <criteria comment="Red Hat Vendor Keys" operator="AND">
          <criteria comment="Red Hat Installed" operator="OR">
            <extend_definition comment="RHEL6 installed" definition_ref="oval:ssg-installed_OS_is_rhel6:def:1"/>
            <extend_definition comment="RHEL7 installed" definition_ref="oval:ssg-installed_OS_is_rhel7:def:1"/>
          </criteria>
          <criterion comment="package gpg-pubkey-fd431d51-4ae0493b is installed" test_ref="oval:ssg-test_package_gpgkey-fd431d51-4ae0493b_installed:tst:1"/>
          <criterion comment="package gpg-pubkey-2fa658e0-45700c69 is installed" test_ref="oval:ssg-test_package_gpgkey-2fa658e0-45700c69_installed:tst:1"/>
        </criteria>
        <criteria comment="CentOS Vendor Keys" operator="OR">
          <criteria comment="CentOS Installed" operator="OR">
            <extend_definition comment="CentOS6 installed" definition_ref="oval:ssg-installed_OS_is_centos6:def:1"/>
            <extend_definition comment="CentOS7 installed" definition_ref="oval:ssg-installed_OS_is_centos7:def:1"/>
          </criteria>
          <criterion comment="package gpg-pubkey-f4a80eb5-53a7ff4b is installed" test_ref="oval:ssg-test_package_gpgkey-f4a80eb5-53a7ff4b_installed:tst:1"/>
          <criterion comment="package gpg-pubkey-c105b9de-4e0fd3a3 is installed" test_ref="oval:ssg-test_package_gpgkey-c105b9de-4e0fd3a3_installed:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_ownership_binary_dirs:def:1" version="2">
      <metadata>
        <title>Verify that System Executables Have Root Ownership</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>
        Checks that /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin,
        /usr/local/sbin, /usr/libexec, and objects therein, are owned by root.
      </description>
      <reference ref_id="file_ownership_binary_dirs" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_ownership_binary_directories:tst:1"/>
        <criterion test_ref="oval:ssg-test_ownership_binary_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_ownership_library_dirs:def:1" version="1">
      <metadata>
        <title>Verify that Shared Library Files Have Root Ownership</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>
        Checks that /lib, /lib64, /usr/lib, /usr/lib64, /lib/modules, and
        objects therein, are owned by root.
      </description>
      <reference ref_id="file_ownership_library_dirs" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_ownership_lib_dir:tst:1"/>
        <criterion test_ref="oval:ssg-test_ownership_lib_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_ownership_var_log_audit:def:1" version="3">
      <metadata>
        <title>Verify /var/log/audit Ownership</title>
        <affected family="unix">
        </affected>
        <description>Checks that all /var/log/audit files and directories are owned by the root user and group.</description>
      <reference ref_id="file_ownership_var_log_audit" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria operator="AND" comment="directories are root owned">
          <criterion test_ref="oval:ssg-test_ownership_var_log_audit_files:tst:1"/>
          <criterion test_ref="oval:ssg-test_ownership_var_log_audit_directories:tst:1"/>
        </criteria>
        <criteria operator="AND" comment="log_group in auditd.conf is not root">
          <extend_definition comment="log_group in auditd.conf is not root" definition_ref="oval:ssg-auditd_conf_log_group_not_root:def:1"/>
          <criterion test_ref="oval:ssg-test_ownership_var_log_audit_files-non_root:tst:1"/>
          <criterion test_ref="oval:ssg-test_ownership_var_log_audit_directories-non_root:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_binary_dirs:def:1" version="2">
      <metadata>
        <title>Verify that System Executables Have Restrictive Permissions</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>
        Checks that binary files under /bin, /sbin, /usr/bin, /usr/sbin,
        /usr/local/bin, /usr/local/sbin, and /usr/libexec are not group-writable or world-writable.
      </description>
      <reference ref_id="file_permissions_binary_dirs" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_perms_binary_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_httpd_server_conf_files:def:1" version="2">
      <metadata>
        <title>Verify Permissions On Apache Web Server Configuration Files</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The /etc/httpd/conf/* files should have the appropriate permissions (0640 or stronger).</description>
      <reference ref_id="file_permissions_httpd_server_conf_files" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="httpd not present or in use" definition_ref="oval:ssg-package_httpd_removed:def:1"/>
        <criterion test_ref="oval:ssg-test_file_permissions_httpd_server_conf_files:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_ungroupowned:def:1" version="2">
      <metadata>
        <title>Find files unowned by a group</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
        </affected>
        <description>All files should be owned by a group</description>
      <reference ref_id="file_permissions_ungroupowned" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Check all files and make sure they are owned by a group" test_ref="oval:ssg-test_file_permissions_ungroupowned:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-file_permissions_var_log_audit:def:1" version="2">
      <metadata>
        <title>Verify /var/log/audit Permissions</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Checks for correct permissions for all log files in /var/log/audit.</description>
      <reference ref_id="file_permissions_var_log_audit" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion test_ref="oval:ssg-test_file_permissions_var_log_audit:tst:1" negate="true"/>
        <criteria operator="AND" comment="log_group in auditd.conf is not root">
          <extend_definition comment="log_group in auditd.conf is not root" definition_ref="oval:ssg-auditd_conf_log_group_not_root:def:1"/>
          <criterion test_ref="oval:ssg-test_file_permissions_var_log_audit-non_root:tst:1" negate="true"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-ftp_present_banner:def:1" version="1">
      <metadata>
        <title>Banner for FTP Users</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
        </affected>
        <description>This setting will cause the system greeting banner to be 
      used for FTP connections as well.</description>
      <reference ref_id="ftp_present_banner" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="vsftpd package is not installed" negate="true" definition_ref="oval:ssg-package_vsftpd_installed:def:1"/>
        <criterion comment="Banner for FTP Users" test_ref="oval:ssg-test_ftp_present_banner:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-gid_passwd_group_same:def:1" version="2">
      <metadata>
        <title>All GIDs Are Present In /etc/group</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>All GIDs referenced in /etc/passwd must be defined in /etc/group.</description>
      <reference ref_id="gid_passwd_group_same" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_gid_passwd_group_same:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-groupowner_shadow_file:def:1" version="2">
      <metadata>
        <title>Verify group who owns 'shadow' file</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
        </affected>
        <description>The /etc/shadow file should be owned by the appropriate
      group.</description>
      <reference ref_id="groupowner_shadow_file" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_groupowner_etc_shadow:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-install_antivirus:def:1" version="1">
      <metadata>
        <title>Package Antivirus Installed</title>
        <affected family="unix">
        </affected>
        <description>Antivirus software should be installed.</description>
      <reference ref_id="install_antivirus" source="ssg"/></metadata>
      <criteria comment="Antivirus is not being used or conditions are met">
        <extend_definition comment="McAfee A/V Installed" definition_ref="oval:ssg-install_mcafee_antivirus:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-install_mcafee_antivirus:def:1" version="1">
      <metadata>
        <title>Package McAfeeVSEForLinux Installed</title>
        <affected family="unix">
        </affected>
        <description>McAfee Antivirus software should be installed.</description>
      <reference ref_id="install_mcafee_antivirus" source="ssg"/></metadata>
      <criteria comment="Antivirus is not being used or conditions are met" operator="AND">
        <extend_definition comment="McAfee Runtime Libraries and Agent" definition_ref="oval:ssg-install_mcafee_cma_rt:def:1"/>
        <criterion comment="Linuxshield AntiVirus package is installed" test_ref="oval:ssg-test_linuxshield_install_antivirus:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-install_mcafee_cma_rt:def:1" version="1">
      <metadata>
        <title>Install the McAfee Runtime Libraries and Linux Agent</title>
        <affected family="unix">
        </affected>
        <description>Install the McAfee Runtime Libraries (MFErt) and Linux Agent (MFEcma).</description>
      <reference ref_id="install_mcafee_cma_rt" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="McAfee runtime library package installed" test_ref="oval:ssg-test_mcafee_runtime_installed:tst:1"/>
        <criterion comment="McAfee management agent package installed" test_ref="oval:ssg-test_mcafee_management_agent:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-install_mcafee_hbss:def:1" version="1">
      <metadata>
        <title>Install McAfee Host-Based Intrusion Detection Software (HBSS)</title>
        <affected family="unix">
        </affected>
        <description>McAfee Host-Based Intrusion Detection Software (HBSS) software
      should be installed.</description>
      <reference ref_id="install_mcafee_hbss" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="McAfee HBSS" definition_ref="oval:ssg-install_mcafee_cma_rt:def:1"/>
        <extend_definition comment="McAfee HBSS" definition_ref="oval:ssg-install_mcafee_hbss_accm:def:1"/>
        <extend_definition comment="McAfee HBSS" definition_ref="oval:ssg-install_mcafee_hbss_hips:def:1"/>
        <extend_definition comment="McAfee HBSS" definition_ref="oval:ssg-install_mcafee_hbss_pa:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-install_mcafee_hbss_accm:def:1" version="1">
      <metadata>
        <title>Install the Asset Configuration Compliance Module (ACCM)</title>
        <affected family="unix">
        </affected>
        <description>Install the Asset Configuration Compliance Module (ACCM).</description>
      <reference ref_id="install_mcafee_hbss_accm" source="ssg"/></metadata>
      <criteria>
        <criterion comment="McAfee ACCM is installed" test_ref="oval:ssg-test_mcafee_accm_exists:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-install_mcafee_hbss_hips:def:1" version="1">
      <metadata>
        <title>Install the Host Intrusion Prevention System (HIPS) Module</title>
        <affected family="unix">
        </affected>
        <description>Install the McAfee Host Intrusion Prevention System (HIPS) Module if it is
      absolutely necessary. If SELinux is enabled, do not install or enable this module.</description>
      <reference ref_id="install_mcafee_hbss_hips" source="ssg"/></metadata>
      <criteria>
        <criterion comment="McAfee IPS  is installed" test_ref="oval:ssg-test_mcafee_hbss_hips_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-install_mcafee_hbss_pa:def:1" version="1">
      <metadata>
        <title>Install the Policy Auditor (PA) Module</title>
        <affected family="unix">
        </affected>
        <description>Install the Policy Auditor (PA) Module.</description>
      <reference ref_id="install_mcafee_hbss_pa" source="ssg"/></metadata>
      <criteria>
        <criterion comment="McAfee Policy Auditor is installed" test_ref="oval:ssg-test_mcafee_auditengine_exists:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_centos6:def:1" version="2">
      <metadata>
        <title>CentOS 6</title>
        <affected family="unix">
        </affected>
        <reference ref_id="cpe:/o:centos:centos:6" source="CPE"/>
        <description>The operating system installed on the system is
      CentOS 6</description>
      <reference ref_id="installed_OS_is_centos6" source="ssg"/></metadata>
      <criteria>
        <extend_definition comment="Installed OS is part of the Unix family" definition_ref="oval:ssg-installed_OS_is_part_of_Unix_family:def:1"/>
        <criterion comment="CentOS6 is installed" test_ref="oval:ssg-test_centos6:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_centos7:def:1" version="2">
      <metadata>
        <title>CentOS 7</title>
        <affected family="unix">
        </affected>
        <reference ref_id="cpe:/o:centos:centos:7" source="CPE"/>
        <description>The operating system installed on the system is
      CentOS 7</description>
      <reference ref_id="installed_OS_is_centos7" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Installed OS is part of the Unix family" definition_ref="oval:ssg-installed_OS_is_part_of_Unix_family:def:1"/>
        <criterion comment="CentOS7 is installed" test_ref="oval:ssg-test_centos7:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-installed_OS_is_certified:def:1" version="1">
      <metadata>
        <title>Vendor Certified Operating System</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The operating system installed on the system is
      a certified vendor operating system and meets government
      requirements/certifications such as FIPS, NIAP, etc.</description>
      <reference ref_id="installed_OS_is_certified" source="ssg"/></metadata>
      <criteria comment="Installed operating system is a certified operating system" operator="OR">
        <extend_definition comment="Installed OS is RHEL6" definition_ref="oval:ssg-installed_OS_is_rhel6:def:1"/>
        <extend_definition comment="Installed OS is RHEL7" definition_ref="oval:ssg-installed_OS_is_rhel7:def:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_fedora:def:1" version="3">
      <metadata>
        <title>Installed operating system is Fedora</title>
        <affected family="unix">
        </affected>
        <reference ref_id="cpe:/o:fedoraproject:fedora:22" source="CPE"/>
        <reference ref_id="cpe:/o:fedoraproject:fedora:23" source="CPE"/>
        <reference ref_id="cpe:/o:fedoraproject:fedora:24" source="CPE"/>
        <reference ref_id="cpe:/o:fedoraproject:fedora:25" source="CPE"/>
        <description>The operating system installed on the system is Fedora</description>
      <reference ref_id="installed_OS_is_fedora" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Installed OS is part of the Unix family" definition_ref="oval:ssg-installed_OS_is_part_of_Unix_family:def:1"/>
        <criterion comment="fedora-release RPM package is installed" test_ref="oval:ssg-test_fedora_release_rpm:tst:1"/>
        <criterion comment="CPE vendor is 'fedoraproject' and product is 'fedora'" test_ref="oval:ssg-test_fedora_vendor_product:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_part_of_Unix_family:def:1" version="1">
      <metadata>
        <title>Installed operating system is part of the Unix family</title>
        <affected family="unix">
        </affected>
        <description>The operating system installed on the system is part of the Unix OS family</description>
      <reference ref_id="installed_OS_is_part_of_Unix_family" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Installed operating system is part of the unix family" test_ref="oval:ssg-test_unix_family:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_rhel6:def:1" version="2">
      <metadata>
        <title>Red Hat Enterprise Linux 6</title>
        <affected family="unix">
        </affected>
        <reference ref_id="cpe:/o:redhat:enterprise_linux:6" source="CPE"/>
        <description>The operating system installed on the system is
      Red Hat Enterprise Linux 6</description>
      <reference ref_id="installed_OS_is_rhel6" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Installed OS is part of the Unix family" definition_ref="oval:ssg-installed_OS_is_part_of_Unix_family:def:1"/>
        <criteria operator="OR">
          <criterion comment="RHEL 6 Workstation is installed" test_ref="oval:ssg-test_rhel_workstation:tst:1"/>
          <criterion comment="RHEL 6 Server is installed" test_ref="oval:ssg-test_rhel_server:tst:1"/>
          <criterion comment="RHEL 6 Compute Node is installed" test_ref="oval:ssg-test_rhel_computenode:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_rhel7:def:1" version="1">
      <metadata>
        <title>Red Hat Enterprise Linux 7</title>
        <affected family="unix">
        </affected>
        <reference ref_id="cpe:/o:redhat:enterprise_linux:7" source="CPE"/>
        <description>The operating system installed on the system is
      Red Hat Enterprise Linux 7</description>
      <reference ref_id="installed_OS_is_rhel7" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Installed operating system is part of the unix family" test_ref="oval:ssg-test_rhel7_unix_family:tst:1"/>
        <criteria operator="OR">
          <criterion comment="RHEL 7 Workstation is installed" test_ref="oval:ssg-test_rhel7_workstation:tst:1"/>
          <criterion comment="RHEL 7 Server is installed" test_ref="oval:ssg-test_rhel7_server:tst:1"/>
          <criterion comment="RHEL 7 Compute Node is installed" test_ref="oval:ssg-test_rhel7_computenode:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_sl6:def:1" version="2">
      <metadata>
        <title>Scientific Linux 6</title>
        <affected family="unix">
        </affected>
        <reference ref_id="cpe:/o:scientificlinux:scientificlinux:6" source="CPE"/>
        <description>The operating system installed on the system is
      Scientific Linux 6</description>
      <reference ref_id="installed_OS_is_sl6" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Installed OS is part of the Unix family" definition_ref="oval:ssg-installed_OS_is_part_of_Unix_family:def:1"/>
        <criterion comment="Scientific Linux 6 is installed" test_ref="oval:ssg-test_sl6:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_sl7:def:1" version="2">
      <metadata>
        <title>Scientific Linux 7</title>
        <affected family="unix">
        </affected>
        <reference ref_id="cpe:/o:scientificlinux:scientificlinux:6" source="CPE"/>
        <description>The operating system installed on the system is
      Scientific Linux 7</description>
      <reference ref_id="installed_OS_is_sl7" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Installed OS is part of the Unix family" definition_ref="oval:ssg-installed_OS_is_part_of_Unix_family:def:1"/>
        <criterion comment="Scientific Linux 7 is installed" test_ref="oval:ssg-test_sl7:tst:1"/>
      </criteria>
    </definition>
    <definition class="inventory" id="oval:ssg-installed_OS_is_wrlinux:def:1" version="1">
      <metadata>
        <title>WRLinux</title>
        <affected family="unix">
        </affected>
        <reference ref_id="cpe:/o:windriver:wrlinux" source="CPE"/>
        <description>The operating system installed on the system is
      Wind River Linux</description>
      <reference ref_id="installed_OS_is_wrlinux" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Installed operating system is part of the unix family" test_ref="oval:ssg-test_unix_wrlinux:tst:1"/>
        <criterion comment="WRLinux is installed" test_ref="oval:ssg-test_wrlinux:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-logwatch_configured_hostlimit:def:1" version="1">
      <metadata>
        <title>Ensure Logwatch HostLimit Configured</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Test if HostLimit line in logwatch.conf is set appropriately.</description>
      <reference ref_id="logwatch_configured_hostlimit" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="Test value of HostLimit" test_ref="oval:ssg-test_logwatch_configured_hostlimit:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-logwatch_configured_splithosts:def:1" version="1">
      <metadata>
        <title>Ensure Logwatch SplitHosts Configured</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Check if SplitHosts line in logwatch.conf is set appropriately.</description>
      <reference ref_id="logwatch_configured_splithosts" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Test value of SplitHosts" test_ref="oval:ssg-test_logwatch_configured_splithosts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_dev_shm_nodev:def:1" version="1">
      <metadata>
        <title>Add nodev Option to /dev/shm</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Legitimate character and block devices should not exist
      within temporary directories like /dev/shm. The nodev mount option should
      be specified for /dev/shm.</description>
      <reference ref_id="mount_option_dev_shm_nodev" source="ssg"/></metadata>
      <criteria>
        <criterion comment="nodev on /dev/shm" test_ref="oval:ssg-test_nodev_dev_shm:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_dev_shm_noexec:def:1" version="1">
      <metadata>
        <title>Add noexec Option to /dev/shm</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>It can be dangerous to allow the execution of binaries from
      world-writable temporary storage directories such as /dev/shm. The noexec
      mount option prevents binaries from being executed out of
      /dev/shm.</description>
      <reference ref_id="mount_option_dev_shm_noexec" source="ssg"/></metadata>
      <criteria>
        <criterion comment="noexec on /dev/shm" test_ref="oval:ssg-test_noexec_dev_shm:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_dev_shm_nosuid:def:1" version="1">
      <metadata>
        <title>Add nosuid Option to /dev/shm</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The nosuid mount option should be set for temporary storage
      partitions such as /dev/shm. The suid/sgid permissions should not be
      required in these world-writable directories.</description>
      <reference ref_id="mount_option_dev_shm_nosuid" source="ssg"/></metadata>
      <criteria>
        <criterion comment="nosuid on /dev/shm" test_ref="oval:ssg-test_nosuid_dev_shm:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_nodev_nonroot_local_partitions:def:1" version="1">
      <metadata>
        <title>Add nodev Option to Non-Root Local Partitions</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The nodev mount option prevents files from being interpreted
      as character or block devices. Legitimate character and block devices
      should exist in the /dev directory on the root partition or within chroot
      jails built for system services. All other locations should not allow
      character and block devices.</description>
      <reference ref_id="mount_option_nodev_nonroot_local_partitions" source="ssg"/></metadata>
      <criteria>
        <criterion comment="nodev on local filesystems" test_ref="oval:ssg-test_nodev_nonroot_local_partitions:tst:1" negate="true"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_nodev_remote_filesystems:def:1" version="1">
      <metadata>
        <title>Mount Remote Filesystems with nodev</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The nodev option should be enabled for all NFS mounts in /etc/fstab.</description>
      <reference ref_id="mount_option_nodev_remote_filesystems" source="ssg"/></metadata>
      <criteria operator="XOR">
        <!-- these tests are designed to be mutually exclusive; either no nfs mounts exist in /etc/fstab -->
        <!-- or all of the nfs mounts defined in /etc/fstab have the nodev mount option specified -->
        <criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_no_nfs_defined_etc_fstab_nodev:tst:1"/>
        <criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_nfs_nodev_etc_fstab:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_nodev_removable_partitions:def:1" version="4">
      <metadata>
        <title>Add nodev Option to Removable Media Partitions</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The nodev mount option prevents files from being interpreted
      as character or block devices. Legitimate character and block devices
      should exist in the /dev directory on the root partition or within chroot
      jails built for system services. All other locations should not allow
      character and block devices.</description>
      <reference ref_id="mount_option_nodev_removable_partitions" source="ssg"/></metadata>
      <criteria operator="OR">
        <!-- First check if specified removable partition truly exists on the system. If not, don't check /etc/fstab & runtime configuration
           since there's no device to check against -->
        <extend_definition comment="Check if removable partition really exists on the system" definition_ref="oval:ssg-removable_partition_doesnt_exist:def:1"/>
        <!-- Removable device exists. Check if it's CD/DVD drive. If so, verify that at least one from all of the possible its alternative
           names in /etc/fstab & runtime configuration are configured with 'nodev' option -->
        <criteria operator="AND">
          <extend_definition comment="Check if removable partition value represents CD/DVD drive" definition_ref="oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1"/>
          <criterion test_ref="oval:ssg-test_nodev_etc_fstab_cd_dvd_drive:tst:1" comment="Check if at least one from CD/DVD drive alternative names is using 'nodev' mount option in /etc/fstab"/>
          <criterion test_ref="oval:ssg-test_nodev_runtime_cd_dvd_drive:tst:1" comment="Check if at least one from CD/DVD drive alternative names is using 'nodev' mount option in runtime configuration"/>
        </criteria>
        <!-- Removable device exists & isn't CD/DVD drive. Check the particular devices is configured with 'nodev' mount option in both
           /etc/fstab & runtime configuration -->
        <criteria operator="AND">
          <criterion test_ref="oval:ssg-test_nodev_etc_fstab_not_cd_dvd_drive:tst:1" comment="Check if removable partition is using 'nodev' mount option in /etc/fstab"/>
          <criterion test_ref="oval:ssg-test_nodev_runtime_not_cd_dvd_drive:tst:1" comment="Check if removable partition is using 'nodev' mount option in runtime configuration"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_noexec_removable_partitions:def:1" version="4">
      <metadata>
        <title>Add noexec Option to Removable Media Partitions</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The noexec mount option prevents the direct execution of
      binaries on the mounted filesystem. Users should not be allowed to
      execute binaries that exist on partitions mounted from removable media
      (such as a USB key). The noexec option prevents code from being executed
      directly from the media itself, and may therefore provide a line of
      defense against certain types of worms or malicious code.</description>
      <reference ref_id="mount_option_noexec_removable_partitions" source="ssg"/></metadata>
      <criteria operator="OR">
        <!-- First check if specified removable partition truly exists on the system. If not, don't check /etc/fstab & runtime configuration
           since there's no device to check against -->
        <extend_definition comment="Check if removable partition really exists on the system" definition_ref="oval:ssg-removable_partition_doesnt_exist:def:1"/>
        <!-- Removable device exists. Check if it's CD/DVD drive. If so, verify that at least one from all of the possible its alternative
           names in /etc/fstab & runtime configuration are configured with 'noexec' option -->
        <criteria operator="AND">
          <extend_definition comment="Check if removable partition value represents CD/DVD drive" definition_ref="oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1"/>
          <criterion test_ref="oval:ssg-test_noexec_etc_fstab_cd_dvd_drive:tst:1" comment="Check if at least one from CD/DVD drive alternative names is using 'noexec' mount option in /etc/fstab"/>
          <criterion test_ref="oval:ssg-test_noexec_runtime_cd_dvd_drive:tst:1" comment="Check if at least one from CD/DVD drive alternative names is using 'noexec' mount option in runtime configuration"/>
        </criteria>
        <!-- Removable device exists & isn't CD/DVD drive. Check the particular devices is configured with 'noexec' mount option in both
           /etc/fstab & runtime configuration -->
        <criteria operator="AND">
          <criterion test_ref="oval:ssg-test_noexec_etc_fstab_not_cd_dvd_drive:tst:1" comment="Check if removable partition is using 'noexec' mount option in /etc/fstab"/>
          <criterion test_ref="oval:ssg-test_noexec_runtime_not_cd_dvd_drive:tst:1" comment="Check if removable partition is using 'noexec' mount option in runtime configuration"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_nosuid_remote_filesystems:def:1" version="1">
      <metadata>
        <title>Mount Remote Filesystems with nosuid</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The nosuid option should be enabled for all NFS mounts in /etc/fstab.</description>
      <reference ref_id="mount_option_nosuid_remote_filesystems" source="ssg"/></metadata>
      <criteria operator="XOR">
        <!-- these tests are designed to be mutually exclusive; either no nfs mounts exist in /etc/fstab -->
        <!-- or all of the nfs mounts defined in /etc/fstab have the nosuid mount option specified -->
        <criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_no_nfs_defined_etc_fstab_nosuid:tst:1"/>
        <criterion comment="remote nfs filesystems" test_ref="oval:ssg-test_nfs_nosuid_etc_fstab:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_nosuid_removable_partitions:def:1" version="4">
      <metadata>
        <title>Add nosuid Option to Removable Media Partitions</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The nosuid mount option prevents set-user-identifier (suid)
      and set-group-identifier (sgid) permissions from taking effect. These
      permissions allow users to execute binaries with the same permissions as
      the owner and group of the file respectively. Users should not be allowed
      to introduce suid and guid files into the system via partitions mounted
      from removeable media.</description>
      <reference ref_id="mount_option_nosuid_removable_partitions" source="ssg"/></metadata>
      <criteria operator="OR">
        <!-- First check if specified removable partition truly exists on the system. If not, don't check /etc/fstab & runtime configuration
           since there's no device to check against -->
        <extend_definition comment="Check if removable partition really exists on the system" definition_ref="oval:ssg-removable_partition_doesnt_exist:def:1"/>
        <!-- Removable device exists. Check if it's CD/DVD drive. If so, verify that at least one from all of the possible its alternative
           names in /etc/fstab & runtime configuration are configured with 'nosuid' option -->
        <criteria operator="AND">
          <extend_definition comment="Check if removable partition value represents CD/DVD drive" definition_ref="oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1"/>
          <criterion test_ref="oval:ssg-test_nosuid_etc_fstab_cd_dvd_drive:tst:1" comment="Check if at least one from CD/DVD drive alternative names is using 'nosuid' mount option in /etc/fstab"/>
          <criterion test_ref="oval:ssg-test_nosuid_runtime_cd_dvd_drive:tst:1" comment="Check if at least one from CD/DVD drive alternative names is using 'nosuid' mount option in runtime configuration"/>
        </criteria>
        <!-- Removable device exists & isn't CD/DVD drive. Check the particular devices is configured with 'nosuid' mount option in both
           /etc/fstab & runtime configuration -->
        <criteria operator="AND">
          <criterion test_ref="oval:ssg-test_nosuid_etc_fstab_not_cd_dvd_drive:tst:1" comment="Check if removable partition is using 'nosuid' mount option in /etc/fstab"/>
          <criterion test_ref="oval:ssg-test_nosuid_runtime_not_cd_dvd_drive:tst:1" comment="Check if removable partition is using 'nosuid' mount option in runtime configuration"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_smb_client_signing:def:1" version="1">
      <metadata>
        <title>Require Client SMB Packet Signing, if using
      mount.cifs</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Require packet signing of clients who mount
      Samba shares using the mount.cifs program (e.g., those who
      specify shares in /etc/fstab). To do so, ensure that signing
      options (either sec=krb5i or sec=ntlmv2i) are
      used.</description>
      <reference ref_id="mount_option_smb_client_signing" source="ssg"/></metadata>
      <criteria operator="OR">
        <criteria operator="AND">
          <extend_definition comment="samba-common installed" definition_ref="oval:ssg-package_samba-common_installed:def:1"/>
          <criteria operator="OR">
            <criterion comment="check for no cifs in /etc/fstab" test_ref="oval:ssg-test_20340111:tst:1"/>
            <criterion comment="check for sec=krb5i or sec=ntlmv2i in /etc/fstab" test_ref="oval:ssg-test_20340112:tst:1"/>
          </criteria>
          <criteria operator="OR">
            <criterion comment="check for no cifs in /etc/mtab" test_ref="oval:ssg-test_20340113:tst:1"/>
            <criterion comment="check for sec=krb5i or sec=ntlmv2i in /etc/mtab" test_ref="oval:ssg-test_20340114:tst:1"/>
          </criteria>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_tmp_nodev:def:1" version="1">
      <metadata>
        <title>Add nodev Option to /tmp</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Legitimate character and block devices should not exist
      within temporary directories like /tmp. The nodev mount option should be
      specified for /tmp.</description>
      <reference ref_id="mount_option_tmp_nodev" source="ssg"/></metadata>
      <criteria>
        <criterion comment="nodev on /tmp" test_ref="oval:ssg-test_nodev_tmp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_tmp_noexec:def:1" version="1">
      <metadata>
        <title>Add noexec Option to /tmp</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>It can be dangerous to allow the execution of binaries from
      world-writable temporary storage directories such as /tmp. The noexec
      mount option prevents binaries from being executed out of
      /tmp.</description>
      <reference ref_id="mount_option_tmp_noexec" source="ssg"/></metadata>
      <criteria>
        <criterion comment="noexec on /tmp" test_ref="oval:ssg-test_noexec_tmp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_tmp_nosuid:def:1" version="1">
      <metadata>
        <title>Add nosuid Option to /tmp</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The nosuid mount option should be set for temporary storage
      partitions such as /tmp. The suid/sgid permissions should not be required
      in these world-writable directories.</description>
      <reference ref_id="mount_option_tmp_nosuid" source="ssg"/></metadata>
      <criteria>
        <criterion comment="nosuid on /tmp" test_ref="oval:ssg-test_nosuid_tmp:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-mount_option_var_tmp_bind:def:1" version="1">
      <metadata>
        <title>Bind Mount /var/tmp To /tmp</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The /var/tmp directory should be bind mounted to /tmp in
      order to consolidate temporary storage into one location protected by the
      same techniques as /tmp.</description>
      <reference ref_id="mount_option_var_tmp_bind" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="Ensure /var/tmp is mounted" test_ref="oval:ssg-test_mount_option_var_tmp:tst:1"/>
        <criterion comment="Ensure /tmp is bind mounted" test_ref="oval:ssg-test_mount_option_var_tmp_bind:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-network_disable_zeroconf:def:1" version="1">
      <metadata>
        <title>Disable Zeroconf Networking</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Disable Zeroconf automatic route assignment in the
      169.254.0.0 subnet.</description>
      <reference ref_id="network_disable_zeroconf" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Look for NOZEROCONF=yes in /etc/sysconfig/network" test_ref="oval:ssg-test_sysconfig_nozeroconf_yes:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-network_ipv6_disable_rpc:def:1" version="1">
      <metadata>
        <title>Disable Support for RPC IPv6</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Disable ipv6 based rpc services</description>
      <reference ref_id="network_ipv6_disable_rpc" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="Disable udp6" test_ref="oval:ssg-test_network_ipv6_disable_rpc_udp6:tst:1"/>
        <criterion comment="Disable tcp6" test_ref="oval:ssg-test_network_ipv6_disable_rpc_tcp6:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-network_sniffer_disabled:def:1" version="1">
      <metadata>
        <title>Disable the network sniffer</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Disable the network sniffer</description>
      <reference ref_id="network_sniffer_disabled" source="ssg"/></metadata>
      <criteria>
        <criterion comment="promisc interfaces" test_ref="oval:ssg-test_promisc_interfaces:tst:1" negate="true"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-no_direct_root_logins:def:1" version="1">
      <metadata>
        <title>Direct root Logins Not Allowed</title>
        <affected family="unix">
        </affected>
        <description>Preventing direct root logins help ensure accountability for actions
      taken on the system using the root account.</description>
      <reference ref_id="no_direct_root_logins" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="serial ports /etc/securetty" test_ref="oval:ssg-test_no_direct_root_logins:tst:1"/>
        <criterion comment="serial ports /etc/securetty" test_ref="oval:ssg-test_etc_securetty_exists:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-no_insecure_locks_exports:def:1" version="1">
      <metadata>
        <title>Ensure insecure_locks is disabled</title>
        <affected family="unix">
        </affected>
        <description>Allowing insecure file locking could allow for sensitive 
      data to be viewed or edited by an unauthorized user.</description>
      <reference ref_id="no_insecure_locks_exports" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Check for insecure NFS locks in /etc/exports" test_ref="oval:ssg-test_no_insecure_locks_exports:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-no_shelllogin_for_systemaccounts:def:1" version="2">
      <metadata>
        <title>System Accounts Do Not Run a Shell</title>
        <affected family="unix">
        </affected>
        <description>The root account is the only system account that should have
      a login shell.</description>
      <reference ref_id="no_shelllogin_for_systemaccounts" source="ssg"/></metadata>
      <criteria operator="OR">
        <!-- If SYS_UID_MIN and SYS_UID_MAX is not defined in /etc/login.defs
           perform the check that all /etc/passwd entries having shell defined
           have UIDs outside the default <0, UID_MIN -1> range.
           If at least one UID with shell defined exists within that range,
           the requirement isn't met -->
        <criteria operator="AND">
          <criterion comment="Test SYS_UID_MIN not defined in /etc/login.defs" test_ref="oval:ssg-test_sys_uid_min_not_defined:tst:1"/>
          <criterion comment="Test SYS_UID_MAX not defined in /etc/login.defs" test_ref="oval:ssg-test_sys_uid_max_not_defined:tst:1"/>
          <criterion comment="Test shell defined for UID from &lt;0, UID_MIN -1&gt;" test_ref="oval:ssg-test_shell_defined_default_uid_range:tst:1"/>
        </criteria>
        <!-- If both SYS_UID_MIN and SYS_UID_MAX are defined in /etc/login.defs
           perform both checks:
           * That all /etc/passwd entries having shell defined have UIDs outside
           the range for reserved system accounts <0, SYS_UID_MIN> range,
           * That all /etc/passwd entries having shell defined have UIDs outside
           the range for dynamically allocated system accounts <SYS_UID_MIN, SYS_UID_MAX>
           If at least one UID with shell defined exists within some of the two
           ranges, the requirement isn't met -->
        <criteria operator="AND">
          <criterion comment="Test SYS_UID_MIN defined in /etc/login.defs" test_ref="oval:ssg-test_sys_uid_min_not_defined:tst:1" negate="true"/>
          <criterion comment="Test SYS_UID_MAX defined in /etc/login.defs" test_ref="oval:ssg-test_sys_uid_max_not_defined:tst:1" negate="true"/>
          <criterion comment="Test shell defined for reserved system UIDs" test_ref="oval:ssg-test_shell_defined_reserved_uid_range:tst:1"/>
          <criterion comment="Test shell defined for dynamically allocated system UIDs" test_ref="oval:ssg-test_shell_defined_dynalloc_uid_range:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_aide_installed:def:1" version="1">
      <metadata>
        <title>Package aide Installed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package aide should be installed.</description>
      <reference ref_id="package_aide_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package aide is installed" test_ref="oval:ssg-test_package_aide_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_audit_installed:def:1" version="1">
      <metadata>
        <title>Package audit Installed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package audit should be installed.</description>
      <reference ref_id="package_audit_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package audit is installed" test_ref="oval:ssg-test_package_audit_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_bind_removed:def:1" version="1">
      <metadata>
        <title>Package bind Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package bind should be removed.</description>
      <reference ref_id="package_bind_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package bind is removed" test_ref="oval:ssg-test_package_bind_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_dhcp_removed:def:1" version="1">
      <metadata>
        <title>Package dhcp Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package dhcp should be removed.</description>
      <reference ref_id="package_dhcp_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package dhcp is removed" test_ref="oval:ssg-test_package_dhcp_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_dovecot_removed:def:1" version="1">
      <metadata>
        <title>Package dovecot Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package dovecot should be removed.</description>
      <reference ref_id="package_dovecot_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package dovecot is removed" test_ref="oval:ssg-test_package_dovecot_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_httpd_removed:def:1" version="1">
      <metadata>
        <title>Package httpd Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package httpd should be removed.</description>
      <reference ref_id="package_httpd_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package httpd is removed" test_ref="oval:ssg-test_package_httpd_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_mcstrans_removed:def:1" version="1">
      <metadata>
        <title>Package mcstrans Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package mcstrans should be removed.</description>
      <reference ref_id="package_mcstrans_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package mcstrans is removed" test_ref="oval:ssg-test_package_mcstrans_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_net-snmp_removed:def:1" version="1">
      <metadata>
        <title>Package net-snmp Removed</title>
        <affected family="unix">
        </affected>
        <description>The RPM package net-snmp should be removed.</description>
      <reference ref_id="package_net-snmp_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package net-snmp is removed" test_ref="oval:ssg-test_package_net-snmp_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_ntp_installed:def:1" version="1">
      <metadata>
        <title>Package ntp Installed</title>
        <affected family="unix">
          <platform>CentOS 4</platform>
          <platform>CentOS 5</platform>
          <platform>Red Hat Enterprise Linux 4</platform>
          <platform>Red Hat Enterprise Linux 5</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package ntp should be installed.</description>
      <reference ref_id="package_ntp_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package ntp is installed" test_ref="oval:ssg-test_package_ntp_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_openldap-servers_removed:def:1" version="1">
      <metadata>
        <title>Package openldap-servers Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package openldap-servers should be removed.</description>
      <reference ref_id="package_openldap-servers_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package openldap-servers is removed" test_ref="oval:ssg-test_package_openldap-servers_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_prelink_removed:def:1" version="1">
      <metadata>
        <title>Package prelink Removed</title>
        <affected family="unix">
        </affected>
        <description>The RPM package prelink should be removed.</description>
      <reference ref_id="package_prelink_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package prelink is removed" test_ref="oval:ssg-test_package_prelink_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_rsh_removed:def:1" version="1">
      <metadata>
        <title>Package rsh Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package rsh should be removed.</description>
      <reference ref_id="package_rsh_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package rsh is removed" test_ref="oval:ssg-test_package_rsh_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_rsyslog_installed:def:1" version="1">
      <metadata>
        <title>Package rsyslog Installed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package rsyslog should be installed.</description>
      <reference ref_id="package_rsyslog_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package rsyslog is installed" test_ref="oval:ssg-test_package_rsyslog_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_samba-common_installed:def:1" version="1">
      <metadata>
        <title>Package samba-common Installed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package samba-common should be installed.</description>
      <reference ref_id="package_samba-common_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package samba-common is installed" test_ref="oval:ssg-test_package_samba-common_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_screen_installed:def:1" version="1">
      <metadata>
        <title>Package screen Installed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package screen should be installed.</description>
      <reference ref_id="package_screen_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package screen is installed" test_ref="oval:ssg-test_package_screen_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_sendmail_removed:def:1" version="1">
      <metadata>
        <title>Package sendmail Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package sendmail should be removed.</description>
      <reference ref_id="package_sendmail_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package sendmail is removed" test_ref="oval:ssg-test_package_sendmail_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_setroubleshoot_removed:def:1" version="1">
      <metadata>
        <title>Package setroubleshoot Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package setroubleshoot should be removed.</description>
      <reference ref_id="package_setroubleshoot_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package setroubleshoot is removed" test_ref="oval:ssg-test_package_setroubleshoot_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_squid_removed:def:1" version="1">
      <metadata>
        <title>Package squid Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package squid should be removed.</description>
      <reference ref_id="package_squid_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package squid is removed" test_ref="oval:ssg-test_package_squid_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_talk-server_removed:def:1" version="2">
      <metadata>
        <title>Package talk-server Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package talk-server should be removed.</description>
      <reference ref_id="package_talk-server_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package talk-server is removed" test_ref="oval:ssg-test_package_talk-server_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_talk_removed:def:1" version="2">
      <metadata>
        <title>Package talk Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package talk should be removed.</description>
      <reference ref_id="package_talk_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package talk is removed" test_ref="oval:ssg-test_package_talk_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_telnet_removed:def:1" version="1">
      <metadata>
        <title>Package telnet Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package telnet should be removed.</description>
      <reference ref_id="package_telnet_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package telnet is removed" test_ref="oval:ssg-test_package_telnet_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_tftp_removed:def:1" version="1">
      <metadata>
        <title>Package tftp Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package tftp should be removed.</description>
      <reference ref_id="package_tftp_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package tftp is removed" test_ref="oval:ssg-test_package_tftp_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_vsftpd_installed:def:1" version="1">
      <metadata>
        <title>Package vsftpd Installed</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package vsftpd should be installed.</description>
      <reference ref_id="package_vsftpd_installed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package vsftpd is installed" test_ref="oval:ssg-test_package_vsftpd_installed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_xorg-x11-server-common_removed:def:1" version="2">
      <metadata>
        <title>Package xorg-x11-server-common Removed</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package xorg-x11-server-common should be removed.</description>
      <reference ref_id="package_xorg-x11-server-common_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package xorg-x11-server-common is removed" test_ref="oval:ssg-test_package_xorg-x11-server-common_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-package_ypserv_removed:def:1" version="1">
      <metadata>
        <title>Package ypserv Removed</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The RPM package ypserv should be removed.</description>
      <reference ref_id="package_ypserv_removed" source="ssg"/></metadata>
      <criteria>
        <criterion comment="package ypserv is removed" test_ref="oval:ssg-test_package_ypserv_removed:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-partition_for_var_log:def:1" version="1">
      <metadata>
        <title>Ensure /var/log Located On Separate Partition</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>System logs are stored in the /var/log directory. Ensure
      that it has its own partition or logical volume.</description>
      <reference ref_id="partition_for_var_log" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_var_log_partition:tst:1" comment="/var/log on own partition"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-postfix_server_banner:def:1" version="1">
      <metadata>
        <title>Configure Postfix Against Unnecessary Release of Information</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Protect against unnecessary release of information.</description>
      <reference ref_id="postfix_server_banner" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="Limit release of information" test_ref="oval:ssg-test_postfix_server_banner:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-removable_partition_doesnt_exist:def:1" version="1">
      <metadata>
        <title>Device Files for Removable Media Partitions Does Not Exist on the System</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Verify if device file representing removable partitions
      exist on the system</description>
      <reference ref_id="removable_partition_doesnt_exist" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_removable_partition_doesnt_exist:tst:1" comment="Check if removable partition really exists on the system"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-require_smb_client_signing:def:1" version="1">
      <metadata>
        <title>Require Client SMB Packet Signing in smb.conf</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Require samba clients which use smb.conf, such as smbclient,
      to use packet signing. A Samba client should only communicate with
      servers who can support SMB packet signing.</description>
      <reference ref_id="require_smb_client_signing" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="package samba-common is not installed" definition_ref="oval:ssg-package_samba-common_removed:def:1"/>
        <criteria operator="AND">
          <extend_definition comment="samba-common installed" definition_ref="oval:ssg-package_samba-common_installed:def:1"/>
          <criterion comment="check for client signing = mandatory in /etc/samba/smb.conf" test_ref="oval:ssg-test_require_smb_client_signing:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-restrict_serial_port_logins:def:1" version="1">
      <metadata>
        <title>Restrict Serial Port Root Logins</title>
        <affected family="unix">
        </affected>
        <description>Preventing direct root login to serial port interfaces helps
      ensure accountability for actions taken on the system using the root
      account.</description>
      <reference ref_id="restrict_serial_port_logins" source="ssg"/></metadata>
      <criteria>
        <criterion comment="serial ports /etc/securetty" test_ref="oval:ssg-test_serial_ports_etc_securetty:tst:1" negate="true"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-root_path_no_dot:def:1" version="2">
      <metadata>
        <title>Ensure that No Dangerous Directories Exist in Root's Path</title>
        <affected family="unix">
          <platform>Wind River Linux 8</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The environment variable PATH should be set correctly for
      the root user.</description>
      <reference ref_id="root_path_no_dot" source="ssg"/></metadata>
      <criteria comment="environment variable PATH contains dangerous path" operator="AND">
        <criterion comment="environment variable PATH starts with : or ." test_ref="oval:ssg-test_env_var_begins:tst:1"/>
        <criterion comment="environment variable PATH contains : twice in a row" test_ref="oval:ssg-test_env_var_contains_doublecolon:tst:1"/>
        <criterion comment="environment variable PATH contains . twice in a row" test_ref="oval:ssg-test_env_var_contains_doubleperiod:tst:1"/>
        <criterion comment="environment variable PATH ends with : or ." test_ref="oval:ssg-test_env_var_ends:tst:1"/>
        <criterion comment="environment variable PATH doesn't begin with a /" test_ref="oval:ssg-test_env_var_begins_slash:tst:1"/>
        <criterion comment="environment variable PATH doesn't contain relative paths" test_ref="oval:ssg-test_env_var_contains_relative_path:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-rpm_verify_permissions:def:1" version="3">
      <metadata>
        <title>Verify File Ownership And Permissions Using RPM</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Verify the integrity of installed packages
      by comparing the installed files with information about the
      files taken from the package metadata stored in the RPM
      database.</description>
      <reference ref_id="rpm_verify_permissions" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_verify_all_rpms_user_ownership:tst:1" comment="user ownership of all files matches local rpm database"/>
        <criterion test_ref="oval:ssg-test_verify_all_rpms_group_ownership:tst:1" comment="group ownership of all files matches local rpm database"/>
        <criterion test_ref="oval:ssg-test_verify_all_rpms_mode:tst:1" comment="mode of all files matches local rpm database"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-rsyslog_nolisten:def:1" version="2">
      <metadata>
        <title>Disable Rsyslogd from Accepting Remote Messages on Loghosts
      Only</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>rsyslogd should reject remote messages</description>
      <reference ref_id="rsyslog_nolisten" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Conditions are satisfied" test_ref="oval:ssg-test_rsyslog_nolisten:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-rsyslog_remote_loghost:def:1" version="1">
      <metadata>
        <title>Send Logs to a Remote Loghost</title>
        <affected family="unix">
          <platform>Ubuntu 1604</platform>
          <platform>Debian 8</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Syslog logs should be sent to a remote loghost</description>
      <reference ref_id="rsyslog_remote_loghost" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="Remote logging set within /etc/rsyslog.conf" test_ref="oval:ssg-test_remote_rsyslog_conf:tst:1"/>
        <criterion comment="Remote logging set within /etc/rsyslog.d" test_ref="oval:ssg-test_remote_rsyslog_d:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-selinux_policytype:def:1" version="1">
      <metadata>
        <title>Enable SELinux</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The SELinux policy should be set appropriately.</description>
      <reference ref_id="selinux_policytype" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_selinux_policy:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-selinux_state:def:1" version="1">
      <metadata>
        <title>SELinux Enforcing</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The SELinux state should be enforcing the local policy.</description>
      <reference ref_id="selinux_state" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="enforce is disabled" test_ref="oval:ssg-test_etc_selinux_config:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-set_password_hashing_algorithm_libuserconf:def:1" version="1">
      <metadata>
        <title>Set SHA512 Password Hashing Algorithm in /etc/libuser.conf</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The password hashing algorithm should be set correctly in /etc/libuser.conf.</description>
      <reference ref_id="set_password_hashing_algorithm_libuserconf" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_etc_libuser_conf_cryptstyle:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-set_password_hashing_algorithm_logindefs:def:1" version="2">
      <metadata>
        <title>Set SHA512 Password Hashing Algorithm in /etc/login.defs</title>
        <affected family="unix">
          <platform>Fedora 23</platform>
          <platform>Fedora 24</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The password hashing algorithm should be set correctly in /etc/login.defs.</description>
      <reference ref_id="set_password_hashing_algorithm_logindefs" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_etc_login_defs_encrypt_method:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_allow_only_protocol2:def:1" version="1">
      <metadata>
        <title>Ensure Only Protocol 2 Connections Allowed</title>
        <affected family="unix">
          <platform>Ubuntu 1604</platform>
          <platform>Debian 8</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The OpenSSH daemon should be running protocol 2.</description>
      <reference ref_id="sshd_allow_only_protocol2" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <extend_definition comment="rpm package openssh-server removed" definition_ref="oval:ssg-package_openssh-server_removed:def:1"/>
        <criterion comment="Check Protocol in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_allow_only_protocol2:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_disable_empty_passwords:def:1" version="1">
      <metadata>
        <title>Disable Empty Passwords</title>
        <affected family="unix">
        </affected>
        <description>Remote connections from accounts with empty passwords should
      be disabled (and dependencies are met)</description>
      <reference ref_id="sshd_disable_empty_passwords" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check PermitEmptyPasswords in /etc/ssh/sshd_config" negate="true" test_ref="oval:ssg-test_sshd_permitemptypasswords_no:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_disable_rhosts:def:1" version="1">
      <metadata>
        <title>Disable .rhosts Files</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Emulation of the rsh command through the ssh server should
      be disabled (and dependencies are met)</description>
      <reference ref_id="sshd_disable_rhosts" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check IgnoreRhosts in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_rsh_emulation_disabled:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_disable_rhosts_rsa:def:1" version="1">
      <metadata>
        <title>Disable SSH Support for Rhosts RSA Authentication</title>
        <affected family="unix">
        </affected>
        <description>SSH can allow authentication through the obsolete rsh command
      through the use of the authenticating user's SSH keys. This should be disabled.</description>
      <reference ref_id="sshd_disable_rhosts_rsa" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check RhostsRSAAuthentication in /etc/ssh/sshd_config" negate="true" test_ref="oval:ssg-test_sshd_disable_rhosts_rsa:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_disable_user_known_hosts:def:1" version="1">
      <metadata>
        <title>Disable SSH Support for User Known Hosts</title>
        <affected family="unix">
        </affected>
        <description>SSH can allow system users host-based authentication
to connect to systems if a cache of the remote systems public keys are available.
This should be disabled.</description>
      <reference ref_id="sshd_disable_user_known_hosts" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check IgnoreUserKnownHosts in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_disable_user_known_hosts:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_do_not_permit_user_env:def:1" version="1">
      <metadata>
        <title>Do Not Allow Users to Set Environment Options</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>PermitUserEnvironment should be disabled</description>
      <reference ref_id="sshd_do_not_permit_user_env" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check PermitUserEnvironment in /etc/ssh/sshd_config" negate="true" test_ref="oval:ssg-test_sshd_no_user_envset:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_set_idle_timeout:def:1" version="1">
      <metadata>
        <title>Set OpenSSH Idle Timeout Interval</title>
        <affected family="unix">
        </affected>
        <description>The SSH idle timeout interval should be set to an
      appropriate value.</description>
      <reference ref_id="sshd_set_idle_timeout" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check ClientAliveInterval in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_idle_timeout:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sshd_set_keepalive:def:1" version="1">
      <metadata>
        <title>Set ClientAliveCountMax for User Logins</title>
        <affected family="unix">
        </affected>
        <description>The SSH ClientAliveCountMax should be set to an appropriate
      value (and dependencies are met)</description>
      <reference ref_id="sshd_set_keepalive" source="ssg"/></metadata>
      <criteria comment="SSH is not being used or conditions are met" operator="OR">
        <extend_definition comment="sshd service is disabled" definition_ref="oval:ssg-service_sshd_disabled:def:1"/>
        <criterion comment="Check ClientAliveCountMax in /etc/ssh/sshd_config" test_ref="oval:ssg-test_sshd_clientalivecountmax:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_kernel_dmesg_restrict:def:1" version="3">
      <metadata>
        <title>Kernel "kernel.dmesg_restrict" Parameter Configuration and Runtime Check</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The "kernel.dmesg_restrict" kernel parameter should be set to "1" in both system configuration and system runtime.</description>
      <reference ref_id="sysctl_kernel_dmesg_restrict" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="kernel.dmesg_restrict configuration setting check" definition_ref="oval:ssg-sysctl_static_kernel_dmesg_restrict:def:1"/>
        <extend_definition comment="kernel.dmesg_restrict runtime setting check" definition_ref="oval:ssg-sysctl_runtime_kernel_dmesg_restrict:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_runtime_kernel_dmesg_restrict:def:1" version="3">
      <metadata>
        <title>Kernel "kernel.dmesg_restrict" Parameter Runtime Check</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The kernel "kernel.dmesg_restrict" parameter should be set to "1" in system runtime.</description>
      <reference ref_id="sysctl_runtime_kernel_dmesg_restrict" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion comment="kernel runtime parameter kernel.dmesg_restrict set to 1" test_ref="oval:ssg-test_runtime_kernel_dmesg_restrict:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-sysctl_static_kernel_dmesg_restrict:def:1" version="3">
      <metadata>
        <title>Kernel "kernel.dmesg_restrict" Parameter Configuration Check</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The kernel "kernel.dmesg_restrict" parameter should be set to "1" in the system configuration.</description>
      <reference ref_id="sysctl_static_kernel_dmesg_restrict" source="ssg"/></metadata>
      <criteria operator="OR">
        <!-- RHEL-6 sysctl behavior observations:
           * sysctl honours last occurrence of particular directive,
           * apply_sysctl() routine called by /etc/rc.d/rc.sysinit script from initscripts RPM package
             applies sysctl settings in the following order:
             * first sysctl settings from /etc/sysctl.conf are applied,
             * then /etc/sysctl.d/* files are first sorted in lexicographic order, and
             * subsequently sysctl settings from them are applied to form the final configuration

           See https://git.fedorahosted.org/cgit/initscripts.git/tree/rc.d/init.d/functions?h=rhel6-branch#n646
           for further details.

           Since so far there isn't a way how to perform a lexicographic sort in OVAL, this OVAL check
           will behave as follows:
           * perform the verification in reversed order (check /etc/sysctl.d/* first, then /etc/sysctl.conf)
           * if there's just one /etc/sysctl.d/* file containing the kernel.dmesg_restrict directive, return PASS
             if the requirements are met, FAIL otherwise,
           * if there are two or more /etc/sysctl.d/* files containing the kernel.dmesg_restrict directive, return FAIL
             (since in this case we aren't able with absolute certainty to tell which /etc/sysctl.d/* file
             would be applied as the last one)
           * if there's no /etc/sysctl.d/* file containing the kernel.dmesg_restrict directive, and /etc/sysctl.conf
             contains the kernel.dmesg_restrict directive, return PASS if the requirements are met, FAIL otherwise. -->
        <criterion comment="Kernel static parameter kernel.dmesg_restrict set to 1 in /etc/sysctl.d/*" test_ref="oval:ssg-test_static_sysctld_kernel_dmesg_restrict:tst:1"/>
        <criteria operator="AND">
          <criterion comment="Kernel static paramater kernel.dmesg_restrict set to 1 in /etc/sysctl.conf" test_ref="oval:ssg-test_static_etc_sysctl_kernel_dmesg_restrict:tst:1"/>
          <criterion comment="Kernel static parameter kernel.dmesg_restrict not present in some /etc/sysctl.d/* file" test_ref="oval:ssg-test_static_sysctld_kernel_dmesg_restrict_not_used:tst:1"/>
        </criteria>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-system_info_architecture_64bit:def:1" version="1">
      <!-- Note that this does not meet requirements for class=inventory as
         that only tests for patches per 5.10.1 Revision 1 -->
      <metadata>
        <title>Test for 64-bit Architecture</title>
        <affected family="unix">
        </affected>
        <description>Generic test for 64-bit architectures to be used by other tests</description>
      <reference ref_id="system_info_architecture_64bit" source="ssg"/></metadata>
      <criteria operator="OR">
        <extend_definition comment="Generic test for x86_64 architecture" definition_ref="oval:ssg-system_info_architecture_x86_64:def:1"/>
        <extend_definition comment="Generic test for ppc64 architecture" definition_ref="oval:ssg-system_info_architecture_ppc_64:def:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-system_info_architecture_ppc_64:def:1" version="1">
      <!-- Note that this does not meet requirements for class=inventory as
         that only tests for patches per 5.10.1 Revision 1 -->
      <metadata>
        <title>Test for PPC and PPCLE Architecture</title>
        <affected family="unix">
        </affected>
        <description>Generic test for PPC PPC64LE architecture to be used by other tests</description>
      <reference ref_id="system_info_architecture_ppc_64" source="ssg"/></metadata>
      <criteria operator="OR">
        <criterion comment="Generic test for ppc64 architecture" test_ref="oval:ssg-test_system_info_architecture_ppc_64:tst:1"/>
        <criterion comment="Generic test for ppcle64 architecture" test_ref="oval:ssg-test_system_info_architecture_ppcle_64:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-umask_for_daemons:def:1" version="2">
      <metadata>
        <title>Set Daemon umask</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The daemon umask should be set as appropriate</description>
      <reference ref_id="umask_for_daemons" source="ssg"/></metadata>
      <criteria operator="AND">
        <extend_definition comment="Get value of var_accounts_user_umask variable as octal number" definition_ref="oval:ssg-var_umask_for_daemons_as_number:def:1"/>
        <criterion test_ref="oval:ssg-tst_umask_for_daemons:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-userowner_shadow_file:def:1" version="1">
      <metadata>
        <title>Verify user who owns 'shadow' file</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>The /etc/shadow file should be owned by the
      appropriate user.</description>
      <reference ref_id="userowner_shadow_file" source="ssg"/></metadata>
      <criteria>
        <criterion comment="Check file ownership of /etc/shadow" test_ref="oval:ssg-test_userowner_shadow_file:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-var_accounts_user_umask_as_number:def:1" version="1">
      <metadata>
        <title>Value of 'var_accounts_user_umask' variable represented as octal number</title>
        <affected family="unix">
          <platform>Wind River Linux 8</platform>
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Value of 'var_accounts_user_umask' variable represented as octal number</description>
      <reference ref_id="var_accounts_user_umask_as_number" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_existence_of_var_accounts_user_umask_as_number_variable:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1" version="1">
      <metadata>
        <title>Value of 'var_removable_partition' variable is set to '/dev/cdrom'</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Verify if value of 'var_removable_partition' variable is set
      to '/dev/cdrom'</description>
      <reference ref_id="var_removable_partition_is_cd_dvd_drive" source="ssg"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg-test_var_removable_partition_is_cd_dvd_drive:tst:1" comment="Check if removable partition value represents CD/DVD drive"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-var_umask_for_daemons_as_number:def:1" version="1">
      <metadata>
        <title>Value of 'var_umask_for_daemons' variable represented as octal number</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>Value of 'var_umask_for_daemons' variable represented as octal number</description>
      <reference ref_id="var_umask_for_daemons_as_number" source="ssg"/></metadata>
      <criteria operator="AND">
        <criterion test_ref="oval:ssg-test_existence_of_var_umask_for_daemons_as_number_variable:tst:1"/>
      </criteria>
    </definition>
    <definition class="compliance" id="oval:ssg-wireless_disable_interfaces:def:1" version="1">
      <metadata>
        <title>Deactivate Wireless Interfaces</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 7</platform>
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>All wireless interfaces should be disabled.</description>
      <reference ref_id="wireless_disable_interfaces" source="ssg"/></metadata>
      <criteria>
        <criterion comment="query /proc/net/wireless" test_ref="oval:ssg-test_wireless_disable_interfaces:tst:1"/>
      </criteria>
    </definition>
  </definitions>
  <tests>
    <ind:textfilecontent54_test check="all" comment="Tests the presence of pam_cracklib in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_cracklib_present:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_cracklib_present:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="the value INACTIVE parameter should be set appropriately in /etc/default/useradd" id="oval:ssg-test_etc_default_useradd_inactive:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_default_useradd_inactive:obj:1"/>
      <ind:state state_ref="oval:ssg-state_etc_default_useradd_inactive:ste:1"/>
      <ind:state state_ref="oval:ssg-state_etc_default_useradd_inactive_nonnegative:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable PATH starts with : or ." id="oval:ssg-test_env_var_path_begins:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_path_begins_colon_period:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable PATH doesn't contain : twice in a row" id="oval:ssg-test_env_var_path_contains_doublecolon:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_path_contains_double_colon:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable PATH doesn't contain . twice in a row" id="oval:ssg-test_env_var_path_contains_doubleperiod:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_path_contains_double_period:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable PATH ends with : or ." id="oval:ssg-test_env_var_path_ends:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_path_ends_colon_period:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable PATH starts with an absolute path /" id="oval:ssg-test_env_var_path_begins_slash:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_path_begins_slash:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable PATH contains relative paths" id="oval:ssg-test_env_var_path_contains_relative_path:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_path_contains_relative_path:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:textfilecontent54_test check="all" comment="Tests the value of FAIL_DELAY in /etc/login.defs" id="oval:ssg-test_accounts_fail_delay_logindefs:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_fail_delay_logindefs:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_fail_delay_logindefs:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="Tests the value of pam_faildelay in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_fail_delay_systemauth:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_fail_delay_systemauth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_fail_delay_systemauth:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="Tests the value of pam_faildelay in /etc/pam.d/system-auth-ac" id="oval:ssg-test_accounts_fail_delay_systemauthac:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_fail_delay_systemauthac:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_fail_delay_systemauthac:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="pam_faildelay.so is not included in /lib/security/*" id="oval:ssg-test_pam_faildelay_not_included:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_pam_faildelay_not_included:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="system-auth-ac is not included in /etc/pam.d/*" id="oval:ssg-test_accounts_global_setting_not_included:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_systemauthac_not_included:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="Tests the presence of auth inclusion in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_global_setting_auth:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_global_setting_auth:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="Tests the presence of account inclusion in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_global_setting_account:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_global_setting_account:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="Tests the presence of password inclusion in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_global_setting_password:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_global_setting_password:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="Tests the presence of session inclusion in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_global_setting_session:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_global_setting_session:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable LD_LIBRARY_PATH starts with : or ." id="oval:ssg-test_env_var_ld_library_path_begins:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_ld_library_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_ld_library_path_begins_colon_period:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable LD_LIBRARY_PATH doesn't contain : twice in a row" id="oval:ssg-test_env_var_ld_library_path_contains_doublecolon:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_ld_library_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_ld_library_path_contains_double_colon:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable LD_LIBRARY_PATH doesn't contain . twice in a row" id="oval:ssg-test_env_var_ld_library_path_contains_doubleperiod:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_ld_library_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_ld_library_path_contains_double_period:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable LD_LIBRARY_PATH ends with : or ." id="oval:ssg-test_env_var_ld_library_path_ends:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_ld_library_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_ld_library_path_ends_colon_period:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable LD_LIBRARY_PATH starts with an absolute path /" id="oval:ssg-test_env_var_ld_library_path_begins_slash:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_ld_library_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_ld_library_path_begins_slash:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" check_existence="any_exist" comment="environment variable LD_LIBRARY_PATH contains relative paths" id="oval:ssg-test_env_var_ld_library_path_contains_relative_path:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_env_var_ld_library_path:obj:1"/>
      <ind:state state_ref="oval:ssg-state_ld_library_path_contains_relative_path:ste:1"/>
    </ind:environmentvariable58_test>
    <unix:file_test check="all" check_existence="all_exist" comment="make sure /var/log/btmp exists" id="oval:ssg-test_accounts_logins_logged_btmp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_accounts_logins_logged_btmp:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="make sure /var/log/wtmp exists" id="oval:ssg-test_accounts_logins_logged_wtmp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_accounts_logins_logged_wtmp:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" comment="the value maxlogins should be set appropriately in /etc/security/limits.conf" id="oval:ssg-test_maxlogins:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_security_limits_conf_maxlogins:obj:1"/>
      <ind:state state_ref="oval:ssg-state_maxlogins:ste:1"/>
    </ind:textfilecontent54_test>
    <unix:shadow_test check="all" check_existence="all_exist" comment="Testing permissions" id="oval:ssg-test_accounts_maximum_age_login_defs_users:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_accounts_maximum_age_login_defs_users:obj:1"/>
      <unix:state state_ref="oval:ssg-state_accounts_maximum_age_login_defs_users:ste:1"/>
    </unix:shadow_test>
    <ind:textfilecontent54_test check="all" comment="Tests the value of PASS_MAX_DAYS in /etc/login.defs" id="oval:ssg-test_accounts_maximum_age_login_defs:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_maximum_age_login_defs:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_maximum_age_login_defs:ste:1"/>
    </ind:textfilecontent54_test>
    <unix:shadow_test check="all" check_existence="all_exist" comment="Testing permissions" id="oval:ssg-test_accounts_minimum_age_login_defs_users:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_accounts_minimum_age_login_defs_users:obj:1"/>
      <unix:state state_ref="oval:ssg-state_accounts_minimum_age_login_defs_users:ste:1"/>
    </unix:shadow_test>
    <ind:textfilecontent54_test check="all" comment="Tests the value of PASS_MIN_DAYS in /etc/login.defs" id="oval:ssg-test_accounts_minimum_age_login_defs:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_minimum_age_login_defs:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_minimum_age_login_defs:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="tests for reg exp ^[^r][^o][^o][^t].*:0 in /etc/passwd file" id="oval:ssg-test_accounts_no_uid_except_root:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_no_uid_except_root:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="no password hashes in /etc/passwd." id="oval:ssg-test_accounts_password_all_shadowed:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_accounts_password_all_shadowed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="oval:ssg-test_password_pam_cracklib_dcredit:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_password_pam_cracklib_dcredit:obj:1"/>
      <ind:state state_ref="oval:ssg-state_password_pam_cracklib_dcredit:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="oval:ssg-test_accounts_password_pam_cracklib_difok:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_password_pam_cracklib_difok:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_password_pam_cracklib_difok:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="oval:ssg-test_password_pam_cracklib_lcredit:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_password_pam_cracklib_lcredit:obj:1"/>
      <ind:state state_ref="oval:ssg-state_password_pam_cracklib_lcredit:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="oval:ssg-test_accounts_password_pam_cracklib_maxrepeat:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_password_pam_cracklib_maxrepeat:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_password_pam_cracklib_maxrepeat:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="oval:ssg-test_accounts_password_pam_cracklib_minlen:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_password_pam_cracklib_minlen:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_password_pam_cracklib_minlen:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="oval:ssg-test_password_pam_cracklib_ocredit:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_password_pam_cracklib_ocredit:obj:1"/>
      <ind:state state_ref="oval:ssg-state_password_pam_cracklib_ocredit:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="oval:ssg-test_password_pam_cracklib_ucredit:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_password_pam_cracklib_ucredit:obj:1"/>
      <ind:state state_ref="oval:ssg-state_password_pam_cracklib_ucredit:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check maximum failed login attempts allowed in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_password_pam_tally2_deny_system-auth:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_password_pam_tally2_deny_system-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_password_pam_tally2_deny_system-auth:ste:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/etc/security/opasswd exists" id="oval:ssg-test_etc_security_opasswd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_etc_security_opasswd:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="remember is set in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_password_pam_unix_remember:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_password_pam_unix_remember:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_password_pam_unix_remember:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="system-auth-ac is not included in /etc/pam.d/*" id="oval:ssg-test_systemauthac_not_included:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_systemauthac_not_included:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="remember is set in /etc/pam.d/system-auth-ac" id="oval:ssg-test_accounts_password_pam_unix_remember_systemauthac:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_password_pam_unix_remember_systemauthac:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_password_pam_unix_remember_systemauthac:ste:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing directories in root's PATH permissions" id="oval:ssg-test_accounts_root_path_dirs_no_write:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_accounts_root_path_dirs_no_write:obj:1"/>
      <unix:state state_ref="oval:ssg-state_accounts_root_path_dirs_no_write:ste:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="none satisfy" check_existence="any_exist" comment="Tests that no files with a umask statement include an invalid umask setting" id="oval:ssg-test_accounts_invalid_umask_system:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_accounts_invalid_umask_system:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_invalid_umask_system:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="none satisfy" check_existence="any_exist" comment="Tests that no files with a umask statement include an invalid umask setting" id="oval:ssg-test_accounts_invalid_umask_user_home:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_accounts_invalid_umask_user_home:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_invalid_umask_user_home:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="none satisfy" check_existence="any_exist" comment="Tests that no files with a umask statement include an invalid umask setting" id="oval:ssg-test_accounts_invalid_umask_user_root:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_accounts_invalid_umask_user_root:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_invalid_umask_user_root:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="at least one" check_existence="all_exist" comment="Tests that at least one file includes a umask statement with the required umask setting" id="oval:ssg-test_accounts_valid_umask_system:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_accounts_valid_umask_system:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_valid_umask_system:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="at least one" check_existence="all_exist" comment="Tests that at least one file includes a umask statement with the required umask setting" id="oval:ssg-test_accounts_valid_umask_user_home:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_accounts_valid_umask_user_home:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_valid_umask_user_home:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="at least one" check_existence="all_exist" comment="Tests that at least one file includes a umask statement with the required umask setting" id="oval:ssg-test_accounts_valid_umask_user_root:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_accounts_valid_umask_user_root:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_valid_umask_user_root:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="any_exist" comment="Testing account name uniqueness" id="oval:ssg-test_accounts_unique_name:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_unique_name:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_unique_name:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing account name uniqueness" id="oval:ssg-test_accounts_unique_id:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_unique_id:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_unique_id:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if aide is executed" id="oval:ssg-test_aide_periodic_cron_checking_etc_crontab:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_aide_periodic_cron_checking_etc_crontab:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if aide is executed" id="oval:ssg-test_aide_periodic_cron_checking_etc_cron_d:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_aide_periodic_cron_checking_etc_cron_d:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if aide is executed" id="oval:ssg-test_aide_periodic_cron_checking_etc_cron_hourly:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_aide_periodic_cron_checking_etc_cron_hourly:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if aide is executed" id="oval:ssg-test_aide_periodic_cron_checking_etc_cron_daily:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_aide_periodic_cron_checking_etc_cron_daily:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if aide is executed" id="oval:ssg-test_aide_periodic_cron_checking_etc_cron_weekly:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_aide_periodic_cron_checking_etc_cron_weekly:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing /etc/at.allow existence" id="oval:ssg-test_at_access_controlled_at_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_at_access_controlled_at_allow:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing /etc/at.deny existence" id="oval:ssg-test_at_access_controlled_at_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_at_access_controlled_at_deny:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing /etc/at.deny existence" id="oval:ssg-test_at_deny_nonempty_at_deny_not_exist:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_at_deny_nonempty_at_deny_not_exist:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing any entries in /etc/at.deny" id="oval:ssg-test_at_deny_nonempty_at_deny_empty:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_at_deny_nonempty_at_deny_empty:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing /etc/at.allow existence" id="oval:ssg-test_at_system_accounts_at_allow_exists:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_at_system_accounts_at_allow_exists:obj:1"/>
    </unix:file_test>
    <unix:password_test check="all" check_existence="none_exist" comment="Testing system accounts in /etc/at.allow" id="oval:ssg-test_at_system_accounts_at_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_at_system_accounts_at_allow:obj:1"/>
    </unix:password_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/audit/audit.rules" id="oval:ssg-test_audit_rules_audit_rules_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_audit_rules_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/audit/audit.rules" id="oval:ssg-test_audit_rules_audit_rules_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_audit_rules_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chmod" id="oval:ssg-test_audit_rules_dac_modification_chmod_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chmod_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chmod x32" id="oval:ssg-test_audit_rules_dac_modification_chmod_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chmod_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chmod x64" id="oval:ssg-test_audit_rules_dac_modification_chmod_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chmod_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chmod" id="oval:ssg-test_audit_rules_dac_modification_chmod_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chmod_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chmod x32" id="oval:ssg-test_audit_rules_dac_modification_chmod_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chmod_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chmod x64" id="oval:ssg-test_audit_rules_dac_modification_chmod_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chmod_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chown" id="oval:ssg-test_audit_rules_dac_modification_chown_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chown_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chown32" id="oval:ssg-test_audit_rules_dac_modification_chown32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chown32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chown x32" id="oval:ssg-test_audit_rules_dac_modification_chown_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chown_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chown x64" id="oval:ssg-test_audit_rules_dac_modification_chown32_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chown32_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chown" id="oval:ssg-test_audit_rules_dac_modification_chown_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chown_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chown32" id="oval:ssg-test_audit_rules_dac_modification_chown32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chown32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chown x32" id="oval:ssg-test_audit_rules_dac_modification_chown_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chown_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification chown x64" id="oval:ssg-test_audit_rules_dac_modification_chown32_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_chown32_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmod" id="oval:ssg-test_audit_rules_dac_modification_fchmod_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmod_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmod x32" id="oval:ssg-test_audit_rules_dac_modification_fchmod_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmod_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmod x64" id="oval:ssg-test_audit_rules_dac_modification_fchmod_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmod_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmod" id="oval:ssg-test_audit_rules_dac_modification_fchmod_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmod_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmod x32" id="oval:ssg-test_audit_rules_dac_modification_fchmod_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmod_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmod x64" id="oval:ssg-test_audit_rules_dac_modification_fchmod_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmod_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmodat" id="oval:ssg-test_audit_rules_dac_modification_fchmodat_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmodat_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmodat x32" id="oval:ssg-test_audit_rules_dac_modification_fchmodat_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmodat_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmodat x64" id="oval:ssg-test_audit_rules_dac_modification_fchmodat_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmodat_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmodat" id="oval:ssg-test_audit_rules_dac_modification_fchmodat_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmodat_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmodat x32" id="oval:ssg-test_audit_rules_dac_modification_fchmodat_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmodat_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchmodat x64" id="oval:ssg-test_audit_rules_dac_modification_fchmodat_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchmodat_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchown" id="oval:ssg-test_audit_rules_dac_modification_fchown_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchown_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchown32" id="oval:ssg-test_audit_rules_dac_modification_fchown32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchown32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchown x32" id="oval:ssg-test_audit_rules_dac_modification_fchown_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchown_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchown x64" id="oval:ssg-test_audit_rules_dac_modification_fchown32_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchown32_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchown" id="oval:ssg-test_audit_rules_dac_modification_fchown_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchown_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchown32" id="oval:ssg-test_audit_rules_dac_modification_fchown32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchown32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchown x32" id="oval:ssg-test_audit_rules_dac_modification_fchown_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchown_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchown x64" id="oval:ssg-test_audit_rules_dac_modification_fchown32_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchown32_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchownat" id="oval:ssg-test_audit_rules_dac_modification_fchownat_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchownat_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchownat x32" id="oval:ssg-test_audit_rules_dac_modification_fchownat_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchownat_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchownat x64" id="oval:ssg-test_audit_rules_dac_modification_fchownat_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchownat_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchownat" id="oval:ssg-test_audit_rules_dac_modification_fchownat_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchownat_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchownat x32" id="oval:ssg-test_audit_rules_dac_modification_fchownat_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchownat_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fchownat x64" id="oval:ssg-test_audit_rules_dac_modification_fchownat_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fchownat_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fremovexattr" id="oval:ssg-test_audit_rules_dac_modification_fremovexattr_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fremovexattr_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fremovexattr x32" id="oval:ssg-test_audit_rules_dac_modification_fremovexattr_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fremovexattr_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fremovexattr x64" id="oval:ssg-test_audit_rules_dac_modification_fremovexattr_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fremovexattr_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fremovexattr" id="oval:ssg-test_audit_rules_dac_modification_fremovexattr_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fremovexattr_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fremovexattr x32" id="oval:ssg-test_audit_rules_dac_modification_fremovexattr_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fremovexattr_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fremovexattr x64" id="oval:ssg-test_audit_rules_dac_modification_fremovexattr_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fremovexattr_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fsetxattr" id="oval:ssg-test_audit_rules_dac_modification_fsetxattr_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fsetxattr_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fsetxattr x32" id="oval:ssg-test_audit_rules_dac_modification_fsetxattr_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fsetxattr_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fsetxattr x64" id="oval:ssg-test_audit_rules_dac_modification_fsetxattr_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fsetxattr_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fsetxattr" id="oval:ssg-test_audit_rules_dac_modification_fsetxattr_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fsetxattr_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fsetxattr x32" id="oval:ssg-test_audit_rules_dac_modification_fsetxattr_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fsetxattr_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification fsetxattr x64" id="oval:ssg-test_audit_rules_dac_modification_fsetxattr_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_fsetxattr_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lchown" id="oval:ssg-test_audit_rules_dac_modification_lchown_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lchown_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lchown32" id="oval:ssg-test_audit_rules_dac_modification_lchown32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lchown32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lchown x32" id="oval:ssg-test_audit_rules_dac_modification_lchown_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lchown_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lchown x64" id="oval:ssg-test_audit_rules_dac_modification_lchown32_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lchown32_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lchown" id="oval:ssg-test_audit_rules_dac_modification_lchown_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lchown_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lchown32" id="oval:ssg-test_audit_rules_dac_modification_lchown32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lchown32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lchown x32" id="oval:ssg-test_audit_rules_dac_modification_lchown_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lchown_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lchown x64" id="oval:ssg-test_audit_rules_dac_modification_lchown32_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lchown32_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lremovexattr" id="oval:ssg-test_audit_rules_dac_modification_lremovexattr_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lremovexattr_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lremovexattr x32" id="oval:ssg-test_audit_rules_dac_modification_lremovexattr_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lremovexattr_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lremovexattr x64" id="oval:ssg-test_audit_rules_dac_modification_lremovexattr_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lremovexattr_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lremovexattr" id="oval:ssg-test_audit_rules_dac_modification_lremovexattr_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lremovexattr_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lremovexattr x32" id="oval:ssg-test_audit_rules_dac_modification_lremovexattr_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lremovexattr_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lremovexattr x64" id="oval:ssg-test_audit_rules_dac_modification_lremovexattr_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lremovexattr_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lsetxattr" id="oval:ssg-test_audit_rules_dac_modification_lsetxattr_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lsetxattr_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lsetxattr x32" id="oval:ssg-test_audit_rules_dac_modification_lsetxattr_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lsetxattr_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lsetxattr x64" id="oval:ssg-test_audit_rules_dac_modification_lsetxattr_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lsetxattr_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lsetxattr" id="oval:ssg-test_audit_rules_dac_modification_lsetxattr_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lsetxattr_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lsetxattr x32" id="oval:ssg-test_audit_rules_dac_modification_lsetxattr_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lsetxattr_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification lsetxattr x64" id="oval:ssg-test_audit_rules_dac_modification_lsetxattr_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_lsetxattr_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification removexattr" id="oval:ssg-test_audit_rules_dac_modification_removexattr_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_removexattr_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification removexattr x32" id="oval:ssg-test_audit_rules_dac_modification_removexattr_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_removexattr_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification removexattr x64" id="oval:ssg-test_audit_rules_dac_modification_removexattr_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_removexattr_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification removexattr" id="oval:ssg-test_audit_rules_dac_modification_removexattr_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_removexattr_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification removexattr x32" id="oval:ssg-test_audit_rules_dac_modification_removexattr_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_removexattr_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification removexattr x64" id="oval:ssg-test_audit_rules_dac_modification_removexattr_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_removexattr_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification setxattr" id="oval:ssg-test_audit_rules_dac_modification_setxattr_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_setxattr_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification setxattr x32" id="oval:ssg-test_audit_rules_dac_modification_setxattr_x32_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_setxattr_x32_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification setxattr x64" id="oval:ssg-test_audit_rules_dac_modification_setxattr_x64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_setxattr_x64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification setxattr" id="oval:ssg-test_audit_rules_dac_modification_setxattr_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_setxattr_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification setxattr x32" id="oval:ssg-test_audit_rules_dac_modification_setxattr_x32_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_setxattr_x32_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="dac modification setxattr x64" id="oval:ssg-test_audit_rules_dac_modification_setxattr_x64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_dac_modification_setxattr_x64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user delete - unlink" id="oval:ssg-test_audit_rules_file_deletion_events_unlink_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_file_deletion_events_unlink_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user delete - unlink" id="oval:ssg-test_audit_rules_file_deletion_events_unlink_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_file_deletion_events_unlink_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user delete - rmdir" id="oval:ssg-test_audit_rules_file_deletion_events_rmdir_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_file_deletion_events_rmdir_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user delete - rmdir" id="oval:ssg-test_audit_rules_file_deletion_events_rmdir_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_file_deletion_events_rmdir_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit insmod" id="oval:ssg-test_audit_rule_kernel_module_loading_insmod_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_insmod_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit rmmod" id="oval:ssg-test_audit_rule_kernel_module_loading_rmmod_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_rmmod_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit modprobe" id="oval:ssg-test_audit_rule_kernel_module_loading_modprobe_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_modprobe_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit init_module" id="oval:ssg-test_audit_rule_kernel_module_loading_init_module_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_init_module_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit delete_module" id="oval:ssg-test_audit_rule_kernel_module_loading_delete_module_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_delete_module_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit insmod" id="oval:ssg-test_audit_rule_kernel_module_loading_insmod_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_insmod_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit rmmod" id="oval:ssg-test_audit_rule_kernel_module_loading_rmmod_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_rmmod_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit modprobe" id="oval:ssg-test_audit_rule_kernel_module_loading_modprobe_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_modprobe_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit init_module" id="oval:ssg-test_audit_rule_kernel_module_loading_init_module_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_init_module_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit delete_module" id="oval:ssg-test_audit_rule_kernel_module_loading_delete_module_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rule_kernel_module_loading_delete_module_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /var/log/faillog" id="oval:ssg-test_audit_rules_login_events_var_log_faillog_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_login_events_var_log_faillog_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /var/log/lastlog" id="oval:ssg-test_audit_rules_login_events_var_log_lastlog_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_login_events_var_log_lastlog_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /var/log/faillog" id="oval:ssg-test_audit_rules_login_events_var_log_faillog_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_login_events_var_log_faillog_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /var/log/lastlog" id="oval:ssg-test_audit_rules_login_events_var_log_lastlog_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_login_events_var_log_lastlog_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the for presence of sched_setparam" id="oval:ssg-test_audit_rules_sched_setparam_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_sched_setparam_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the for presence of sched_setparam" id="oval:ssg-test_audit_rules_sched_setparam_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_sched_setparam_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the for presence of sched_setscheduler" id="oval:ssg-test_audit_rules_sched_setscheduler_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_sched_setscheduler_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the for presence of sched_setscheduler" id="oval:ssg-test_audit_rules_sched_setscheduler_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_sched_setscheduler_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the for presence of setdomainname" id="oval:ssg-test_audit_rules_setdomainname_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_setdomainname_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the for presence of setdomainname" id="oval:ssg-test_audit_rules_setdomainname_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_setdomainname_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the for presence of sethostname" id="oval:ssg-test_audit_rules_sethostname_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_sethostname_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the for presence of sethostname" id="oval:ssg-test_audit_rules_sethostname_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_sethostname_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 32bit -S adjtime and key" id="oval:ssg-test_audit_rules_time_adjtimex_x86_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_adjtimex_x86_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 64bit -S adjtime and key" id="oval:ssg-test_audit_rules_time_adjtimex_x86_64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_adjtimex_x86_64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 32bit -S adjtime and key" id="oval:ssg-test_audit_rules_time_adjtimex_x86_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_adjtimex_x86_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 64bit -S adjtime and key" id="oval:ssg-test_audit_rules_time_adjtimex_x86_64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_adjtimex_x86_64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 32bit -S clock_settime and key" id="oval:ssg-test_audit_rules_time_clock_settime_x86_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_clock_settime_x86_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 64bit -S clock_settime and key" id="oval:ssg-test_audit_rules_time_clock_settime_x86_64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_clock_settime_x86_64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 32bit -S clock_settime and key" id="oval:ssg-test_audit_rules_time_clock_settime_x86_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_clock_settime_x86_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 64bit -S clock_settime and key" id="oval:ssg-test_audit_rules_time_clock_settime_x86_64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_clock_settime_x86_64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 32bit -S settimeofday and key" id="oval:ssg-test_audit_rules_time_settimeofday_x86_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_settimeofday_x86_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 64bit -S settimeofday and key" id="oval:ssg-test_audit_rules_time_settimeofday_x86_64_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_settimeofday_x86_64_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 32bit -S settimeofday and key" id="oval:ssg-test_audit_rules_time_settimeofday_x86_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_settimeofday_x86_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 64bit -S settimeofday and key" id="oval:ssg-test_audit_rules_time_settimeofday_x86_64_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_settimeofday_x86_64_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 32bit -S stime and key" id="oval:ssg-test_audit_rules_time_stime_x86_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_stime_x86_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the for presence of 32bit -S stime and key" id="oval:ssg-test_audit_rules_time_stime_x86_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_audit_rules_time_stime_x86_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - creat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_creat_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_creat_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - creat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_creat_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_creat_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - creat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_creat_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_creat_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - creat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_creat_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_creat_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - creat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_creat_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_creat_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - creat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_creat_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_creat_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - ftruncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_ftruncate_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_ftruncate_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - ftruncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_ftruncate_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_ftruncate_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - ftruncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_ftruncate_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_ftruncate_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - ftruncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_ftruncate_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_ftruncate_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - ftruncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_ftruncate_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_ftruncate_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - ftruncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_ftruncate_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_ftruncate_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - open" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_open_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_open_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - open" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_open_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_open_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - open" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_open_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_open_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - open" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_open_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_open_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - open" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_open_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_open_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - open" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_open_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_open_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - openat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_openat_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_openat_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - openat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_openat_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_openat_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - openat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_openat_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_openat_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - openat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_openat_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_openat_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - openat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_openat_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_openat_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - openat" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_openat_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_openat_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - truncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_truncate_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_truncate_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - truncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_truncate_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_truncate_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - truncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_truncate_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_truncate_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user fail - truncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_fail_truncate_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_truncate_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eacces - truncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eacces_truncate_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_truncate_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit file user eperm - truncate" id="oval:ssg-test_audit_rules_unsuccessful_file_modification_eperm_truncate_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_truncate_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/useradd" id="oval:ssg-test_audit_rules_usergroup_creation_usr_sbin_useradd_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_usr_sbin_useradd_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/groupadd" id="oval:ssg-test_audit_rules_usergroup_creation_usr_sbin_groupadd_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_usr_sbin_groupadd_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/passwd" id="oval:ssg-test_audit_rules_usergroup_creation_etc_passwd_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_etc_passwd_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/shadow" id="oval:ssg-test_audit_rules_usergroup_creation_etc_shadow_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_etc_shadow_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/group" id="oval:ssg-test_audit_rules_usergroup_creation_etc_group_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_etc_group_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/gshadow" id="oval:ssg-test_audit_rules_usergroup_creation_etc_gshadow_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_etc_gshadow_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/useradd" id="oval:ssg-test_audit_rules_usergroup_creation_usr_sbin_useradd_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_usr_sbin_useradd_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/groupadd" id="oval:ssg-test_audit_rules_usergroup_creation_usr_sbin_groupadd_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_usr_sbin_groupadd_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/passwd" id="oval:ssg-test_audit_rules_usergroup_creation_etc_passwd_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_etc_passwd_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/shadow" id="oval:ssg-test_audit_rules_usergroup_creation_etc_shadow_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_etc_shadow_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/group" id="oval:ssg-test_audit_rules_usergroup_creation_etc_group_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_etc_group_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/gshadow" id="oval:ssg-test_audit_rules_usergroup_creation_etc_gshadow_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_creation_etc_gshadow_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/bin/passwd" id="oval:ssg-test_audit_rules_usergroup_disabling_usr_bin_passwd_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_disabling_usr_bin_passwd_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/bin/passwd" id="oval:ssg-test_audit_rules_usergroup_disabling_usr_bin_passwd_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_disabling_usr_bin_passwd_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/usermod" id="oval:ssg-test_audit_rules_usergroup_modification_usr_sbin_usermod_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_usr_sbin_usermod_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/groupmod" id="oval:ssg-test_audit_rules_usergroup_modification_usr_sbin_groupmod_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_usr_sbin_groupmod_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/passwd" id="oval:ssg-test_audit_rules_usergroup_modification_etc_passwd_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_etc_passwd_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/shadow" id="oval:ssg-test_audit_rules_usergroup_modification_etc_shadow_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_etc_shadow_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/group" id="oval:ssg-test_audit_rules_usergroup_modification_etc_group_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_etc_group_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/gshadow" id="oval:ssg-test_audit_rules_usergroup_modification_etc_gshadow_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_etc_gshadow_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/usermod" id="oval:ssg-test_audit_rules_usergroup_modification_usr_sbin_usermod_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_usr_sbin_usermod_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/groupmod" id="oval:ssg-test_audit_rules_usergroup_modification_usr_sbin_groupmod_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_usr_sbin_groupmod_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/passwd" id="oval:ssg-test_audit_rules_usergroup_modification_etc_passwd_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_etc_passwd_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/shadow" id="oval:ssg-test_audit_rules_usergroup_modification_etc_shadow_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_etc_shadow_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/group" id="oval:ssg-test_audit_rules_usergroup_modification_etc_group_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_etc_group_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /etc/gshadow" id="oval:ssg-test_audit_rules_usergroup_modification_etc_gshadow_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_modification_etc_gshadow_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/userdel" id="oval:ssg-test_audit_rules_usergroup_termination_usr_sbin_userdel_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_termination_usr_sbin_userdel_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/groupdel" id="oval:ssg-test_audit_rules_usergroup_termination_usr_sbin_groupdel_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_termination_usr_sbin_groupdel_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/userdel" id="oval:ssg-test_audit_rules_usergroup_termination_usr_sbin_userdel_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_termination_usr_sbin_userdel_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="audit /usr/sbin/groupdel" id="oval:ssg-test_audit_rules_usergroup_termination_usr_sbin_groupdel_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_rules_usergroup_termination_usr_sbin_groupdel_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check for audit=1 in /boot/grub/grub.conf" id="oval:ssg-test_audit_enabled_on_kernel_cmdline:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audit_enabled_on_kernel_cmdline:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if audispd's syslog plugin activated in /etc/audisp/plugins.d/syslog.conf" id="oval:ssg-test_audispds_syslog_plugin_enabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_audispds_syslog_plugin_enabled:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action" id="oval:ssg-test_auditd_data_retention_disk_error_action_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_disk_error_action_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action" id="oval:ssg-test_auditd_data_retention_disk_full_action_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_disk_full_action_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action" id="oval:ssg-test_auditd_data_retention_disk_error_action_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_disk_error_action_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action" id="oval:ssg-test_auditd_data_retention_disk_full_action_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_disk_full_action_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action - exec,syslog" id="oval:ssg-test_auditd_data_retention_space_left_action_exec_syslog_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_space_left_action_exec_syslog_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action - email" id="oval:ssg-test_auditd_data_retention_space_left_action_email_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_space_left_action_email_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="email account for actions" id="oval:ssg-test_auditd_data_retention_action_mail_acct_root_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_action_mail_acct_root_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="email account for actions" id="oval:ssg-test_auditd_data_retention_action_mail_acct_external_el4:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_action_mail_acct_external_el4:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action - exec,syslog" id="oval:ssg-test_auditd_data_retention_space_left_action_exec_syslog_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_space_left_action_exec_syslog_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action - email" id="oval:ssg-test_auditd_data_retention_space_left_action_email_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_space_left_action_email_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="email account for actions" id="oval:ssg-test_auditd_data_retention_action_mail_acct_root_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_action_mail_acct_root_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="email account for actions" id="oval:ssg-test_auditd_data_retention_action_mail_acct_external_el5:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_action_mail_acct_external_el5:obj:1"/>
    </ind:textfilecontent54_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_auditd_data_retention_audit_storage_failure_package_sendmail_installed:tst:1" version="1" comment="package sendmail is installed">
      <linux:object object_ref="oval:ssg-obj_auditd_data_retention_audit_storage_failure_package_sendmail_installed:obj:1"/>
    </linux:rpminfo_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="correct banner in /etc/issue" id="oval:ssg-test_banner_etc_issue:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_banner_etc_issue:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:xmlfilecontent_test check="all" comment="Check if the GUI warning banner is enabled." id="oval:ssg-test_banner_gui_enabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_banner_gui_enabled:obj:1"/>
      <ind:state state_ref="oval:ssg-state_banner_gui_enabled:ste:1"/>
    </ind:xmlfilecontent_test>
    <ind:xmlfilecontent_test check="all" comment="Check if the GUI warning banner is configured correctly." id="oval:ssg-test_set_gdm_login_banner_text:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_set_gdm_login_banner_text:obj:1"/>
      <ind:state state_ref="oval:ssg-state_set_gdm_login_banner_text:ste:1"/>
    </ind:xmlfilecontent_test>
    <unix:file_test check="all" check_existence="all_exist" comment="make sure /var/log/device-file-list exists" id="oval:ssg-test_baseline_device_files_exists:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_baseline_device_files_exists:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="make sure /etc/cron.weekly/baseline_checker.sh exists" id="oval:ssg-test_baseline_device_files_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_baseline_device_files_cron:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="make sure /var/log/sgid-file-list exists" id="oval:ssg-test_baseline_sgid_files_exists:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_baseline_sgid_files_exists:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="make sure /etc/cron.weekly/baseline_checker.sh exists" id="oval:ssg-test_baseline_sgid_files_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_baseline_sgid_files_cron:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="make sure /var/log/suid-file-list exists" id="oval:ssg-test_baseline_suid_files_exists:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_baseline_suid_files_exists:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="make sure /etc/cron.weekly/baseline_checker.sh exists" id="oval:ssg-test_baseline_suid_files_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_baseline_suid_files_cron:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" comment="check for audit=1 in /boot/grub/grub.conf" id="oval:ssg-test_bootloader_audit_argument:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_bootloader_audit_argument:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="make sure /boot/grub/grub.conf exists" id="oval:ssg-test_bootloader_exists:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_bootloader_exists:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" comment="look for argument 'nousb' in the kernel line in /boot/grub/grub.conf" id="oval:ssg-test_bootloader_nousb_argument:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_bootloader_nousb_argument:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/grub/grub.conf" id="oval:ssg-test_bootloader_password:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_bootloader_password:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="make sure a compliant password hash is defined in /boot/grub/grub.conf" id="oval:ssg-test_bootloader_password_hash:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_bootloader_password_hash:obj:1"/>
      <ind:state state_ref="oval:ssg-state_bootloader_password_hash:ste:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing /etc/cron.allow existence" id="oval:ssg-test_cron_access_controlled_cron_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_cron_access_controlled_cron_allow:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing /etc/cron.deny existence" id="oval:ssg-test_cron_access_controlled_cron_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_cron_access_controlled_cron_deny:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing /etc/cron.allow existence" id="oval:ssg-test_cron_system_accounts_cron_allow_exists:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_cron_system_accounts_cron_allow_exists:obj:1"/>
    </unix:file_test>
    <unix:password_test check="all" check_existence="none_exist" comment="Testing system accounts in /etc/cron.allow" id="oval:ssg-test_cron_system_accounts_cron_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_cron_system_accounts_cron_allow:obj:1"/>
    </unix:password_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="tests the value of do-forward-updates setting in the /etc/dhclient.conf file" id="oval:ssg-test_dhcp_client_disable_ddns:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_dhcp_client_disable_ddns:obj:1"/>
      <ind:state state_ref="oval:ssg-state_dhcp_client_disable_ddns:ste:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="all local world-writable directories have sticky bit set" id="oval:ssg-test_dir_perms_world_writable_sticky_bits:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_only_local_directories:obj:1"/>
      <unix:state state_ref="oval:ssg-state_world_writable_and_not_sticky:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" comment="check for local directories that are world writable and have uid greater than or equal to 500" id="oval:ssg-test_dir_world_writable_uid_gt_500:tst:1" version="1">
      <unix:object object_ref="oval:ssg-all_local_directories:obj:1"/>
      <unix:state state_ref="oval:ssg-state_gid_is_user_and_world_writable:ste:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Look for argument 'exec /sbin/shutdown -r now' in /etc/init/control-alt-delete.conf" id="oval:ssg-test_disable_ctrlaltdel_reboot_conf:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_disable_ctrlaltdel_reboot_conf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="Tests the value of the ^[\s]*\*[\s]+(hard|-)[\s]+core[\s]+([\d]+) setting in the /etc/security/limits.conf file" id="oval:ssg-test_core_dumps_limitsconf:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_core_dumps_limitsconf:obj:1"/>
      <ind:state state_ref="oval:ssg-state_core_dumps_limitsconf:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="check for nosignature in /etc/rpmrc" id="oval:ssg-test_nosignature_etc_rpmrc:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nosignature_etc_rpmrc:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="check for nosignature in /usr/lib/rpm/rpmrc" id="oval:ssg-test_nosignature_usr_lib_rpm_rpmrc:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nosignature_usr_lib_rpm_rpmrc:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="check for nosignature in /usr/lib/rpm/redhat/rpmrc" id="oval:ssg-test_nosignature_usr_lib_rpm_redhat_rpmrc:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nosignature_usr_lib_rpm_redhat_rpmrc:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="check for nosignature in /root/rpmrc" id="oval:ssg-test_nosignature_root_rpmrc:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nosignature_root_rpmrc:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="check for existence of gpgcheck=0 in /etc/yum.repos.d/ files" id="oval:ssg-test_ensure_gpgcheck_never_disabled_repos:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ensure_gpgcheck_never_disabled_repos:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="check value of gpgcheck in /etc/yum.conf" id="oval:ssg-test_ensure_gpgcheck_never_disabled_conf:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ensure_gpgcheck_never_disabled_conf:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/postfix/aliases group owner" id="oval:ssg-test_file_groupowner_aliases_postfix_aliases:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_aliases_postfix_aliases:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/postfix/aliases.db group owner" id="oval:ssg-test_file_groupowner_aliases_postfix_aliases_db:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_aliases_postfix_aliases_db:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/aliases group owner" id="oval:ssg-test_file_groupowner_aliases_sendmail_aliases:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_aliases_sendmail_aliases:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/aliases.db group owner" id="oval:ssg-test_file_groupowner_aliases_sendmail_aliases_db:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_aliases_sendmail_aliases_db:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing files referenced in /etc/aliases group owner" id="oval:ssg-test_file_groupowner_aliases_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_aliases_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_aliases_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /dev/audio* group owner" id="oval:ssg-test_file_groupowner_dev_audio:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_dev_audio:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audio_devices:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /dev/snd/* group owner" id="oval:ssg-test_file_groupowner_dev_snd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_dev_snd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audio_devices:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing audit log file group owner" id="oval:ssg-test_file_groupowner_audit_log_el4:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_audit_log_el4:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audit_log:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing audit log file group owner" id="oval:ssg-test_file_groupowner_audit_log_el5:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_audit_log_el5:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audit_log:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/auditctl group owner" id="oval:ssg-test_file_groupowner_sbin_auditctl:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_sbin_auditctl:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/auditd group owner" id="oval:ssg-test_file_groupowner_sbin_auditd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_sbin_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/ausearch group owner" id="oval:ssg-test_file_groupowner_sbin_ausearch:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_sbin_ausearch:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/aureport group owner" id="oval:ssg-test_file_groupowner_sbin_aureport:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_sbin_aureport:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/autrace group owner" id="oval:ssg-test_file_groupowner_sbin_autrace:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_sbin_autrace:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/audispd group owner" id="oval:ssg-test_file_groupowner_sbin_audispd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_sbin_audispd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /bin/traceroute group owner" id="oval:ssg-test_file_groupowner_bin_traceroute:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_bin_traceroute:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_bin_traceroute:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/etc directories uid root" id="oval:ssg-test_groupowner_binary_dirs_etc_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-file_groupowner_binary_dirs_object_etc_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/etc files uid root" id="oval:ssg-test_groupowner_binary_dirs_etc_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_binary_dirs_etc_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/bin directories uid root" id="oval:ssg-test_groupowner_binary_dirs_bin_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-file_groupowner_binary_dirs_object_bin_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/bin files uid root" id="oval:ssg-test_groupowner_binary_dirs_bin_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_binary_dirs_bin_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/bin directories uid root" id="oval:ssg-test_groupowner_binary_dirs_usr_bin_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-file_groupowner_binary_dirs_object_usr_bin_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/bin files uid root" id="oval:ssg-test_groupowner_binary_dirs_usr_bin_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_binary_dirs_usr_bin_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/lbin directories uid root" id="oval:ssg-test_groupowner_binary_dirs_usr_lbin_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-file_groupowner_binary_dirs_object_usr_lbin_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/lbin files uid root" id="oval:ssg-test_groupowner_binary_dirs_usr_lbin_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_binary_dirs_usr_lbin_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/usb directories uid root" id="oval:ssg-test_groupowner_binary_dirs_usr_usb_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-file_groupowner_binary_dirs_object_usr_usb_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/usb files uid root" id="oval:ssg-test_groupowner_binary_dirs_usr_usb_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_binary_dirs_usr_usb_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/sbin directories uid root" id="oval:ssg-test_groupowner_binary_dirs_sbin_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-file_groupowner_binary_dirs_object_sbin_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/sbin files uid root" id="oval:ssg-test_groupowner_binary_dirs_sbin_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_binary_dirs_sbin_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/sbin directories uid root" id="oval:ssg-test_groupowner_binary_dirs_usr_sbin_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-file_groupowner_binary_dirs_object_usr_sbin_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/sbin files uid root" id="oval:ssg-test_groupowner_binary_dirs_usr_sbin_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_binary_dirs_usr_sbin_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing audit log file permissions" id="oval:ssg-test_file_groupowner_core_dump_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_core_dump_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_core_dump_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.d/ group owner" id="oval:ssg-test_file_groupowner_dir_etc_cron_d:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_dir_etc_cron_d:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.daily/ group owner" id="oval:ssg-test_file_groupowner_dir_etc_cron_daily:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_dir_etc_cron_daily:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.hourly/ group owner" id="oval:ssg-test_file_groupowner_dir_etc_cron_hourly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_dir_etc_cron_hourly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.monthly/ group owner" id="oval:ssg-test_file_groupowner_dir_etc_cron_monthly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_dir_etc_cron_monthly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.weekly/ group owner" id="oval:ssg-test_file_groupowner_dir_etc_cron_weekly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_dir_etc_cron_weekly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /var/spool/cron/ group owner" id="oval:ssg-test_file_groupowner_dir_var_spool_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_dir_var_spool_cron:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/crontab group owner" id="oval:ssg-test_file_groupowner_etc_crontab:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_crontab:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.d/* group owner" id="oval:ssg-test_file_groupowner_etc_cron_d:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_cron_d:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.daily/* group owner" id="oval:ssg-test_file_groupowner_etc_cron_daily:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_cron_daily:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.hourly/* group owner" id="oval:ssg-test_file_groupowner_etc_cron_hourly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_cron_hourly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.monthly/* group owner" id="oval:ssg-test_file_groupowner_etc_cron_monthly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_cron_monthly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.weekly/* group owner" id="oval:ssg-test_file_groupowner_etc_cron_weekly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_cron_weekly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /var/spool/cron/* group owner" id="oval:ssg-test_file_groupowner_var_spool_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_var_spool_cron:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/at.allow group owner" id="oval:ssg-test_file_groupowner_etc_at_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_at_allow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_at_allow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/at.deny group owner" id="oval:ssg-test_file_groupowner_etc_at_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_at_deny:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_at_deny:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.allow group owner" id="oval:ssg-test_file_groupowner_etc_cron_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_cron_allow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_cron_allow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.deny group owner" id="oval:ssg-test_file_groupowner_etc_cron_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_cron_deny:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_cron_deny:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cups/printers.conf group owner" id="oval:ssg-test_file_groupowner_etc_cups_printers_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_cups_printers_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_cups_printers_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/exports group owner" id="oval:ssg-test_file_groupowner_etc_exports:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_exports:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_exports:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing group ownership" id="oval:ssg-test_file_groupowner_etc_group:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_group:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_group:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing gshadow ownership" id="oval:ssg-test_file_groupowner_etc_gshadow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_gshadow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_gshadow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/hosts group owner" id="oval:ssg-test_file_groupowner_etc_hosts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_hosts:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_hosts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ldap.conf group owner" id="oval:ssg-test_file_groupowner_etc_ldap_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_ldap_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_ldap_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/nsswitch.conf group owner" id="oval:ssg-test_file_groupowner_etc_nsswitch_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_nsswitch_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_nsswitch_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ntp.conf group owner" id="oval:ssg-test_file_groupowner_etc_ntp_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_ntp_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_ntp_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing group ownership of /etc/passwd" id="oval:ssg-test_file_groupowner_etc_passwd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_passwd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_passwd:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/resolv.conf group owner" id="oval:ssg-test_file_groupowner_etc_resolv_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_resolv_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_resolv_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/smb.conf group owner" id="oval:ssg-test_file_groupowner_etc_samba_smb_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_samba_smb_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_samba_smb_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/passdb.tdb group owner" id="oval:ssg-test_file_groupowner_etc_samba_passdb_tdb:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_samba_passdb_tdb:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_samba_tdb:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/secrets.tdb group owner" id="oval:ssg-test_file_groupowner_etc_samba_secrets_tdb:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_samba_secrets_tdb:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_samba_tdb:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/securetty group owner" id="oval:ssg-test_file_groupowner_etc_securetty:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_securetty:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_securetty:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/security/access.conf group owner" id="oval:ssg-test_file_groupowner_etc_security_access_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_security_access_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_security_access_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/services group owner" id="oval:ssg-test_file_groupowner_etc_services:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_services:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_services:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/skel/* group owner" id="oval:ssg-test_file_groupowner_etc_skel:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_skel:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_skel:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/sysctl.conf group owner" id="oval:ssg-test_file_groupowner_etc_sysctl_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_sysctl_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_sysctl_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/syslog.conf group owner" id="oval:ssg-test_file_groupowner_etc_syslog_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_syslog_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_syslog_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/xinetd.conf group owner" id="oval:ssg-test_file_groupowner_etc_xinetd_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_xinetd_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_etc_xinetd_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing files referenced in /etc/exports group owner" id="oval:ssg-test_file_groupowner_exports_dirs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_exports_dirs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_exports_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/ftpusers" id="oval:ssg-test_file_groupowner_etc_ftpusers:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_ftpusers:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/vsftpd.ftpusers" id="oval:ssg-test_file_groupowner_etc_vsftpd_ftpusers1:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_vsftpd_ftpusers1:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/vsftpd/ftpusers" id="oval:ssg-test_file_groupowner_etc_vsftpd_ftpusers2:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_vsftpd_ftpusers2:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/bashrc" id="oval:ssg-test_file_groupowner_etc_bashrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_bashrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/csh.cshrc" id="oval:ssg-test_file_groupowner_etc_csh_cshrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_csh_cshrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/csh.login" id="oval:ssg-test_file_groupowner_etc_csh_login:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_csh_login:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/csh.logout" id="oval:ssg-test_file_groupowner_etc_csh_logout:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_csh_logout:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/environment" id="oval:ssg-test_file_groupowner_etc_environment:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_environment:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/ksh.kshrc" id="oval:ssg-test_file_groupowner_etc_ksh_kshrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_ksh_kshrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/profile" id="oval:ssg-test_file_groupowner_etc_profile:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_profile:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/suid_profile" id="oval:ssg-test_file_groupowner_etc_suid_profile:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_suid_profile:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner of /etc/profile.d/*" id="oval:ssg-test_file_groupowner_etc_profiled:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_profiled:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/boot/grub/grub.conf group owned by root" id="oval:ssg-test_file_groupowner_grub_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_grub_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_grub_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner" id="oval:ssg-test_file_groupowner_home_dirs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_home_dirs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_home_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner" id="oval:ssg-test_file_groupowner_home_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_home_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_home_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS CA cert group owner" id="oval:ssg-test_file_groupowner_ldap_cacerts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_ldap_cacerts:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_ldap_cacerts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS cert group owner" id="oval:ssg-test_file_groupowner_ldap_certs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_ldap_certs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_ldap_certs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS key group owner" id="oval:ssg-test_file_groupowner_ldap_keys:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_ldap_keys:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_ldap_keys:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing local initialization files - /home group owner" id="oval:ssg-test_file_groupowner_local_initialization_files_home:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_local_initialization_files_home:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_local_initialization_files_home:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing local initialization files - /root group owner" id="oval:ssg-test_file_groupowner_local_initialization_files_root:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_local_initialization_files_root:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_local_initialization_files_root:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/rc*/* group owner" id="oval:ssg-test_file_groupowner_etc_rc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_rc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_run_control_scripts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/init.d/* group owner" id="oval:ssg-test_file_groupowner_etc_initd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_etc_initd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_run_control_scripts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing files referenced in /etc/shells group owner" id="oval:ssg-test_file_groupowner_shell_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_shell_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_shell_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing snmpd.conf group owner" id="oval:ssg-test_file_groupowner_snmpd_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_snmpd_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_snmpd_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner" id="oval:ssg-test_file_groupowner_var_spool_at:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_var_spool_at:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_var_spool_at:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing group owner" id="oval:ssg-test_file_groupowner_var_yp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_groupowner_var_yp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_groupowner_var_yp:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/postfix/aliases owner" id="oval:ssg-test_file_owner_aliases_postfix_aliases:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_aliases_postfix_aliases:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/postfix/aliases.db owner" id="oval:ssg-test_file_owner_aliases_postfix_aliases_db:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_aliases_postfix_aliases_db:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/aliases owner" id="oval:ssg-test_file_owner_aliases_sendmail_aliases:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_aliases_sendmail_aliases:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/aliases.db owner" id="oval:ssg-test_file_owner_aliases_sendmail_aliases_db:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_aliases_sendmail_aliases_db:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing files referenced in /etc/aliases owner" id="oval:ssg-test_file_owner_aliases_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_aliases_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_aliases_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /dev/audio* owner" id="oval:ssg-test_file_owner_dev_audio:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_dev_audio:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audio_devices:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /dev/snd/* owner" id="oval:ssg-test_file_owner_dev_snd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_dev_snd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audio_devices:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing audit log file owner" id="oval:ssg-test_file_owner_audit_log_el4:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_audit_log_el4:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audit_log:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing audit log file owner" id="oval:ssg-test_file_owner_audit_log_el5:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_audit_log_el5:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audit_log:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/auditctl owner" id="oval:ssg-test_file_owner_sbin_auditctl:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_sbin_auditctl:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/auditd owner" id="oval:ssg-test_file_owner_sbin_auditd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_sbin_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/ausearch owner" id="oval:ssg-test_file_owner_sbin_ausearch:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_sbin_ausearch:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/aureport owner" id="oval:ssg-test_file_owner_sbin_aureport:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_sbin_aureport:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/autrace owner" id="oval:ssg-test_file_owner_sbin_autrace:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_sbin_autrace:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/audispd owner" id="oval:ssg-test_file_owner_sbin_audispd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_sbin_audispd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /bin/traceroute owner" id="oval:ssg-test_file_owner_bin_traceroute:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_bin_traceroute:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_bin_traceroute:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing audit log file permissions" id="oval:ssg-test_file_owner_core_dump_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_core_dump_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_core_dump_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.d/ owner" id="oval:ssg-test_file_owner_dir_etc_cron_d:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_dir_etc_cron_d:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.daily/ owner" id="oval:ssg-test_file_owner_dir_etc_cron_daily:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_dir_etc_cron_daily:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.hourly/ owner" id="oval:ssg-test_file_owner_dir_etc_cron_hourly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_dir_etc_cron_hourly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.monthly/ owner" id="oval:ssg-test_file_owner_dir_etc_cron_monthly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_dir_etc_cron_monthly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.weekly/ owner" id="oval:ssg-test_file_owner_dir_etc_cron_weekly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_dir_etc_cron_weekly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /var/spool/cron/ owner" id="oval:ssg-test_file_owner_dir_var_spool_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_dir_var_spool_cron:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/crontab owner" id="oval:ssg-test_file_owner_etc_crontab:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_crontab:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.d/* owner" id="oval:ssg-test_file_owner_etc_cron_d:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_cron_d:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.daily/* owner" id="oval:ssg-test_file_owner_etc_cron_daily:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_cron_daily:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.hourly/* owner" id="oval:ssg-test_file_owner_etc_cron_hourly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_cron_hourly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.monthly/* owner" id="oval:ssg-test_file_owner_etc_cron_monthly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_cron_monthly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.weekly/* owner" id="oval:ssg-test_file_owner_etc_cron_weekly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_cron_weekly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /var/spool/cron/* owner" id="oval:ssg-test_file_owner_var_spool_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_var_spool_cron:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/at.allow owner" id="oval:ssg-test_file_owner_etc_at_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_at_allow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_at_allow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/at.deny owner" id="oval:ssg-test_file_owner_etc_at_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_at_deny:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_at_deny:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.allow owner" id="oval:ssg-test_file_owner_etc_cron_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_cron_allow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_cron_allow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.deny owner" id="oval:ssg-test_file_owner_etc_cron_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_cron_deny:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_cron_deny:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cups/printers.conf owner" id="oval:ssg-test_file_owner_etc_cups_printers_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_cups_printers_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_cups_printers_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/exports owner" id="oval:ssg-test_file_owner_etc_exports:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_exports:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_exports:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing user ownership" id="oval:ssg-test_file_owner_etc_group:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_group:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_group:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing gshadow ownership" id="oval:ssg-test_file_owner_etc_gshadow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_gshadow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_gshadow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/hosts owner" id="oval:ssg-test_file_owner_etc_hosts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_hosts:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_hosts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ldap.conf owner" id="oval:ssg-test_file_owner_etc_ldap_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_ldap_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_ldap_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/nsswitch.conf owner" id="oval:ssg-test_file_owner_etc_nsswitch_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_nsswitch_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_nsswitch_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ntp.conf owner" id="oval:ssg-test_file_owner_etc_ntp_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_ntp_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_ntp_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing user ownership" id="oval:ssg-test_file_owner_etc_passwd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_passwd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_passwd:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/resolv.conf owner" id="oval:ssg-test_file_owner_etc_resolv_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_resolv_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_resolv_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/smb.conf owner" id="oval:ssg-test_file_owner_etc_samba_smb_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_samba_smb_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_samba_smb_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/passdb.tdb owner" id="oval:ssg-test_file_owner_etc_samba_passdb_tdb:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_samba_passdb_tdb:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_samba_tdb:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/secrets.tdb owner" id="oval:ssg-test_file_owner_etc_samba_secrets_tdb:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_samba_secrets_tdb:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_samba_tdb:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/securetty owner" id="oval:ssg-test_file_owner_etc_securetty:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_securetty:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_securetty:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/security/access.conf owner" id="oval:ssg-test_file_owner_etc_security_access_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_security_access_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_security_access_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/services owner" id="oval:ssg-test_file_owner_etc_services:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_services:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_services:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing user ownership of /etc/shadow" id="oval:ssg-test_file_owner_etc_shadow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_etc_shadow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_etc_shadow_uid_root:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/skel/* owner" id="oval:ssg-test_file_owner_etc_skel:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_skel:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_skel:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/sysctl.conf owner" id="oval:ssg-test_file_owner_etc_sysctl_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_sysctl_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_sysctl_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/syslog.conf owner" id="oval:ssg-test_file_owner_etc_syslog_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_syslog_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_syslog_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/xinetd.conf owner" id="oval:ssg-test_file_owner_etc_xinetd_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_xinetd_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_etc_xinetd_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing files referenced in /etc/exports owner" id="oval:ssg-test_file_owner_exports_dirs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_exports_dirs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_exports_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/ftpusers" id="oval:ssg-test_file_owner_etc_ftpusers:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_ftpusers:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/vsftpd.ftpusers" id="oval:ssg-test_file_owner_etc_vsftpd_ftpusers1:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_vsftpd_ftpusers1:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/vsftpd/ftpusers" id="oval:ssg-test_file_owner_etc_vsftpd_ftpusers2:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_vsftpd_ftpusers2:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/bashrc" id="oval:ssg-test_file_owner_etc_bashrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_bashrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/csh.cshrc" id="oval:ssg-test_file_owner_etc_csh_cshrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_csh_cshrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/csh.login" id="oval:ssg-test_file_owner_etc_csh_login:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_csh_login:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/csh.logout" id="oval:ssg-test_file_owner_etc_csh_logout:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_csh_logout:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/environment" id="oval:ssg-test_file_owner_etc_environment:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_environment:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/ksh.kshrc" id="oval:ssg-test_file_owner_etc_ksh_kshrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_ksh_kshrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/profile" id="oval:ssg-test_file_owner_etc_profile:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_profile:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/suid_profile" id="oval:ssg-test_file_owner_etc_suid_profile:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_suid_profile:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner of /etc/profile.d/*" id="oval:ssg-test_file_owner_etc_profiled:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_profiled:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/boot/grub/grub.conf owned by root" id="oval:ssg-test_file_owner_grub_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_grub_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_grub_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner" id="oval:ssg-test_file_owner_home_dirs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_home_dirs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_home_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner" id="oval:ssg-test_file_owner_home_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_home_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_home_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS CA cert group owner" id="oval:ssg-test_file_owner_ldap_cacerts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_ldap_cacerts:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_ldap_cacerts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS cert group owner" id="oval:ssg-test_file_owner_ldap_certs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_ldap_certs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_ldap_certs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS key owner" id="oval:ssg-test_file_owner_ldap_keys:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_ldap_keys:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_ldap_keys:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing local initialization files - /home owner" id="oval:ssg-test_file_owner_local_initialization_files_home:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_local_initialization_files_home:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_local_initialization_files_home:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing local initialization files - /root owner" id="oval:ssg-test_file_owner_local_initialization_files_root:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_local_initialization_files_root:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_local_initialization_files_root:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/rc*/* owner" id="oval:ssg-test_file_owner_etc_rc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_rc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_run_control_scripts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/init.d/* owner" id="oval:ssg-test_file_owner_etc_initd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_etc_initd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_run_control_scripts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing files referenced in /etc/shells owner" id="oval:ssg-test_file_owner_shell_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_shell_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_shell_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing SMTP log file owner" id="oval:ssg-test_file_owner_smtp_logs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_smtp_logs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_smtp_logs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing snmpd.conf owner" id="oval:ssg-test_file_owner_snmpd_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_snmpd_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_snmpd_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner" id="oval:ssg-test_file_owner_var_spool_at:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_var_spool_at:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_var_spool_at:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing owner" id="oval:ssg-test_file_owner_var_yp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_owner_var_yp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_owner_var_yp:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/postfix/aliases permissions" id="oval:ssg-test_file_permissions_aliases_postfix_aliases:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_aliases_postfix_aliases:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/postfix/aliases.db permissions" id="oval:ssg-test_file_permissions_aliases_postfix_aliases_db:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_aliases_postfix_aliases_db:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/aliases permissions" id="oval:ssg-test_file_permissions_aliases_sendmail_aliases:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_aliases_sendmail_aliases:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/aliases.db permissions" id="oval:ssg-test_file_permissions_aliases_sendmail_aliases_db:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_aliases_sendmail_aliases_db:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing files referenced in /etc/aliases permissions" id="oval:ssg-test_file_permissions_aliases_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_aliases_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_aliases_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /dev/audio* permissions" id="oval:ssg-test_file_permissions_dev_audio:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_dev_audio:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audio_devices:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /dev/snd/* permissions" id="oval:ssg-test_file_permissions_dev_snd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_dev_snd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audio_devices:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing audit log file permissions" id="oval:ssg-test_file_permissions_audit_log_el4:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_audit_log_el4:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audit_log:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing audit log file permissions" id="oval:ssg-test_file_permissions_audit_log_el5:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_audit_log_el5:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audit_log:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/auditctl permissions" id="oval:ssg-test_file_permissions_sbin_auditctl:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_sbin_auditctl:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/auditd permissions" id="oval:ssg-test_file_permissions_sbin_auditd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_sbin_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/ausearch permissions" id="oval:ssg-test_file_permissions_sbin_ausearch:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_sbin_ausearch:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/aureport permissions" id="oval:ssg-test_file_permissions_sbin_aureport:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_sbin_aureport:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/autrace permissions" id="oval:ssg-test_file_permissions_sbin_autrace:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_sbin_autrace:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/audispd permissions" id="oval:ssg-test_file_permissions_sbin_audispd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_sbin_audispd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /bin/traceroute permissions" id="oval:ssg-test_file_permissions_bin_traceroute:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_bin_traceroute:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_bin_traceroute:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing audit log file permissions" id="oval:ssg-test_file_permissions_core_dump_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_core_dump_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_core_dump_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.daily/* permissions" id="oval:ssg-test_file_permissions_etc_cron_daily:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_cron_daily:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_cron_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.hourly/* permissions" id="oval:ssg-test_file_permissions_etc_cron_hourly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_cron_hourly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_cron_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.monthly/* permissions" id="oval:ssg-test_file_permissions_etc_cron_monthly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_cron_monthly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_cron_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.weekly/* permissions" id="oval:ssg-test_file_permissions_etc_cron_weekly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_cron_weekly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_cron_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing cron log file permissions" id="oval:ssg-test_file_permissions_cron_log_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_cron_log_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_cron_log_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.d/ permissions" id="oval:ssg-test_file_permissions_dir_etc_cron_d:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_dir_etc_cron_d:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.daily/ permissions" id="oval:ssg-test_file_permissions_dir_etc_cron_daily:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_dir_etc_cron_daily:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.hourly/ permissions" id="oval:ssg-test_file_permissions_dir_etc_cron_hourly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_dir_etc_cron_hourly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.monthly/ permissions" id="oval:ssg-test_file_permissions_dir_etc_cron_monthly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_dir_etc_cron_monthly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.weekly/ permissions" id="oval:ssg-test_file_permissions_dir_etc_cron_weekly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_dir_etc_cron_weekly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /var/spool/cron/ permissions" id="oval:ssg-test_file_permissions_dir_var_spool_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_dir_var_spool_cron:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_crontab_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/crontab permissions" id="oval:ssg-test_file_permissions_etc_crontab:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_crontab:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.d/* permissions" id="oval:ssg-test_file_permissions_etc_cron_d:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_cron_d:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /var/spool/cron/* permissions" id="oval:ssg-test_file_permissions_var_spool_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_var_spool_cron:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/at.allow permissions" id="oval:ssg-test_file_permissions_etc_at_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_at_allow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_at_allow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/at.deny permissions" id="oval:ssg-test_file_permissions_etc_at_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_at_deny:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_at_deny:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.allow permissions" id="oval:ssg-test_file_permissions_etc_cron_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_cron_allow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_cron_allow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.deny permissions" id="oval:ssg-test_file_permissions_etc_cron_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_cron_deny:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_cron_deny:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cups/printers.conf permissions" id="oval:ssg-test_file_permissions_etc_cups_printers_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_cups_printers_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_cups_printers_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/exports permissions" id="oval:ssg-test_file_permissions_etc_exports:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_exports:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_exports:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing /etc/group permissions" id="oval:ssg-test_file_permissions_etc_group:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_group:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_group:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/etc/gshadow mode and ownership" id="oval:ssg-test_etc_gshadow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_etc_gshadow:obj:1"/>
      <unix:state state_ref="oval:ssg-_etc_gshadow_state_mode_0400:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/hosts permissions" id="oval:ssg-test_file_permissions_etc_hosts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_hosts:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_hosts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ldap.conf permissions" id="oval:ssg-test_file_permissions_etc_ldap_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_ldap_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_ldap_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/news/incoming.conf permissions" id="oval:ssg-test_file_permissions_etc_news_incoming_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_news_incoming_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_news_incoming_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/news/infeed.conf permissions" id="oval:ssg-test_file_permissions_etc_news_infeed_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_news_infeed_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_news_infeed_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/news/passwd.nntp permissions" id="oval:ssg-test_file_permissions_etc_news_passwd_nntp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_news_passwd_nntp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_news_passwd_nntp:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/nsswitch.conf permissions" id="oval:ssg-test_file_permissions_etc_nsswitch_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_nsswitch_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_nsswitch_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ntp.conf permissions" id="oval:ssg-test_file_permissions_etc_ntp_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_ntp_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_ntp_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/etc/passwd mode and ownership" id="oval:ssg-test_etc_passwd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_etc_passwd:obj:1"/>
      <unix:state state_ref="oval:ssg-_etc_passwd_state_mode_0644:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/resolv.conf permissions" id="oval:ssg-test_file_permissions_etc_resolv_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_resolv_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_resolv_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/smb.conf permissions" id="oval:ssg-test_file_permissions_etc_samba_smb_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_samba_smb_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_samba_smb_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/passdb.tdb permissions" id="oval:ssg-test_file_permissions_etc_samba_passdb_tdb:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_samba_passdb_tdb:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_samba_tdb:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/secrets.tdb permissions" id="oval:ssg-test_file_permissions_etc_samba_secrets_tdb:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_samba_secrets_tdb:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_samba_tdb:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/securetty group owner" id="oval:ssg-test_file_permissions_etc_securetty:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_securetty:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_securetty:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/security/access.conf permissions" id="oval:ssg-test_file_permissions_etc_security_access_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_security_access_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_security_access_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/services permissions" id="oval:ssg-test_file_permissions_etc_services:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_services:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_services:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/etc/shadow mode and ownership" id="oval:ssg-test_etc_shadow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_etc_shadow:obj:1"/>
      <unix:state state_ref="oval:ssg-_etc_shadow_state_mode_0400:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/skel/* permissions" id="oval:ssg-test_file_permissions_etc_skel:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_skel:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_skel:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/sysctl.conf permissions" id="oval:ssg-test_file_permissions_etc_sysctl_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_sysctl_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_sysctl_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/syslog.conf permissions" id="oval:ssg-test_file_permissions_etc_syslog_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_syslog_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_syslog_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/xinetd.conf permissions" id="oval:ssg-test_file_permissions_etc_xinetd_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_xinetd_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_xinetd:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/xinetd.d/* permissions" id="oval:ssg-test_file_permissions_etc_xinetd_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_xinetd_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_xinetd:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/xinetd.d" id="oval:ssg-test_file_permissions_etc_xinetd_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_xinetd_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_etc_xinetd_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/postfix/aliases extended ACLs" id="oval:ssg-test_file_permissions_extended_aliases_postfix_aliases:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_aliases_postfix_aliases:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/postfix/aliases.db extended ACLs" id="oval:ssg-test_file_permissions_extended_aliases_postfix_aliases_db:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_aliases_postfix_aliases_db:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/aliases extended ACLs" id="oval:ssg-test_file_permissions_extended_aliases_sendmail_aliases:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_aliases_sendmail_aliases:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/aliases.db extended ACLs" id="oval:ssg-test_file_permissions_extended_aliases_sendmail_aliases_db:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_aliases_sendmail_aliases_db:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_aliases:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing files referenced in /etc/aliases extended ACLs" id="oval:ssg-test_file_permissions_extended_aliases_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_aliases_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_aliases_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /dev/audio* extended ACLs" id="oval:ssg-test_file_permissions_extended_dev_audio:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_dev_audio:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_audio_devices:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /dev/snd/* extended ACLs" id="oval:ssg-test_file_permissions_extended_dev_snd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_dev_snd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_audio_devices:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing audit log file extended ACLs" id="oval:ssg-test_file_permissions_extended_audit_log:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_audit_log:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_audit_log:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/auditctl extended ACLs" id="oval:ssg-test_file_permissions_extended_sbin_auditctl:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_sbin_auditctl:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/auditd extended ACLs" id="oval:ssg-test_file_permissions_extended_sbin_auditd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_sbin_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/ausearch extended ACLs" id="oval:ssg-test_file_permissions_extended_sbin_ausearch:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_sbin_ausearch:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/aureport extended ACLs" id="oval:ssg-test_file_permissions_extended_sbin_aureport:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_sbin_aureport:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/autrace extended ACLs" id="oval:ssg-test_file_permissions_extended_sbin_autrace:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_sbin_autrace:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /sbin/audispd extended ACLs" id="oval:ssg-test_file_permissions_extended_sbin_audispd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_sbin_audispd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_audit_tools:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /bin/traceroute extended ACLs" id="oval:ssg-test_file_permissions_extended_bin_traceroute:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_bin_traceroute:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_bin_traceroute:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing /etc/* extended ACLs" id="oval:ssg-test_file_permissions_extended_binary_dirs_etc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_binary_dirs_etc:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing /bin/* extended ACLs" id="oval:ssg-test_file_permissions_extended_binary_dirs_bin:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_binary_dirs_bin:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing /usr/bin/* extended ACLs" id="oval:ssg-test_file_permissions_extended_binary_dirs_usr_bin:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_binary_dirs_usr_bin:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing /usr/lbin/* extended ACLs" id="oval:ssg-test_file_permissions_extended_binary_dirs_usr_lbin:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_binary_dirs_usr_lbin:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing /usr/usb/* extended ACLs" id="oval:ssg-test_file_permissions_extended_binary_dirs_usr_usb:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_binary_dirs_usr_usb:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing /sbin/* extended ACLs" id="oval:ssg-test_file_permissions_extended_binary_dirs_sbin:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_binary_dirs_sbin:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing /usr/sbin/* extended ACLs" id="oval:ssg-test_file_permissions_extended_binary_dirs_usr_sbin:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_binary_dirs_usr_sbin:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing audit log file permissions" id="oval:ssg-test_file_permissions_extended_core_dump_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_core_dump_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_core_dump_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing cron log file extended ACLs" id="oval:ssg-test_file_permissions_extended_cron_log_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_cron_log_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_cron_log_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/crontab extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_crontab:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_crontab:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.d extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_d:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_d:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.daily extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_daily:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_daily:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.hourly extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_hourly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_hourly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.monthly extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_monthly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_monthly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.weekly extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_dirs_etc_cron_weekly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_weekly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /var/spool/cron extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_dirs_var_spool_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_dirs_var_spool_cron:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/crontab extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_files_etc_crontab:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_files_etc_crontab:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.d/* extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_d:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_d:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.daily/* extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_daily:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_daily:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.hourly/* extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_hourly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_hourly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.monthly/* extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_monthly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_monthly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.weekly/* extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_files_etc_cron_weekly:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_weekly:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /var/spool/cron/* extended ACLs" id="oval:ssg-test_file_permissions_extended_crontab_files_var_spool_cron:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_crontab_files_var_spool_cron:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_crontab_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/at.allow extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_at_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_at_allow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_at_allow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/at.deny extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_at_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_at_deny:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_at_deny:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.allow extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_cron_allow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_cron_allow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_cron_allow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cron.deny extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_cron_deny:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_cron_deny:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_cron_deny:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/cups/printers.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_cups_printers_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_cups_printers_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_cups_printers_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/exports extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_exports:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_exports:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_exports:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/group extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_group:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_group:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_group:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/gshadow extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_gshadow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_gshadow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_gshadow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/hosts extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_hosts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_hosts:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_hosts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ldap.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_ldap_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_ldap_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_ldap_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/news/incoming.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_news_incoming_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_news_incoming_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_news_incoming_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/news/infeed.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_news_infeed_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_news_infeed_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_news_infeed_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/news/nnrp.access extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_news_nnrp_access:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_news_nnrp_access:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_news_nnrp_access:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/news/passwd.nntp extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_news_passwd_nntp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_news_passwd_nntp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_news_passwd_nntp:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/nsswitch.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_nsswitch_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_nsswitch_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_nsswitch_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ntp.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_ntp_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_ntp_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_ntp_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/passwd extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_passwd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_passwd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_passwd:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/resolv.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_resolv_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_resolv_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_resolv_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/smb.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_samba_smb_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_samba_smb_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_samba_smb_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/passdb.tdb extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_samba_passdb_tdb:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_samba_passdb_tdb:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_samba_tdb:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/samba/secrets.tdb extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_samba_secrets_tdb:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_samba_secrets_tdb:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_samba_tdb:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/security/access.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_security_access_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_security_access_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_security_access_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/services extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_services:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_services:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_services:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/shadow extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_shadow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_shadow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_shadow:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/skel/* extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_skel:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_skel:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_skel:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/sysctl.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_sysctl_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_sysctl_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_sysctl_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/syslog.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_syslog_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_syslog_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_syslog_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/xinetd.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_xinetd_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_xinetd_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_xinetd_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/xinetd.d/*" id="oval:ssg-test_file_permissions_extended_etc_xinetd_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_xinetd_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_etc_xinetd_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/ftpusers" id="oval:ssg-test_file_permissions_extended_etc_ftpusers:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_ftpusers:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/vsftpd.ftpusers" id="oval:ssg-test_file_permissions_extended_etc_vsftpd_ftpusers1:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_vsftpd_ftpusers1:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/vsftpd/ftpusers" id="oval:ssg-test_file_permissions_extended_etc_vsftpd_ftpusers2:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_vsftpd_ftpusers2:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/bashrc" id="oval:ssg-test_file_permissions_extended_etc_bashrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_bashrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/csh.cshrc" id="oval:ssg-test_file_permissions_extended_etc_csh_cshrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_csh_cshrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/csh.login" id="oval:ssg-test_file_permissions_extended_etc_csh_login:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_csh_login:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/csh.logout" id="oval:ssg-test_file_permissions_extended_etc_csh_logout:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_csh_logout:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/environment" id="oval:ssg-test_file_permissions_extended_etc_environment:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_environment:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/ksh.kshrc" id="oval:ssg-test_file_permissions_extended_etc_ksh_kshrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_ksh_kshrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/profile" id="oval:ssg-test_file_permissions_extended_etc_profile:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_profile:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/suid_profile" id="oval:ssg-test_file_permissions_extended_etc_suid_profile:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_suid_profile:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs of /etc/profile.d/*" id="oval:ssg-test_file_permissions_extended_etc_profiled:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_profiled:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs" id="oval:ssg-test_file_permissions_extended_grub_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_grub_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_grub_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs" id="oval:ssg-test_file_permissions_extended_home_dirs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_home_dirs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_home_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs" id="oval:ssg-test_file_permissions_extended_home_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_home_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_home_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS CA cert extended ACL permissions" id="oval:ssg-test_file_permissions_extended_ldap_cacerts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_ldap_cacerts:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_ldap_cacerts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS cert extended ACL permissions" id="oval:ssg-test_file_permissions_extended_ldap_certs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_ldap_certs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_ldap_certs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS key extended ACL permissions" id="oval:ssg-test_file_permissions_extended_ldap_keys:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_ldap_keys:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_ldap_keys:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /lib/* extended ACLs" id="oval:ssg-test_file_permissions_extended_library_dirs_lib:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_library_dirs_lib:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_library_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /usr/lib/* extended ACLs" id="oval:ssg-test_file_permissions_extended_library_dirs_usr_lib:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_library_dirs_usr_lib:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_library_dirs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing local initialization files - /home extended ACLs" id="oval:ssg-test_file_permissions_extended_local_initialization_files_home:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_local_initialization_files_home:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_local_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing local initialization files - /root extended ACLs" id="oval:ssg-test_file_permissions_extended_local_initialization_files_root:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_local_initialization_files_root:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_local_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /usr/share/man/* extended ACLs" id="oval:ssg-test_file_permissions_extended_usr_share_man:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_usr_share_man:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_man_pages:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /usr/share/info/* extended ACLs" id="oval:ssg-test_file_permissions_extended_usr_share_info:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_usr_share_info:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_man_pages:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /usr/share/infopage/* extended ACLs" id="oval:ssg-test_file_permissions_extended_usr_share_infopage:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_usr_share_infopage:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_man_pages:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing *.mib extended ACLs" id="oval:ssg-test_file_permissions_extended_mib_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_mib_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_mib_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions" id="oval:ssg-test_file_permissions_extended_root_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_root_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_root_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/rc*/* extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_rc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_rc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_run_control_scripts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/init.d/* extended ACLs" id="oval:ssg-test_file_permissions_extended_etc_initd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_etc_initd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_run_control_scripts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing files referenced in /etc/shells extended ACLs" id="oval:ssg-test_file_permissions_extended_shell_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_shell_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_shell_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing SMTP log file extended ACLs" id="oval:ssg-test_file_permissions_extended_smtp_logs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_smtp_logs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_smtp_logs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing snmpd.conf extended ACLs" id="oval:ssg-test_file_permissions_extended_snmpd_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_snmpd_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_snmpd_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs" id="oval:ssg-test_file_permissions_extended_usr_sbin_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_usr_sbin_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_usr_sbin_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs" id="oval:ssg-test_file_permissions_extended_var_log:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_var_log:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_var_log:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs" id="oval:ssg-test_file_permissions_extended_var_spool_at:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_var_spool_at:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_var_spool_at:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs" id="oval:ssg-test_file_permissions_extended_var_yp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_var_yp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_var_yp:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing extended ACLs" id="oval:ssg-test_file_permissions_extended_xauthority_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_extended_xauthority_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_extended_xauthority_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/ftpusers" id="oval:ssg-test_file_permissions_etc_ftpusers:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_ftpusers:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/vsftpd.ftpusers" id="oval:ssg-test_file_permissions_etc_vsftpd_ftpusers1:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_vsftpd_ftpusers1:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/vsftpd/ftpusers" id="oval:ssg-test_file_permissions_etc_vsftpd_ftpusers2:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_vsftpd_ftpusers2:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_ftpusers:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/bashrc" id="oval:ssg-test_file_permissions_etc_bashrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_bashrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/csh.cshrc" id="oval:ssg-test_file_permissions_etc_csh_cshrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_csh_cshrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/csh.login" id="oval:ssg-test_file_permissions_etc_csh_login:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_csh_login:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/csh.logout" id="oval:ssg-test_file_permissions_etc_csh_logout:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_csh_logout:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/environment" id="oval:ssg-test_file_permissions_etc_environment:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_environment:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/ksh.kshrc" id="oval:ssg-test_file_permissions_etc_ksh_kshrc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_ksh_kshrc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/profile" id="oval:ssg-test_file_permissions_etc_profile:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_profile:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/suid_profile" id="oval:ssg-test_file_permissions_etc_suid_profile:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_suid_profile:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions of /etc/profile.d/*" id="oval:ssg-test_file_permissions_etc_profiled:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_profiled:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_global_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing file permissions" id="oval:ssg-test_file_permissions_grub_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_grub_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_grub_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="at_least_one_exists" comment="home directories" id="oval:ssg-test_file_permissions_home_dirs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_home_dirs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_home_dirs_wrong_perm:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions" id="oval:ssg-test_file_permissions_home_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_home_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_home_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS CA cert permissions" id="oval:ssg-test_file_permissions_ldap_cacerts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_ldap_cacerts:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_ldap_cacerts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing LDAP TLS cert permissions" id="oval:ssg-test_file_permissions_ldap_certs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_ldap_certs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_ldap_certs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing audit log file permissions" id="oval:ssg-test_file_permissions_ldap_keys:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_ldap_keys:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_ldap_keys:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/lib directories go-w" id="oval:ssg-test_perms_lib_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_lib_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/lib files go-w" id="oval:ssg-test_perms_lib_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_lib_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/lib directories go-w" id="oval:ssg-test_perms_usr_lib_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_usr_lib_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/usr/lib files go-w" id="oval:ssg-test_perms_usr_lib_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_usr_lib_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing local initialization files - /home permissions" id="oval:ssg-test_file_permissions_local_initialization_files_home:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_local_initialization_files_home:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_local_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing local initialization files - /root permissions" id="oval:ssg-test_file_permissions_local_initialization_files_root:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_local_initialization_files_root:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_local_initialization_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /usr/share/man/* permissions" id="oval:ssg-test_file_permissions_usr_share_man:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_usr_share_man:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_man_pages:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /usr/share/info/* permissions" id="oval:ssg-test_file_permissions_usr_share_info:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_usr_share_info:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_man_pages:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /usr/share/infopage/* permissions" id="oval:ssg-test_file_permissions_usr_share_infopage:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_usr_share_infopage:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_man_pages:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing *.mib permissions" id="oval:ssg-test_file_permissions_mib_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_mib_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_mib_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing permissions" id="oval:ssg-test_file_permissions_root_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_root_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_root_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/rc*/* permissions" id="oval:ssg-test_file_permissions_etc_rc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_rc:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_run_control_scripts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/init.d/* permissions" id="oval:ssg-test_file_permissions_etc_initd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_etc_initd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_run_control_scripts:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing files referenced in /etc/shells permissions" id="oval:ssg-test_file_permissions_shell_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_shell_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_shell_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing SMTP log file permissions" id="oval:ssg-test_file_permissions_smtp_logs:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_smtp_logs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_smtp_logs:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing snmpd.conf permissions" id="oval:ssg-test_file_permissions_snmpd_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_snmpd_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_snmpd_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ssh/*key permissions" id="oval:ssg-test_file_permissions_ssh_private_host_keys:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_ssh_private_host_keys:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_ssh_private_host_keys:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /etc/ssh/*key.pub permissions" id="oval:ssg-test_file_permissions_ssh_public_host_keys:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_ssh_public_host_keys:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_ssh_public_host_keys:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing tftpd binary permissions" id="oval:ssg-test_file_permissions_tftp_binary:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_tftp_binary:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_tftp_binary:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="world writable files" id="oval:ssg-test_file_permissions_unauthorized_world_write:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_unauthorized_world_write:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing /usr/bin/ldd permissions" id="oval:ssg-test_file_permissions_usr_bin_ldd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_usr_bin_ldd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_usr_bin_ldd:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions" id="oval:ssg-test_file_permissions_usr_sbin_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_usr_sbin_dir:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_usr_sbin_dir:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions" id="oval:ssg-test_file_permissions_var_log:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_var_log:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_var_log:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions" id="oval:ssg-test_file_permissions_var_spool_at:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_var_spool_at:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_var_spool_at:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions" id="oval:ssg-test_file_permissions_var_yp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_var_yp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_var_yp:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="any_exist" comment="Testing permissions" id="oval:ssg-test_file_permissions_xauthority_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_xauthority_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_file_permissions_xauthority_files:ste:1"/>
    </unix:file_test>
    <unix:password_test check="all" check_existence="any_exist" comment="ftp shell" id="oval:ssg-test_ftp_anonymous_shell:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ftp_anonymous_shell:obj:1"/>
      <unix:state state_ref="oval:ssg-state_ftp_anonymous_shell:ste:1"/>
    </unix:password_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="default umask" id="oval:ssg-test_ftp_default_umask_gssftp:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_default_umask_gssftp:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="default umask" id="oval:ssg-test_ftp_default_umask_local_vsftpd:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_default_umask_local_vsftpd:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="default umask" id="oval:ssg-test_ftp_default_umask_anon_vsftpd:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_default_umask_anon_vsftpd:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the Banner[\s]+/etc/issue setting in the /etc/ssh/ftp_config file" id="oval:ssg-test_ftp_enable_warning_banner_gssftp:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ftp_enable_warning_banner_gssftp:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="correct banner in /etc/issue" id="oval:ssg-test_ftp_enable_warning_banner_gssftp_text:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_enable_warning_banner_gssftp_text:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the Banner[\s]+/etc/issue setting in the /etc/vsftpd/vsftpd.conf file" id="oval:ssg-test_ftp_enable_warning_banner_vsftpd:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ftp_enable_warning_banner_vsftpd:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="correct banner in /etc/issue" id="oval:ssg-test_ftp_enable_warning_banner_vsftpd_text:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_enable_warning_banner_vsftpd_text:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="gssftp users" id="oval:ssg-test_ftp_ftpusers_file_empty_gssftp:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_ftpusers_file_empty_gssftp:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="vsftpd users" id="oval:ssg-test_ftp_ftpusers_file_empty_vsftpd1:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_ftpusers_file_empty_vsftpd1:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="vsftpd users" id="oval:ssg-test_ftp_ftpusers_file_empty_vsftpd2:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_ftpusers_file_empty_vsftpd2:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="gssftp users" id="oval:ssg-test_ftp_ftpusers_file_exists_gssftp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ftp_ftpusers_file_exists_gssftp:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="vsftpd users" id="oval:ssg-test_ftp_ftpusers_file_exists_vsftpd1:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ftp_ftpusers_file_exists_vsftpd1:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="vsftpd users" id="oval:ssg-test_ftp_ftpusers_file_exists_vsftpd2:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ftp_ftpusers_file_exists_vsftpd2:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="gssftp log" id="oval:ssg-test_ftp_log_transactions_gssftp:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_log_transactions_gssftp:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="vsftpd log" id="oval:ssg-test_ftp_log_transactions_vsftpd:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ftp_log_transactions_vsftpd:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:xmlfilecontent_test check="all" comment="gnome screensaver is activated on idle" id="oval:ssg-test_gnome_screensaver_idle_activated:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_gnome_screensaver_idle_activated:obj:1"/>
      <ind:state state_ref="oval:ssg-state_activated_on_idle:ste:1"/>
    </ind:xmlfilecontent_test>
    <ind:xmlfilecontent_test check="all" comment="test screensaver timeout period" id="oval:ssg-test_gnome_screensaver_idle_delay:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_gnome_screensaver_idle_delay:obj:1"/>
      <ind:state state_ref="oval:ssg-state_gnome_screensaver_idle_delay:ste:1"/>
    </ind:xmlfilecontent_test>
    <ind:xmlfilecontent_test check="all" comment="screensaver lock is enabled" id="oval:ssg-test_screensaver_lock_enabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_screensaver_lock_enabled:obj:1"/>
      <ind:state state_ref="oval:ssg-state_screensaver_lock_enabled:ste:1"/>
    </ind:xmlfilecontent_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing mesg n or mesg -n in /etc/bashrc" id="oval:ssg-test_global_initialization_files_mesg_etc_bashrc:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_global_initialization_files_mesg_etc_bashrc:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing mesg n or mesg -n in /etc/csh.cshrc" id="oval:ssg-test_global_initialization_files_mesg_etc_csh_cshrc:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_global_initialization_files_mesg_etc_csh_cshrc:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing mesg n or mesg -n in /etc/csh.login" id="oval:ssg-test_global_initialization_files_mesg_etc_csh_login:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_global_initialization_files_mesg_etc_csh_login:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing mesg n or mesg -n in /etc/csh.logout" id="oval:ssg-test_global_initialization_files_mesg_etc_csh_logout:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_global_initialization_files_mesg_etc_csh_logout:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing mesg n or mesg -n in /etc/environment" id="oval:ssg-test_global_initialization_files_mesg_etc_environment:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_global_initialization_files_mesg_etc_environment:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing mesg n or mesg -n in /etc/ksh.kshrc" id="oval:ssg-test_global_initialization_files_mesg_etc_ksh_kshrc:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_global_initialization_files_mesg_etc_ksh_kshrc:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing mesg n or mesg -n in /etc/profile" id="oval:ssg-test_global_initialization_files_mesg_etc_profile:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_global_initialization_files_mesg_etc_profile:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing mesg n or mesg -n in /etc/suid_profile" id="oval:ssg-test_global_initialization_files_mesg_etc_suid_profile:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_global_initialization_files_mesg_etc_suid_profile:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing mesg n or mesg -n in /etc/profile.d/*" id="oval:ssg-test_global_initialization_files_mesg_etc_profiled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_global_initialization_files_mesg_etc_profiled:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:family_test check="all" check_existence="at_least_one_exists" comment="installed OS part of unix family" id="oval:ssg-test_centos4_unix_family:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_centos4_unix_family:obj:1"/>
      <ind:state state_ref="oval:ssg-state_centos4_unix_family:ste:1"/>
    </ind:family_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" comment="centos-release is version 4" id="oval:ssg-test_centos_4:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_centos_4:obj:1"/>
      <linux:state state_ref="oval:ssg-state_centos_4:ste:1"/>
    </linux:rpminfo_test>
    <ind:family_test check="all" check_existence="at_least_one_exists" comment="installed OS part of unix family" id="oval:ssg-test_centos5_unix_family:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_centos5_unix_family:obj:1"/>
      <ind:state state_ref="oval:ssg-state_centos5_unix_family:ste:1"/>
    </ind:family_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" comment="centos-release is version 5" id="oval:ssg-test_centos_5:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_centos_5:obj:1"/>
      <linux:state state_ref="oval:ssg-state_centos_5:ste:1"/>
    </linux:rpminfo_test>
    <ind:family_test check="all" check_existence="at_least_one_exists" comment="installed OS part of unix family" id="oval:ssg-test_rhel4_unix_family:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_rhel4_unix_family:obj:1"/>
      <ind:state state_ref="oval:ssg-state_rhel4_unix_family:ste:1"/>
    </ind:family_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" comment="redhat-release is version 4" id="oval:ssg-test_rhel_4:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_rhel_4:obj:1"/>
      <linux:state state_ref="oval:ssg-state_rhel_4:ste:1"/>
    </linux:rpminfo_test>
    <ind:family_test check="all" check_existence="at_least_one_exists" comment="installed OS part of unix family" id="oval:ssg-test_rhel5_unix_family:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_rhel5_unix_family:obj:1"/>
      <ind:state state_ref="oval:ssg-state_rhel5_unix_family:ste:1"/>
    </ind:family_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release-workstation is version 5" id="oval:ssg-test_rhel5_workstation:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_rhel5_workstation:obj:1"/>
      <linux:state state_ref="oval:ssg-state_rhel5_workstation:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release-server is version 5" id="oval:ssg-test_rhel5_server:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_rhel5_server:obj:1"/>
      <linux:state state_ref="oval:ssg-state_rhel5_server:ste:1"/>
    </linux:rpminfo_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check /etc/sysconfig/ip6tables for line -A INPUT -p icmpv6 -d ff02::1 --icmpv6-type 128 -j DROP" id="oval:ssg-test_ip6tables_input_icmpv6_broadcast:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ip6tables_input_icmpv6_broadcast:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:interface_test check="all" check_existence="any_exist" comment="Testing Point-To-Point Interfaces" id="oval:ssg-test_ip_6to4_tunnels:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ip_6to4_tunnels:obj:1"/>
      <unix:state state_ref="oval:ssg-state_ip_6to4_tunnels:ste:1"/>
    </unix:interface_test>
    <unix:process58_test check="all" check_existence="none_exist" comment="Testing miredo process existence" id="oval:ssg-test_ip_teredo:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ip_teredo:obj:1"/>
    </unix:process58_test>
    <unix:interface_test check="all" check_existence="any_exist" comment="Testing Point-To-Point Interfaces" id="oval:ssg-test_ip_tunnels:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ip_tunnels:obj:1"/>
      <unix:state state_ref="oval:ssg-state_ip_tunnels:ste:1"/>
    </unix:interface_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check /etc/sysconfig/iptables for line -A INPUT -j REJECT --reject-with icmp-host-prohibited" id="oval:ssg-test_iptables_input_reject_rule:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_iptables_input_reject_rule:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check /etc/sysconfig/iptables for --icmp-type timestamp-request" id="oval:ssg-test_iptables_timestamp_reject_rule_requests:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_iptables_timestamp_reject_rule_requests:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check /etc/sysconfig/iptables for --icmp-type timestamp-reply" id="oval:ssg-test_iptables_timestamp_reject_rule_replies:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_iptables_timestamp_reject_rule_replies:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_appletalk_modprobed:tst:1" version="1" check="all" comment="kernel module appletalk disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_appletalk_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_appletalk_modprobeconf:tst:1" version="1" check="all" comment="kernel module appletalk disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_appletalk_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_bluetooth_modprobed:tst:1" version="1" check="all" comment="kernel module bluetooth disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_bluetooth_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_bluetooth_modprobeconf:tst:1" version="1" check="all" comment="kernel module bluetooth disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_bluetooth_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_bridge_modprobed:tst:1" version="1" check="all" comment="kernel module bridge disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_bridge_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_bridge_modprobeconf:tst:1" version="1" check="all" comment="kernel module bridge disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_bridge_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_dccp_modprobed:tst:1" version="1" check="all" comment="kernel module dccp disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_dccp_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_dccp_modprobeconf:tst:1" version="1" check="all" comment="kernel module dccp disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_dccp_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_dccp_ipv4_modprobed:tst:1" version="1" check="all" comment="kernel module dccp_ipv4 disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_dccp_ipv4_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_dccp_ipv4_modprobeconf:tst:1" version="1" check="all" comment="kernel module dccp_ipv4 disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_dccp_ipv4_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_dccp_ipv6_modprobed:tst:1" version="1" check="all" comment="kernel module dccp_ipv6 disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_dccp_ipv6_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_dccp_ipv6_modprobeconf:tst:1" version="1" check="all" comment="kernel module dccp_ipv6 disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_dccp_ipv6_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_ieee1394_modprobed:tst:1" version="1" check="all" comment="kernel module ieee1394 disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_ieee1394_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_ieee1394_modprobeconf:tst:1" version="1" check="all" comment="kernel module ieee1394 disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_ieee1394_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_ipv6_modprobed:tst:1" version="1" check="all" comment="kernel module ipv6 disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_ipv6_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_ipv6_modprobeconf:tst:1" version="1" check="all" comment="kernel module ipv6 disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_ipv6_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_rds_modprobed:tst:1" version="1" check="all" comment="kernel module rds disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_rds_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_rds_modprobeconf:tst:1" version="1" check="all" comment="kernel module rds disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_rds_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_sctp_modprobed:tst:1" version="1" check="all" comment="kernel module sctp disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_sctp_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_sctp_modprobeconf:tst:1" version="1" check="all" comment="kernel module sctp disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_sctp_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_tipc_modprobed:tst:1" version="1" check="all" comment="kernel module tipc disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_tipc_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_tipc_modprobeconf:tst:1" version="1" check="all" comment="kernel module tipc disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_tipc_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_usb-storage_modprobed:tst:1" version="1" check="all" comment="kernel module usb-storage disabled">
      <ind:object object_ref="oval:ssg-obj_kernmod_usb-storage_modprobed:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_kernmod_usb-storage_modprobeconf:tst:1" version="1" check="all" comment="kernel module usb-storage disabled in /etc/modprobe.conf">
      <ind:object object_ref="oval:ssg-obj_kernmod_usb-storage_modprobeconf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of bindpw in the /etc/ldap.conf file" id="oval:ssg-test_ldap_client_bindpw:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_bindpw:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the ldap setting in the /etc/nsswitch.conf file" id="oval:ssg-test_ldap_client_start_tls_nsswitch:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_start_tls_nsswitch:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the value of the ssl start_tls setting in the /etc/ldap.conf file" id="oval:ssg-test_ldap_client_start_tls_ssl:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_start_tls_ssl:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Tests the value of the tls_ciphers setting in the /etc/ldap.conf file" id="oval:ssg-test_ldap_client_start_tls_ciphers:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_start_tls_ciphers:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the ldap setting in the /etc/nsswitch.conf file" id="oval:ssg-test_ldap_client_tls_cert_nsswitch:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_tls_cert_nsswitch:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the tls_cert setting in the /etc/ldap.conf file" id="oval:ssg-test_ldap_client_tls_cert:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_tls_cert:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the ldap setting in the /etc/nsswitch.conf file" id="oval:ssg-test_ldap_client_tls_checkpeer_nsswitch:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_tls_checkpeer_nsswitch:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the tls_checkpeer setting in the /etc/ldap.conf file" id="oval:ssg-test_ldap_client_tls_checkpeer:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_tls_checkpeer:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the ldap setting in the /etc/nsswitch.conf file" id="oval:ssg-test_ldap_client_tls_crlcheck_nsswitch:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_tls_crlcheck_nsswitch:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the tls_crlcheck setting in the /etc/ldap.conf file" id="oval:ssg-test_ldap_client_tls_crlcheck:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ldap_client_tls_crlcheck:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if logrotate is executed" id="oval:ssg-test_logrotate_rotate_all_files_etc_crontab:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_logrotate_rotate_all_files_etc_crontab:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if logrotate is executed" id="oval:ssg-test_logrotate_rotate_all_files_etc_cron_d:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_logrotate_rotate_all_files_etc_cron_d:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if logrotate is executed" id="oval:ssg-test_logrotate_rotate_all_files_etc_cron_hourly:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_logrotate_rotate_all_files_etc_cron_hourly:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if logrotate is executed" id="oval:ssg-test_logrotate_rotate_all_files_etc_cron_daily:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_logrotate_rotate_all_files_etc_cron_daily:obj:1"/>
    </ind:textfilecontent54_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" comment="Installed version of sendmail is greater than 8.13.8-8" id="oval:ssg-test_mail_debug_enabled:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_mail_debug_enabled:obj:1"/>
      <linux:state state_ref="oval:ssg-state_mail_debug_enabled:ste:1"/>
    </linux:rpminfo_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="decode and uudecode in /etc/aliases should not include file paths" id="oval:ssg-test_mail_decode_active:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_decode_active:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="PrivacyOptions in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-test_mail_expn_active_sendmail:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_expn_active_sendmail:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="ForwardPath in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-test_mail_forward_files_sendmail:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_forward_files_sendmail:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing .forward files" id="oval:ssg-test_mail_forward_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_mail_forward_files:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="/etc/mail/helpfile must be empty" id="oval:ssg-test_mail_help_command_sendmail:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_help_command_sendmail:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="mail in /etc/syslog.conf should be set correctly" id="oval:ssg-test_mail_log_enabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_log_enabled:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="LogLevel in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-test_mail_log_level_sendmail:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_log_level_sendmail:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="DaemonPortOptions in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-test_mail_external_enabled_sendmail:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_external_enabled_sendmail:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="promiscuous_relay in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-test_mail_relaying_disabled_sendmail:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_relaying_disabled_sendmail:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="inet_interfaces in /etc/postfix/main.cf should be set correctly" id="oval:ssg-test_mail_external_enabled_postfix:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_external_enabled_postfix:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="smtpd_client_restrictions in /etc/postfix/main.cf should be set correctly" id="oval:ssg-test_mail_relaying_disabled_postfix:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_relaying_disabled_postfix:obj:1"/>
    </ind:textfilecontent54_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" comment="Installed version of sendmail is greater than 8.13.8-8" id="oval:ssg-test_mail_up_to_date_sendmail:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_mail_up_to_date_sendmail:obj:1"/>
      <linux:state state_ref="oval:ssg-state_mail_up_to_date_sendmail:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" comment="Installed version of postfix is greater than 2.3.3-6" id="oval:ssg-test_mail_up_to_date_postfix:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_mail_up_to_date_postfix:obj:1"/>
      <linux:state state_ref="oval:ssg-state_mail_up_to_date_postfix:ste:1"/>
    </linux:rpminfo_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="SmtpGreetingMessage in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-test_mail_version_info_sendmail:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_version_info_sendmail:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="smtpd_banner in /etc/postfix/main.cf should be set correctly" id="oval:ssg-test_mail_version_info_postfix:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_version_info_postfix:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="PrivacyOptions in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-test_mail_vrfy_active_sendmail:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_mail_vrfy_active_sendmail:obj:1"/>
    </ind:textfilecontent54_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" comment="Installed version of sendmail is greater than 8.13.8-8" id="oval:ssg-test_mail_wiz_active:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_mail_wiz_active:obj:1"/>
      <linux:state state_ref="oval:ssg-state_mail_wiz_active:ste:1"/>
    </linux:rpminfo_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="all nfs has nodev" id="oval:ssg-test_nfs_nodev_etc_fstab:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nfs_nodev_etc_fstab:obj:1"/>
      <ind:state state_ref="oval:ssg-state_remote_filesystem_nodev:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="no nfs" id="oval:ssg-test_no_nfs_defined_etc_fstab_nodev:tst:1" version="1">
      <!-- this test returns 'true' if /etc/fstab does not contain nfs/nfs4 mounts -->
      <ind:object object_ref="oval:ssg-object_no_nfs_defined_etc_fstab_nodev:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="all nfs has nosuid" id="oval:ssg-test_nfs_nosuid_etc_fstab:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nfs_nosuid_etc_fstab:obj:1"/>
      <ind:state state_ref="oval:ssg-state_remote_filesystem_nosuid:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="no nfs" id="oval:ssg-test_no_nfs_defined_etc_fstab_nosuid:tst:1" version="1">
      <!-- this test returns 'true' if /etc/fstab does not contain nfs/nfs4 mounts -->
      <ind:object object_ref="oval:ssg-object_no_nfs_defined_etc_fstab_nosuid:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Look for argument 'NETWORKING_IPV6=no' in /etc/sysconfig/network" id="oval:ssg-test_network_ipv6_default_gateway_ipv6_disabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_network_ipv6_default_gateway_ipv6_disabled:obj:1"/>
      <ind:state state_ref="oval:ssg-state_network_ipv6_default_gateway_ipv6_disabled:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the IPV6_DEFAULTGW expression in the /etc/sysconfig/network-scripts/ifcfg-.* files" id="oval:ssg-test_network_ipv6_default_gateway:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_network_ipv6_default_gateway:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Look for argument 'NETWORKING_IPV6=no' in /etc/sysconfig/network" id="oval:ssg-test_network_ipv6_disable_interfaces_conf:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_network_ipv6_disable_interfaces_conf:obj:1"/>
      <ind:state state_ref="oval:ssg-state_network_ipv6_disable_interfaces_conf:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="make sure ro or rw options are used in /etc/exports" id="oval:ssg-test_nfs_enforce_host_access:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nfs_enforce_host_access:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="NFS Mount Points" id="oval:ssg-test_nfs_mount_option_nosuid_remote_filesystems:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nfs_mount_option_nosuid_remote_filesystems:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="/etc/exports is empty" id="oval:ssg-test_nfs_no_anonymous_empty:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nfs_no_anonymous_empty:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="make sure anonuid and anongid options are used in /etc/exports" id="oval:ssg-test_nfs_no_anonymous:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nfs_no_anonymous:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="make sure insecure_locks is not used in /etc/exports" id="oval:ssg-test_nfs_no_insecure_locks_exports:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nfs_no_insecure_locks_exports:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="make sure no_root_squash is not used in /etc/exports" id="oval:ssg-test_nfs_use_root_squashing_all_exports_no_root_squash:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nfs_use_root_squashing_all_exports_no_root_squash:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="make sure root_squash or all_squash is used in /etc/exports" id="oval:ssg-test_nfs_use_root_squashing_all_exports_squash:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_nfs_use_root_squashing_all_exports_squash:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="make sure nullok is not used in /etc/pam.d/system-auth" id="oval:ssg-test_no_empty_passwords_system_auth:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_no_empty_passwords_system_auth:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="make sure nullok is not used in /etc/pam.d/system-auth-ac" id="oval:ssg-test_no_empty_passwords_system_auth_ac:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_no_empty_passwords_system_auth_ac:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Check user ids on all files on the system" id="oval:ssg-no_files_unowned_by_user_test:tst:1" version="1">
      <unix:object object_ref="oval:ssg-file_permissions_unowned_object:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="at_least_one_exists" comment="look for .netrc in /home" id="oval:ssg-test_no_netrc_files_home:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_no_netrc_files_home:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="Testing permissions" id="oval:ssg-test_no_root_webbrowsing:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_no_root_webbrowsing:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="at_least_one_exists" comment="look for .rhosts or .shosts in /root" id="oval:ssg-test_no_rsh_trust_files_root:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_no_rsh_trust_files_root:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="at_least_one_exists" comment="look for .rhosts or .shosts in /home" id="oval:ssg-test_no_rsh_trust_files_home:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_no_rsh_trust_files_home:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="at_least_one_exists" comment="look for /etc/hosts.equiv or /etc/shosts.equiv" id="oval:ssg-test_no_rsh_trust_files_etc:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_no_rsh_trust_files_etc:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Ensure at least one NTP server is set" id="oval:ssg-test_ntp_multiple_remote_servers:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ntp_multiple_remote_servers:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Ensure at least one NTP server is set" id="oval:ssg-test_ntp_remote_server:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ntp_remote_server:obj:1"/>
    </ind:textfilecontent54_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_autofs_removed:tst:1" version="1" comment="package autofs is removed">
      <linux:object object_ref="oval:ssg-obj_package_autofs_removed:obj:1"/>
    </linux:rpminfo_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/usr/local/uvscan/uvscan exists" id="oval:ssg-test_package_uvscan_installed:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_usr_local_uvscan:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" comment="check if uvscan is executed" id="oval:ssg-test_uvscan_periodic_cron_checking_etc_crontab:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_uvscan_periodic_cron_checking_etc_crontab:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if uvscan is executed" id="oval:ssg-test_uvscan_periodic_cron_checking_etc_cron_d:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_uvscan_periodic_cron_checking_etc_cron_d:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if uvscan is executed" id="oval:ssg-test_uvscan_periodic_cron_checking_etc_cron_hourly:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_uvscan_periodic_cron_checking_etc_cron_hourly:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check if uvscan is executed" id="oval:ssg-test_uvscan_periodic_cron_checking_etc_cron_daily:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_uvscan_periodic_cron_checking_etc_cron_daily:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/opt/NAI/LinuxShield/bin/nails exists" id="oval:ssg-test_package_linuxshield_installed:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_opt_nai_linuxshield_bin_nails:obj:1"/>
    </unix:file_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_mfehiplsm_installed:tst:1" version="1" comment="package MFEhiplsm is installed">
      <linux:object object_ref="oval:ssg-obj_package_mfehiplsm_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_iptables_installed:tst:1" version="1" comment="package iptables is installed">
      <linux:object object_ref="oval:ssg-obj_package_iptables_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_kexec-tools_removed:tst:1" version="1" comment="package kexec-tools is removed">
      <linux:object object_ref="oval:ssg-obj_package_kexec-tools_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_krb5-workstation_removed:tst:1" version="1" comment="package krb5-workstation is removed">
      <linux:object object_ref="oval:ssg-obj_package_krb5-workstation_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_openssh-clients_removed:tst:1" version="1" comment="package openssh-clients is removed">
      <linux:object object_ref="oval:ssg-obj_package_openssh-clients_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_openssh-server_removed:tst:1" version="1" comment="package openssh-server is removed">
      <linux:object object_ref="oval:ssg-obj_package_openssh-server_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_postfix_installed:tst:1" version="1" comment="package postfix is installed">
      <linux:object object_ref="oval:ssg-obj_package_postfix_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_portmap_removed:tst:1" version="1" comment="package portmap is removed">
      <linux:object object_ref="oval:ssg-obj_package_portmap_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_rpcbind_removed:tst:1" version="1" comment="package rpcbind is removed">
      <linux:object object_ref="oval:ssg-obj_package_rpcbind_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_rsh-server_removed:tst:1" version="1" comment="package rsh-server is removed">
      <linux:object object_ref="oval:ssg-obj_package_rsh-server_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_samba-common_removed:tst:1" version="1" comment="package samba is removed">
      <linux:object object_ref="oval:ssg-obj_package_samba-common_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_samba3x-common_removed:tst:1" version="1" comment="package samba3x is removed">
      <linux:object object_ref="oval:ssg-obj_package_samba3x-common_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_samba-swat_removed:tst:1" version="1" comment="package samba-swat is removed">
      <linux:object object_ref="oval:ssg-obj_package_samba-swat_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_samba3x-swat_removed:tst:1" version="1" comment="package samba3x-swat is removed">
      <linux:object object_ref="oval:ssg-obj_package_samba3x-swat_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_samba_removed:tst:1" version="1" comment="package samba is removed">
      <linux:object object_ref="oval:ssg-obj_package_samba_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_samba3x_removed:tst:1" version="1" comment="package samba3x is removed">
      <linux:object object_ref="oval:ssg-obj_package_samba3x_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_sendmail_installed:tst:1" version="1" comment="package sendmail is installed">
      <linux:object object_ref="oval:ssg-obj_package_sendmail_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_telnet-server_removed:tst:1" version="1" comment="package telnet-server is removed">
      <linux:object object_ref="oval:ssg-obj_package_telnet-server_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_tftp-server_removed:tst:1" version="1" comment="package tftp-server is removed">
      <linux:object object_ref="oval:ssg-obj_package_tftp-server_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_vsftpd_removed:tst:1" version="1" comment="package vsftpd is removed">
      <linux:object object_ref="oval:ssg-obj_package_vsftpd_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_xinetd_removed:tst:1" version="1" comment="package xinetd is removed">
      <linux:object object_ref="oval:ssg-obj_package_xinetd_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_ypbind_removed:tst:1" version="1" comment="package ypbind is removed">
      <linux:object object_ref="oval:ssg-obj_package_ypbind_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_yum-updatesd_removed:tst:1" version="1" comment="package yum-updatesd is removed">
      <linux:object object_ref="oval:ssg-obj_package_yum-updatesd_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_home_partition:tst:1" version="1" comment="/home on own partition">
      <linux:object object_ref="oval:ssg-object_mount_home_own_partition:obj:1"/>
    </linux:partition_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_tmp_partition:tst:1" version="1" comment="/tmp on own partition">
      <linux:object object_ref="oval:ssg-object_own_tmp_partition:obj:1"/>
    </linux:partition_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_var_partition:tst:1" version="1" comment="/var on own partition">
      <linux:object object_ref="oval:ssg-object_mount_var_own_partition:obj:1"/>
    </linux:partition_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_var_log_audit_partition:tst:1" version="1" comment="check for /var/log/audit partition">
      <linux:object object_ref="oval:ssg-object_mount_var_log_audit_own_partition:obj:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests that the SINGLE variable in the /etc/inittab file is set to /sbin/sulogin, to ensure that a password must be entered to access single user mode" id="oval:ssg-test_require_singleuser_auth:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_require_singleuser_auth:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:password_test check="all" check_existence="none_exist" comment="Testing existence of shutdown, halt, and reboot user accounts" id="oval:ssg-test_restricted_accounts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_restricted_accounts:obj:1"/>
    </unix:password_test>
    <unix:password_test check="all" check_existence="none_exist" comment="Testing existence of shutdown, halt, and reboot user accounts" id="oval:ssg-test_restricted_accounts_ftp:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_restricted_accounts_ftp:obj:1"/>
    </unix:password_test>
    <unix:password_test check="all" check_existence="none_exist" comment="Testing existence of shutdown, halt, and reboot user accounts" id="oval:ssg-test_restricted_accounts_games:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_restricted_accounts_games:obj:1"/>
    </unix:password_test>
    <unix:password_test check="all" check_existence="none_exist" comment="Testing existence of shutdown, halt, and reboot user accounts" id="oval:ssg-test_restricted_accounts_gopher:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_restricted_accounts_gopher:obj:1"/>
    </unix:password_test>
    <unix:password_test check="all" check_existence="none_exist" comment="Testing existence of shutdown, halt, and reboot user accounts" id="oval:ssg-test_restricted_accounts_news:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_restricted_accounts_news:obj:1"/>
    </unix:password_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Check for rhosts_auth entries." id="oval:ssg-test_rhosts_auth_pam_files:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_rhosts_auth_pam_files:obj:1"/>
    </ind:textfilecontent54_test>
    <linux:rpmverifyfile_test check_existence="none_exist" id="oval:ssg-test_files_fail_md5_hash:tst:1" version="1" check="all" comment="verify file md5 hashes">
      <linux:object object_ref="oval:ssg-object_files_fail_md5_hash:obj:1"/>
    </linux:rpmverifyfile_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="samba access" id="oval:ssg-test_samba_encrypt_passwords_option:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_samba_encrypt_passwords_option:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="samba access" id="oval:ssg-test_samba_guest_ok_option:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_samba_guest_ok_option:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="samba access" id="oval:ssg-test_samba_hosts_option:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_samba_hosts_option:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="samba access" id="oval:ssg-test_samba_security_option:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_samba_security_option:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="samba-swat disabled" id="oval:ssg-test_samba-swat_restricted_disabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_samba-swat_restricted_disabled:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="samba-swat access" id="oval:ssg-test_samba-swat_restricted_access:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_samba-swat_restricted_access:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="only_one_exists" comment="virtual consoles /etc/securetty" id="oval:ssg-test_virtual_consoles_etc_securetty:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_virtual_consoles_etc_securetty:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="/selinux/enforce is 1" id="oval:ssg-test_selinux_enforcing:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_selinux_enforcing:obj:1"/>
      <ind:state state_ref="oval:ssg-state_selinux_enforcing:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of SELINUXTYPE in the /etc/selinux/config file" id="oval:ssg-test_selinuxtype_targeted:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_selinuxtype_targeted:obj:1"/>
      <ind:state state_ref="oval:ssg-state_selinuxtype_targeted:ste:1"/>
    </ind:textfilecontent54_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_auditd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_auditd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_auditd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_auditd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_auditd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_auditd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_auditd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_auditd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_auditd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_auditd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_auditd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_auditd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_auditd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_auditd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_auditd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_autofs:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_autofs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_autofs_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_autofs:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_autofs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_autofs_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_autofs:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_autofs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_autofs_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_autofs:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_autofs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_autofs_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_autofs:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_autofs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_autofs_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_autofs:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_autofs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_autofs_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_autofs:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_autofs:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_autofs_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_dovecot:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_dovecot:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_dovecot_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_dovecot:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_dovecot:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_dovecot_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_dovecot:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_dovecot:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_dovecot_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_dovecot:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_dovecot:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_dovecot_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_dovecot:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_dovecot:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_dovecot_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_dovecot:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_dovecot:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_dovecot_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_dovecot:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_dovecot:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_dovecot_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_iptables:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_iptables:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_iptables_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_iptables:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_iptables:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_iptables_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_iptables:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_iptables:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_iptables_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_iptables:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_iptables:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_iptables_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_iptables:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_iptables:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_iptables_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_iptables:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_iptables:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_iptables_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_iptables:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_iptables:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_iptables_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_kdump:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_kdump:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_kdump_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_kdump:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_kdump:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_kdump_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_kdump:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_kdump:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_kdump_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_kdump:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_kdump:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_kdump_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_kdump:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_kdump:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_kdump_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_kdump:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_kdump:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_kdump_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_kdump:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_kdump:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_kdump_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_ntpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_ntpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ntpd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_ntpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_ntpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ntpd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_ntpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_ntpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ntpd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_ntpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_ntpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ntpd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_ntpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_ntpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ntpd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_ntpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_ntpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ntpd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_ntpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_ntpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ntpd_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_postfix:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_postfix:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_postfix_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_postfix:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_postfix:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_postfix_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_postfix:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_postfix:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_postfix_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_postfix:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_postfix:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_postfix_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_postfix:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_postfix:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_postfix_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_postfix:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_postfix:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_postfix_on:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_postfix:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_postfix:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_postfix_on:ste:1"/>
    </unix:runlevel_test>
    <ind:textfilecontent54_test check="all" comment="rexec disabled" id="oval:ssg-test_etc_xinetd_rexec_disabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_xinetd_rexec_disabled:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="rlogin disabled" id="oval:ssg-test_etc_xinetd_rlogin_disabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_xinetd_rlogin_disabled:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_portmap:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_portmap:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_portmap_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_portmap:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_portmap:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_portmap_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_portmap:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_portmap:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_portmap_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_portmap:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_portmap:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_portmap_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_portmap:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_portmap:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_portmap_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_portmap:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_portmap:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_portmap_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_portmap:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_portmap:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_portmap_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_rpcbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_rpcbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_rpcbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_rpcbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_rpcbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_rpcbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_rpcbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_rpcbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_rpcbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_rpcbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_rpcbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_rpcbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_rpcbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_rpcbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_rpcbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_rpcbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_rpcbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_rpcbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_rpcbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_rpcbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_rpcbind_off:ste:1"/>
    </unix:runlevel_test>
    <ind:textfilecontent54_test check="all" comment="rsh disabled" id="oval:ssg-test_etc_xinetd_rsh_disabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_xinetd_rsh_disabled:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_sshd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_sshd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_sshd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_sshd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_sshd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_sshd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_sshd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_sshd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_sshd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_sshd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_sshd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_sshd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_sshd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_sshd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_sshd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_sshd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_sshd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_sshd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_sshd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_sshd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_sshd_off:ste:1"/>
    </unix:runlevel_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Disable Telnet Service" id="oval:ssg-test_disable_telnet_service:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_disable_telnet_service:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_tftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_tftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_tftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_tftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_tftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_tftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_tftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_tftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_tftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_tftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_tftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_tftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_tftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_tftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_tftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_tftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_tftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_tftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_tftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_tftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_tftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_gssftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_gssftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_gssftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_gssftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_gssftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_gssftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_gssftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_gssftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_gssftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_gssftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_gssftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_gssftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_gssftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_gssftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_gssftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_gssftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_gssftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_gssftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_gssftp:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_gssftp:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_gssftp_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_vsftpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_vsftpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_vsftpd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_vsftpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_vsftpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_vsftpd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_vsftpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_vsftpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_vsftpd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_vsftpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_vsftpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_vsftpd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_vsftpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_vsftpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_vsftpd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_vsftpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_vsftpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_vsftpd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_vsftpd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_vsftpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_vsftpd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_xinetd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_xinetd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_xinetd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_xinetd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_xinetd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_xinetd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_xinetd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_xinetd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_xinetd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_xinetd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_xinetd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_xinetd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_xinetd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_xinetd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_xinetd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_xinetd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_xinetd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_xinetd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_xinetd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_xinetd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_xinetd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_ypbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_ypbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ypbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_ypbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_ypbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ypbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_ypbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_ypbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ypbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_ypbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_ypbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ypbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_ypbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_ypbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ypbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_ypbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_ypbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ypbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_ypbind:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_ypbind:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_ypbind_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel0_yum-updatesd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel0_yum-updatesd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_yum-updatesd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel1_yum-updatesd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel1_yum-updatesd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_yum-updatesd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel2_yum-updatesd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel2_yum-updatesd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_yum-updatesd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel3_yum-updatesd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel3_yum-updatesd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_yum-updatesd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel4_yum-updatesd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel4_yum-updatesd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_yum-updatesd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel5_yum-updatesd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel5_yum-updatesd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_yum-updatesd_off:ste:1"/>
    </unix:runlevel_test>
    <unix:runlevel_test check="all" check_existence="any_exist" comment="Runlevel test" id="oval:ssg-test_runlevel6_yum-updatesd:tst:1" version="2">
      <unix:object object_ref="oval:ssg-obj_runlevel6_yum-updatesd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_service_yum-updatesd_off:ste:1"/>
    </unix:runlevel_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check /etc/pam.d/system-auth for correct settings" id="oval:ssg-test_set_password_hashing_algorithm_systemauth:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_set_password_hashing_algorithm_systemauth:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check /etc/pam.d/system-auth-ac for correct settings" id="oval:ssg-test_set_password_hashing_algorithm_systemauthac:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_set_password_hashing_algorithm_systemauthac:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing login shells in /etc/shells" id="oval:ssg-test_shells_file_references:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_shells_file_references:obj:1"/>
      <ind:state state_ref="oval:ssg-state_shells_file_references:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Testing snmpd.conf permissions" id="oval:ssg-test_snmpd_not_default_password:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_snmpd_not_default_password:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Testing snmpd.conf permissions" id="oval:ssg-test_snmpd_use_approved_encryption:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_snmpd_use_approved_encryption:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Testing snmpd.conf permissions" id="oval:ssg-test_snmpd_use_approved_hash:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_snmpd_use_approved_hash:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Testing snmpd.conf permissions" id="oval:ssg-test_snmpd_use_newer_protocol:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_snmpd_use_newer_protocol:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="GSSAPIAuthentication equals no" id="oval:ssg-test_ssh_gssapiauthentication:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ssh_gssapiauthentication:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="tests the value of Ciphers setting in the /etc/ssh/ssh_config file" id="oval:ssg-test_ssh_no_cbc:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ssh_no_cbc:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="ssh uses protocol 2" id="oval:ssg-test_ssh_protocol_2:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_ssh_protocol_2:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="tests the value of Ciphers setting in the /etc/ssh/ssh_config file" id="oval:ssg-test_ssh_use_approved_ciphers:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ssh_use_approved_ciphers:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="tests the value of Macs setting in the /etc/ssh/ssh_config file" id="oval:ssg-test_ssh_use_approved_macs:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_ssh_use_approved_macs:obj:1"/>
      <ind:state state_ref="oval:ssg-state_ssh_use_approved_macs:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Compression equals no or delayed" id="oval:ssg-test_sshd_compression:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_compression:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the PermitRootLogin[\s]*(&lt;:nocomment:&gt;*) setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_permitrootlogin_yes:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_permitrootlogin_yes:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the PermitRootLogin[\s]*(&lt;:nocomment:&gt;*) setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_permitrootlogin_no:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_permitrootlogin_no:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the Banner[\s]+/etc/issue setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_banner_set:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_banner_set:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="GSSAPIAuthentication equals no" id="oval:ssg-test_sshd_gssapiauthentication:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_gssapiauthentication:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="sshd exists" id="oval:ssg-test_sshd_ipfiltering_allow:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_ipfiltering_allow:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="sshd exists" id="oval:ssg-test_sshd_ipfiltering_deny:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_ipfiltering_deny:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="KerberosAuthentication equals no" id="oval:ssg-test_sshd_kerberosauthentication:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_kerberosauthentication:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="ListenAddress includes an IP" id="oval:ssg-test_sshd_listen_addresses:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_listen_addresses:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="tests the value of Ciphers setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_no_cbc:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_no_cbc:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="pam_lastlog exists and does not include the silent option" id="oval:ssg-test_sshd_pam_lastlog:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_pam_lastlog:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="PrintLastLog equals no does not exist" id="oval:ssg-test_sshd_printlastlog:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_printlastlog:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="UsePrivilegeSeparation equals yes" id="oval:ssg-test_sshd_privilegeseparation:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_privilegeseparation:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="sshd uses protocol 2" id="oval:ssg-test_sshd_protocol_2:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_protocol_2:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="RhostsRSAAuthentication equals no" id="oval:ssg-test_sshd_rhostsrsaauthentication:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_rhostsrsaauthentication:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="StrictModes equals yes" id="oval:ssg-test_sshd_strictmodes:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_strictmodes:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="tests the value of Ciphers setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_use_approved_ciphers:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_use_approved_ciphers:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="tests the value of Macs setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_use_approved_macs:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_use_approved_macs:obj:1"/>
      <ind:state state_ref="oval:ssg-state_sshd_use_approved_macs:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="pam_access exists and does not include the silent option" id="oval:ssg-test_sshd_pam_access:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_pam_access:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="AllowGroups or AllowUsers exist" id="oval:ssg-test_sshd_users_groups:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_users_groups:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing for pam_wheel.so in /etc/pam.d/su" id="oval:ssg-test_sudo_wheel:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sudo_wheel:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the ^[\s]*BOOTPROTO[\s]*=[\s]*([^#]*) expression in the /etc/sysconfig/network-scripts/ifcfg-.* file" id="oval:ssg-test_sysconfig_networking_bootproto_ifcfg:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sysconfig_networking_bootproto_ifcfg:obj:1"/>
      <ind:state state_ref="oval:ssg-state_sysconfig_networking_bootproto_ifcfg:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the ^[\s]*USERCTL[\s]*=[\s]*([^#]*) expression in the /etc/sysconfig/network-scripts/ifcfg-.* file" id="oval:ssg-test_sysconfig_networking_userctl_ifcfg:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sysconfig_networking_userctl_ifcfg:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="kernel.exec-shield static configuration" id="oval:ssg-test_static_sysctl_kernel_execshield:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_kernel_execshield:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter kernel.exec-shield set to 1" id="oval:ssg-test_runtime_sysctl_kernel_execshield:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_kernel_execshield:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_kernel_execshield:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="kernel.exec-shield static configuration" id="oval:ssg-test_static_sysctl_kernel_exec_shield:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_kernel_exec_shield:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter kernel.exec-shield set to 1" id="oval:ssg-test_runtime_sysctl_kernel_exec_shield:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_kernel_exec_shield:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_kernel_exec_shield:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="kernel.randomize_va_space static configuration" id="oval:ssg-test_static_sysctl_kernel_randomize_va_space:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_kernel_randomize_va_space:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter kernel.randomize_va_space set to 1" id="oval:ssg-test_runtime_sysctl_kernel_randomize_va_space:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_kernel_randomize_va_space:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_kernel_randomize_va_space:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.conf.all.accept_redirects static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_conf_all_accept_redirects:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_conf_all_accept_redirects:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_redirects set to 0" id="oval:ssg-test_runtime_sysctl_net_ipv4_conf_all_accept_redirects:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_conf_all_accept_redirects:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_conf_all_accept_redirects:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.conf.default.accept_redirects static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_conf_default_accept_redirects:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_conf_default_accept_redirects:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_redirects set to 0" id="oval:ssg-test_runtime_sysctl_net_ipv4_conf_default_accept_redirects:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_conf_default_accept_redirects:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_conf_default_accept_redirects:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.conf.all.accept_source_route static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_conf_all_accept_source_route:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_conf_all_accept_source_route:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.accept_source_route set to 0" id="oval:ssg-test_runtime_sysctl_net_ipv4_conf_all_accept_source_route:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_conf_all_accept_source_route:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_conf_all_accept_source_route:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.conf.default.accept_source_route static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_conf_default_accept_source_route:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_conf_default_accept_source_route:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.accept_source_route set to 0" id="oval:ssg-test_runtime_sysctl_net_ipv4_conf_default_accept_source_route:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_conf_default_accept_source_route:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_conf_default_accept_source_route:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.conf.all.log_martians static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_conf_all_log_martians:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_conf_all_log_martians:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.log_martians set to 1" id="oval:ssg-test_runtime_sysctl_net_ipv4_conf_all_log_martians:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_conf_all_log_martians:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_conf_all_log_martians:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.conf.default.log_martians static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_conf_default_log_martians:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_conf_default_log_martians:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.log_martians set to 1" id="oval:ssg-test_runtime_sysctl_net_ipv4_conf_default_log_martians:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_conf_default_log_martians:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_conf_default_log_martians:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.conf.all.send_redirects static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_conf_all_send_redirects:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_conf_all_send_redirects:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.all.send_redirects set to 0" id="oval:ssg-test_runtime_sysctl_net_ipv4_conf_all_send_redirects:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_conf_all_send_redirects:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_conf_all_send_redirects:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.conf.default.send_redirects static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_conf_default_send_redirects:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_conf_default_send_redirects:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.conf.default.send_redirects set to 0" id="oval:ssg-test_runtime_sysctl_net_ipv4_conf_default_send_redirects:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_conf_default_send_redirects:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_conf_default_send_redirects:ste:1"/>
    </unix:sysctl_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.icmp_echo_ignore_broadcasts set to 1" id="oval:ssg-test_runtime_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.icmp_echo_ignore_broadcasts static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.ip_forward set to 0" id="oval:ssg-test_runtime_sysctl_net_ipv4_ip_forward:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_ip_forward:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_ip_forward:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.ip_forward static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_ip_forward:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_ip_forward:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.tcp_max_syn_backlog set to 1280" id="oval:ssg-test_runtime_sysctl_net_ipv4_tcp_max_syn_backlog:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_tcp_max_syn_backlog:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_tcp_max_syn_backlog:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.tcp_max_syn_backlog static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_tcp_max_syn_backlog:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_tcp_max_syn_backlog:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv4.tcp_syncookies set to 1" id="oval:ssg-test_runtime_sysctl_net_ipv4_tcp_syncookies:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv4_tcp_syncookies:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv4_tcp_syncookies:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv4.tcp_syncookies static configuration" id="oval:ssg-test_static_sysctl_net_ipv4_tcp_syncookies:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv4_tcp_syncookies:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test check="all" check_existence="all_exist" comment="kernel runtime parameter net.ipv6.conf.all.accept_redirects set to 0" id="oval:ssg-test_runtime_sysctl_net_ipv6_conf_all_accept_redirects:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_sysctl_net_ipv6_conf_all_accept_redirects:obj:1"/>
      <unix:state state_ref="oval:ssg-state_sysctl_net_ipv6_conf_all_accept_redirects:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv6.conf.all.accept_redirects static configuration" id="oval:ssg-test_static_sysctl_net_ipv6_conf_all_accept_redirects:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv6_conf_all_accept_redirects:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv6.conf.all.forwarding static configuration" id="oval:ssg-test_static_sysctl_net_ipv6_conf_forwarding_all:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv6_conf_forwarding_all:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="net.ipv6.conf.default.forwarding static configuration" id="oval:ssg-test_static_sysctl_net_ipv6_conf_forwarding_default:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctl_net_ipv6_conf_forwarding_default:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of '-r' for 'SYSLOGD_OPTIONS' in /etc/sysconfig/syslog" id="oval:ssg-test_syslog_nolisten:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_syslog_nolisten:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the \*\.\*[\s]+@ setting in the /etc/syslog.conf file" id="oval:ssg-test_syslog_remote_loghost:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_syslog_remote_loghost:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing /etc/hosts.allow existence" id="oval:ssg-test_system_access_control_hosts_allow_exists:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_system_access_control_hosts_allow_exists:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Testing any entries in /etc/hosts.deny" id="oval:ssg-test_system_access_control_hosts_deny_configured:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_system_access_control_hosts_deny_configured:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:uname_test check="all" comment="32 bit architecture" id="oval:ssg-test_system_info_architecture_x86:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_system_info_architecture_x86:obj:1"/>
      <unix:state state_ref="oval:ssg-state_system_info_architecture_x86:ste:1"/>
    </unix:uname_test>
    <unix:uname_test check="all" comment="64 bit architecture" id="oval:ssg-test_system_info_architecture_x86_64:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_system_info_architecture_x86_64:obj:1"/>
      <unix:state state_ref="oval:ssg-state_system_info_architecture_x86_64:ste:1"/>
    </unix:uname_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="tftpd disabled" id="oval:ssg-test_tftpd_user_shell_disabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_tftpd_user_shell_disabled:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="tftpd user" id="oval:ssg-test_tftpd_user_shell_user:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_tftpd_user_shell_user:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:password_test check="all" check_existence="all_exist" comment="tftpd user shell" id="oval:ssg-test_tftpd_user_shell:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_tftpd_user_shell:obj:1"/>
      <unix:state state_ref="oval:ssg-state_tftpd_user_shell:ste:1"/>
    </unix:password_test>
    <ind:textfilecontent54_test check="all" comment="tftpd secure mode" id="oval:ssg-test_tftpd_uses_secure_mode:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_tftpd_uses_secure_mode:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="default runlevel is 3" id="oval:ssg-test_etc_inittab_default_runlevel:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_inittab_default_runlevel:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:variable_test id="oval:ssg-test_etc_passwd_no_duplicate_user_names:tst:1" check="all" check_existence="all_exist" comment="There should not exist duplicate user name entries in /etc/passwd" version="1">
      <ind:object object_ref="oval:ssg-object_count_of_all_usernames_from_etc_passwd:obj:1"/>
      <ind:state state_ref="oval:ssg-state_etc_passwd_no_duplicate_user_names:ste:1"/>
    </ind:variable_test>
    <ind:variable_test id="oval:ssg-test_pass_min_len:tst:1" check="all" comment="The value of PASS_MIN_LEN should be set appropriately in /etc/login.defs" version="1">
      <ind:object object_ref="oval:ssg-object_last_pass_min_len_instance_value:obj:1"/>
      <ind:state state_ref="oval:ssg-state_last_pass_min_len_instance_value:ste:1"/>
    </ind:variable_test>
    <ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="oval:ssg-test_password_pam_cracklib_retry:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_password_pam_cracklib_retry:obj:1"/>
      <ind:state state_ref="oval:ssg-state_password_pam_retry:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="check the configuration of /etc/pam.d/system-auth" id="oval:ssg-test_password_pam_pwquality_retry:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_password_pam_pwquality_retry:obj:1"/>
      <ind:state state_ref="oval:ssg-state_password_pam_retry:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:variable_test id="oval:ssg-test_pass_warn_age:tst:1" check="all" comment="The value of PASS_WARN_AGE should be set appropriately in /etc/login.defs" version="1">
      <ind:object object_ref="oval:ssg-object_last_pass_warn_age_instance_value:obj:1"/>
      <ind:state state_ref="oval:ssg-state_last_pass_warn_age_instance_value:ste:1"/>
    </ind:variable_test>
    <ind:textfilecontent54_test id="oval:ssg-test_accounts_passwords_pam_faillock_preauth_silent_system-auth:tst:1" check="all" check_existence="all_exist" comment="Check pam_faillock.so preauth silent present in /etc/pam.d/system-auth" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_preauth_silent_system-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_var_accounts_passwords_pam_faillock_deny_value:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_accounts_passwords_pam_faillock_authfail_deny_system-auth:tst:1" check="all" check_existence="all_exist" comment="Check maximum failed login attempts allowed in /etc/pam.d/system-auth (authfail)" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_authfail_deny_system-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_var_accounts_passwords_pam_faillock_deny_value:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_accounts_passwords_pam_faillock_account_phase_system-auth:tst:1" check="all" check_existence="all_exist" comment="Check if pam_faillock_so is called in account phase of /etc/pam.d/system-auth" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_account_phase_system-auth:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_accounts_passwords_pam_faillock_preauth_silent_password-auth:tst:1" check="all" check_existence="all_exist" comment="Check pam_faillock.so preauth silent present in /etc/pam.d/password-auth" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_preauth_silent_password-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_var_accounts_passwords_pam_faillock_deny_value:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_accounts_passwords_pam_faillock_authfail_deny_password-auth:tst:1" check="all" check_existence="all_exist" comment="Check maximum failed login attempts allowed in /etc/pam.d/password-auth (authfail)" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_authfail_deny_password-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_var_accounts_passwords_pam_faillock_deny_value:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_accounts_passwords_pam_faillock_account_phase_password-auth:tst:1" check="all" check_existence="all_exist" comment="Check if pam_faillock_so is called in account phase of /etc/pam.d/password-auth" version="1">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_account_phase_password-auth:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check maximum preauth fail_interval allowed in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_system-auth:tst:1" version="2">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_fail_interval_system-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_passwords_pam_faillock_fail_interval_system-auth:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check maximum authfail fail_interval allowed in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_passwords_pam_faillock_authfail_fail_interval_system-auth:tst:1" version="2">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_authfail_fail_interval_system-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_passwords_pam_faillock_fail_interval_system-auth:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check maximum authfail fail_interval allowed in /etc/pam.d/password-auth" id="oval:ssg-test_accounts_passwords_pam_faillock_fail_interval_password-auth:tst:1" version="2">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_fail_interval_password-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_passwords_pam_faillock_fail_interval_password-auth:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check maximum preauth fail_interval allowed in /etc/pam.d/password-auth" id="oval:ssg-test_accounts_passwords_pam_faillock_preauth_fail_interval_password-auth:tst:1" version="2">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_preauth_fail_interval_password-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_passwords_pam_faillock_fail_interval_password-auth:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check preauth maximum failed login attempts allowed in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_passwords_pam_faillock_unlock_time_system-auth:tst:1" version="2">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_unlock_time_system-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_passwords_pam_faillock_unlock_time_system-auth:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check authfail maximum failed login attempts allowed in /etc/pam.d/system-auth" id="oval:ssg-test_accounts_passwords_pam_faillock_authfail_unlock_time_system-auth:tst:1" version="2">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_authfail_unlock_time_system-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_passwords_pam_faillock_unlock_time_system-auth:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check authfail maximum failed login attempts allowed in /etc/pam.d/password-auth" id="oval:ssg-test_accounts_passwords_pam_faillock_unlock_time_password-auth:tst:1" version="2">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_unlock_time_password-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_passwords_pam_faillock_unlock_time_password-auth:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check preauth maximum failed login attempts allowed in /etc/pam.d/password-auth" id="oval:ssg-test_accounts_passwords_pam_faillock_preauth_unlock_time_password-auth:tst:1" version="2">
      <ind:object object_ref="oval:ssg-object_accounts_passwords_pam_faillock_preauth_unlock_time_password-auth:obj:1"/>
      <ind:state state_ref="oval:ssg-state_accounts_passwords_pam_faillock_unlock_time_password-auth:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="TMOUT in /etc/profile" id="oval:ssg-test_etc_profile_tmout:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_profile_tmout:obj:1"/>
      <ind:state state_ref="oval:ssg-state_etc_profile_tmout:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="TMOUT in /etc/profile.d/*.sh" id="oval:ssg-test_etc_profiled_tmout:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_profiled_tmout:obj:1"/>
      <ind:state state_ref="oval:ssg-state_etc_profile_tmout:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:variable_test id="oval:ssg-tst_accounts_umask_etc_bashrc:tst:1" version="1" check="all" comment="Test the retrieved /etc/bashrc umask value(s) match the var_accounts_user_umask requirement">
      <ind:object object_ref="oval:ssg-obj_accounts_umask_etc_bashrc:obj:1"/>
      <ind:state state_ref="oval:ssg-ste_accounts_umask_etc_bashrc:ste:1"/>
    </ind:variable_test>
    <ind:variable_test id="oval:ssg-tst_accounts_umask_etc_csh_cshrc:tst:1" version="1" check="all" comment="Test the retrieved /etc/csh.cshrc umask value(s) match the var_accounts_user_umask requirement">
      <ind:object object_ref="oval:ssg-obj_accounts_umask_etc_csh_cshrc:obj:1"/>
      <ind:state state_ref="oval:ssg-ste_accounts_umask_etc_csh_cshrc:ste:1"/>
    </ind:variable_test>
    <ind:variable_test id="oval:ssg-tst_accounts_umask_etc_login_defs:tst:1" version="1" check="all" comment="Test the retrieved /etc/login.defs umask value(s) match the var_accounts_user_umask requirement">
      <ind:object object_ref="oval:ssg-obj_accounts_umask_etc_login_defs:obj:1"/>
      <ind:state state_ref="oval:ssg-ste_accounts_umask_etc_login_defs:ste:1"/>
    </ind:variable_test>
    <ind:variable_test id="oval:ssg-tst_accounts_umask_etc_profile:tst:1" version="1" check="all" comment="Test the retrieved /etc/profile umask value(s) match the var_accounts_user_umask requirement">
      <ind:object object_ref="oval:ssg-obj_accounts_umask_etc_profile:obj:1"/>
      <ind:state state_ref="oval:ssg-ste_accounts_umask_etc_profile:ste:1"/>
    </ind:variable_test>
    <unix:file_test id="oval:ssg-test_aide_build_new_database_absolute_path:tst:1" check="all" check_existence="all_exist" comment="Testing existence of new aide database file" version="1">
      <unix:object object_ref="oval:ssg-object_aide_build_new_database_absolute_path:obj:1"/>
    </unix:file_test>
    <unix:file_test id="oval:ssg-test_aide_operational_database_absolute_path:tst:1" check="all" check_existence="all_exist" comment="Testing existence of operational aide database file" version="1">
      <unix:object object_ref="oval:ssg-object_aide_operational_database_absolute_path:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="notify personnel when aide completes" id="oval:ssg-test_aide_scan_notification:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_test_aide_scan_notification:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="notify personnel when aide completes" id="oval:ssg-test_aide_var_cron_notification:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_aide_var_cron_notification:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="notify personnel when aide completes in cron.(daily|weekly|monthly)" id="oval:ssg-test_aide_crontabs_notification:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_aide_crontabs_notification:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_aide_non_fips_hashes:tst:1" comment="Verify non-FIPS hashes are not configured in /etc/aide.conf" check="all" check_existence="none_exist" version="1">
      <ind:object object_ref="oval:ssg-object_aide_non_fips_hashes:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_aide_use_fips_hashes:tst:1" comment="Verify FIPS hashes are configured in /etc/aide.conf" check="all" check_existence="all_exist" version="1">
      <ind:object object_ref="oval:ssg-object_aide_use_fips_hashes:obj:1"/>
      <ind:state state_ref="oval:ssg-state_aide_use_fips_hashes:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_aide_verify_acls:tst:1" comment="acl is set in /etc/aide.conf" check="all" check_existence="all_exist" version="1">
      <ind:object object_ref="oval:ssg-object_aide_verify_acls:obj:1"/>
      <ind:state state_ref="oval:ssg-state_aide_verify_acls:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_aide_verify_ext_attributes:tst:1" comment="xattrs is set in /etc/aide.conf" check="all" check_existence="all_exist" version="1">
      <ind:object object_ref="oval:ssg-object_aide_verify_ext_attributes:obj:1"/>
      <ind:state state_ref="oval:ssg-state_aide_verify_ext_attributes:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_auditd_conf_log_group_not_root:tst:1" check="all" check_existence="none_exist" comment="log_group = root" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_conf_log_group_root:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="email account for actions" id="oval:ssg-test_auditd_data_retention_action_mail_acct:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_action_mail_acct:obj:1"/>
      <ind:state state_ref="oval:ssg-state_auditd_data_retention_action_mail_acct:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action" id="oval:ssg-test_auditd_data_retention_admin_space_left_action:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_admin_space_left_action:obj:1"/>
      <ind:state state_ref="oval:ssg-state_auditd_data_retention_admin_space_left_action:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="test the value of flush parameter in /etc/audit/auditd.conf" id="oval:ssg-test_auditd_data_retention_flush:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_flush:obj:1"/>
      <ind:state state_ref="oval:ssg-state_auditd_data_retention_flush:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="max log file size" id="oval:ssg-test_auditd_data_retention_max_log_file:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_max_log_file:obj:1"/>
      <ind:state state_ref="oval:ssg-state_auditd_data_retention_max_log_file:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="admin space left action " id="oval:ssg-test_auditd_data_retention_max_log_file_action:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_max_log_file_action:obj:1"/>
      <ind:state state_ref="oval:ssg-state_auditd_data_retention_max_log_file_action:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="admin space left action " id="oval:ssg-test_auditd_data_retention_num_logs:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_num_logs:obj:1"/>
      <ind:state state_ref="oval:ssg-state_auditd_data_retention_num_logs:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" comment="space left action" id="oval:ssg-test_auditd_data_retention_space_left_action:tst:1" version="2">
      <ind:object object_ref="oval:ssg-object_auditd_data_retention_space_left_action:obj:1"/>
      <ind:state state_ref="oval:ssg-state_auditd_data_retention_space_left_action:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Disable Browsing" id="oval:ssg-test_cups_disable_browsing_browsing_off:tst:1" version="2">
      <ind:object object_ref="oval:ssg-obj_cups_disable_browsing_browsing_off:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Do not allow incoming printer information packets" id="oval:ssg-test_cups_disable_browsing_browseallow:tst:1" version="2">
      <ind:object object_ref="oval:ssg-obj_cups_disable_browsing_browseallow:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Disable the more general port directive" id="oval:ssg-test_cups_disable_printserver_disable_port:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_cups_disable_printserver_disable_port:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Listen only at the localhost level" id="oval:ssg-test_cups_disable_printserver_use_listen:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_cups_disable_printserver_use_listen:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing directory permissions" id="oval:ssg-test_dir_perms_etc_httpd_conf:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_dir_perms_etc_httpd_conf:obj:1"/>
      <unix:state state_ref="oval:ssg-state_dir_perms_etc_httpd_conf:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing directory permissions" id="oval:ssg-test_dir_perms_var_log_httpd:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_dir_perms_var_log_httpd:obj:1"/>
      <unix:state state_ref="oval:ssg-state_dir_perms_var_log_httpd:ste:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="sshd HostbasedAuthentication" id="oval:ssg-test_sshd_hostbasedauthentication:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_hostbasedauthentication:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests whether prelinking is disabled" id="oval:ssg-test_prelinking_disabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_prelinking_disabled:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check value of gpgcheck in /etc/yum.conf" id="oval:ssg-test_yum_ensure_gpgcheck_globally_activated:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_yum_ensure_gpgcheck_globally_activated:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="check value of gpgcheck in /etc/dnf/dnf.conf" id="oval:ssg-test_dnf_ensure_gpgcheck_globally_activated:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_dnf_ensure_gpgcheck_globally_activated:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the presence of daily setting in /etc/logrotate.conf file" id="oval:ssg-test_logrotate_conf_daily_setting:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_logrotate_conf_daily_setting:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the existence of /etc/cron.daily/logrotate file (and verify it actually calls logrotate utility)" id="oval:ssg-test_cron_daily_logrotate_existence:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_cron_daily_logrotate_existence:obj:1"/>
    </ind:textfilecontent54_test>
    <linux:rpminfo_test check="only one" check_existence="at_least_one_exists" id="oval:ssg-test_package_gpgkey-fd431d51-4ae0493b_installed:tst:1" version="1" comment="Red Hat release key package is installed">
      <linux:object object_ref="oval:ssg-object_package_gpg-pubkey:obj:1"/>
      <linux:state state_ref="oval:ssg-state_package_gpg-pubkey-fd431d51-4ae0493b:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="only one" check_existence="at_least_one_exists" id="oval:ssg-test_package_gpgkey-2fa658e0-45700c69_installed:tst:1" version="1" comment="Red Hat auxiliary key package is installed">
      <linux:object object_ref="oval:ssg-object_package_gpg-pubkey:obj:1"/>
      <linux:state state_ref="oval:ssg-state_package_gpg-pubkey-2fa658e0-45700c69:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="only one" check_existence="at_least_one_exists" id="oval:ssg-test_package_gpgkey-f4a80eb5-53a7ff4b_installed:tst:1" version="1" comment="CentOS7 key package is installed">
      <linux:object object_ref="oval:ssg-object_package_gpg-pubkey:obj:1"/>
      <linux:state state_ref="oval:ssg-state_package_gpg-pubkey-f4a80eb5-53a7ff4b:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="only one" check_existence="at_least_one_exists" id="oval:ssg-test_package_gpgkey-c105b9de-4e0fd3a3_installed:tst:1" version="1" comment="CentOS6 key package is installed">
      <linux:object object_ref="oval:ssg-object_package_gpg-pubkey:obj:1"/>
      <linux:state state_ref="oval:ssg-state_package_gpg-pubkey-c105b9de-4e0fd3a3:ste:1"/>
    </linux:rpminfo_test>
    <unix:file_test check="all" check_existence="none_exist" comment="binary directories uid root" id="oval:ssg-test_ownership_binary_directories:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_ownership_binary_directories:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="binary files uid root" id="oval:ssg-test_ownership_binary_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_ownership_binary_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="library directories uid root" id="oval:ssg-test_ownership_lib_dir:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_ownership_lib_dir:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="library files uid root" id="oval:ssg-test_ownership_lib_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_ownership_lib_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/var/log/audit directories uid root gid root" id="oval:ssg-test_ownership_var_log_audit_directories:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ownership_var_log_audit_directories:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="/var/log/audit files uid root gid root" id="oval:ssg-test_ownership_var_log_audit_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ownership_var_log_audit_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/var/log/audit directories uid root gid root" id="oval:ssg-test_ownership_var_log_audit_directories-non_root:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ownership_var_log_audit_directories-non_root:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/var/log/audit files uid root gid root" id="oval:ssg-test_ownership_var_log_audit_files-non_root:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_ownership_var_log_audit_files-non_root:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="none_exist" comment="binary files go-w" id="oval:ssg-test_perms_binary_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_binary_files:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="all_exist" comment="/etc/httpd/conf/* permissions" id="oval:ssg-test_file_permissions_httpd_server_conf_files:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_permissions_httpd_server_conf_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_wrong_file_permissions_httpd_server_conf_files:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" comment="files with no group owner" check_existence="none_exist" id="oval:ssg-test_file_permissions_ungroupowned:tst:1" version="1">
      <!-- OVAL 5.11 rc-2 within the effort to add oval-def:NotesType construct also to variables
         moved NotesType construct to the oval-common-schema:
         [1] https://github.com/OVALProject/Language/issues/6
         [2] https://github.com/OVALProject/Language/commit/c34abb871ee446d9fd9e50a8ccbc8a8e2af5db20
         But this change broke backward-compatibility as reported in:
         [3] https://github.com/OVALProject/Language/issues/237
         [4] http://making-security-measurable.1364806.n2.nabble.com/5-11-backwards-incompatibility-issue-Suspect-the-fix-for-issue-6-was-the-culprit-tp7586190.html
         Therefore as a temporary workaround to have both OVAL 5.10 and also OVAL 5.11 valid content,
         temporarily comment out the <notes> construct below till the issue [3] is fixed in OVAL 5.11.1
         version.
    <notes>
      <note>This will enumerate all files on local partitions</note>
    </notes> -->
      <unix:object object_ref="oval:ssg-object_file_permissions_ungroupowned:obj:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="at_least_one_exists" comment="/var/log/audit files mode 0640" id="oval:ssg-test_file_permissions_var_log_audit-non_root:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_var_log_audit_files-non_root:obj:1"/>
      <unix:state state_ref="oval:ssg-state_not_mode_0640:ste:1"/>
    </unix:file_test>
    <unix:file_test check="all" check_existence="at_least_one_exists" comment="/var/log/audit files mode 0600" id="oval:ssg-test_file_permissions_var_log_audit:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_var_log_audit_files:obj:1"/>
      <unix:state state_ref="oval:ssg-state_not_mode_0600:ste:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Banner for FTP Users" id="oval:ssg-test_ftp_present_banner:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_test_ftp_present_banner:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_gid_passwd_group_same:tst:1" check="all" check_existence="all_exist" comment="Verify all GIDs referenced in /etc/passwd are defined in /etc/group" version="1">
      <ind:object object_ref="oval:ssg-object_gid_passwd_group_same:obj:1"/>
      <ind:state state_ref="oval:ssg-state_gid_passwd_group_same:ste:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing group ownership /etc/shadow" id="oval:ssg-test_groupowner_etc_shadow:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_groupowner_shadow_file:obj:1"/>
      <unix:state state_ref="oval:ssg-state_groupowner_shadow_file:ste:1"/>
    </unix:file_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_linuxshield_install_antivirus:tst:1" version="1" comment="AntiVirus package is installed">
      <linux:object object_ref="oval:ssg-obj_linuxshield_install_antivirus:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_mcafee_runtime_installed:tst:1" version="1" comment="Runtime Libraries package is installed">
      <linux:object object_ref="oval:ssg-obj_mcafee_runtime_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_mcafee_management_agent:tst:1" version="1" comment="Agent package is installed">
      <linux:object object_ref="oval:ssg-obj_mcafee_management_agent:obj:1"/>
    </linux:rpminfo_test>
    <unix:file_test check="all" check_existence="all_exist" comment="McAfee ACCM installed" id="oval:ssg-test_mcafee_accm_exists:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_mcafee_accm_exists:obj:1"/>
    </unix:file_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_mcafee_hbss_hips_installed:tst:1" version="1" comment="McAfee IPS is installed">
      <linux:object object_ref="oval:ssg-obj_mcafee_hbss_hips_installed:obj:1"/>
    </linux:rpminfo_test>
    <unix:file_test check="all" check_existence="all_exist" comment="McAfee Policy Auditor installed" id="oval:ssg-test_mcafee_auditengine_exists:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_mcafee_auditengine_exists:obj:1"/>
    </unix:file_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="centos-release is version 6" id="oval:ssg-test_centos6:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_centos6:obj:1"/>
      <linux:state state_ref="oval:ssg-state_centos6:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="centos-release is version 7" id="oval:ssg-test_centos7:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_centos7:obj:1"/>
      <linux:state state_ref="oval:ssg-state_centos7:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="only_one_exists" comment="fedora-release RPM package is installed" id="oval:ssg-test_fedora_release_rpm:tst:1" version="1">
      <linux:object object_ref="oval:ssg-object_fedora_release_rpm:obj:1"/>
    </linux:rpminfo_test>
    <ind:textfilecontent54_test check="all" comment="CPE vendor is 'fedoraproject' and 'product' is fedora" id="oval:ssg-test_fedora_vendor_product:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_fedora_vendor_product:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:family_test id="oval:ssg-test_unix_family:tst:1" check="all" check_existence="at_least_one_exists" comment="Test installed OS is part of the unix family" version="1">
      <ind:object object_ref="oval:ssg-object_unix_family:obj:1"/>
      <ind:state state_ref="oval:ssg-state_unix_family:ste:1"/>
    </ind:family_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release-workstation is version 6" id="oval:ssg-test_rhel_workstation:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_rhel_workstation:obj:1"/>
      <linux:state state_ref="oval:ssg-state_rhel_workstation:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release-server is version 6" id="oval:ssg-test_rhel_server:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_rhel_server:obj:1"/>
      <linux:state state_ref="oval:ssg-state_rhel_server:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release-computenode is version 6" id="oval:ssg-test_rhel_computenode:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_rhel_computenode:obj:1"/>
      <linux:state state_ref="oval:ssg-state_rhel_computenode:ste:1"/>
    </linux:rpminfo_test>
    <ind:family_test check="all" check_existence="at_least_one_exists" comment="installed OS part of unix family" id="oval:ssg-test_rhel7_unix_family:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_rhel7_unix_family:obj:1"/>
      <ind:state state_ref="oval:ssg-state_rhel7_unix_family:ste:1"/>
    </ind:family_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release-workstation is version 7" id="oval:ssg-test_rhel7_workstation:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_rhel7_workstation:obj:1"/>
      <linux:state state_ref="oval:ssg-state_rhel7_workstation:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release-server is version 7" id="oval:ssg-test_rhel7_server:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_rhel7_server:obj:1"/>
      <linux:state state_ref="oval:ssg-state_rhel7_server:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release-computenode is version 7" id="oval:ssg-test_rhel7_computenode:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_rhel7_computenode:obj:1"/>
      <linux:state state_ref="oval:ssg-state_rhel7_computenode:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="sl-release is version 6" id="oval:ssg-test_sl6:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_sl6:obj:1"/>
      <linux:state state_ref="oval:ssg-state_sl6:ste:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="sl-release is version 7" id="oval:ssg-test_sl7:tst:1" version="1">
      <linux:object object_ref="oval:ssg-obj_sl7:obj:1"/>
      <linux:state state_ref="oval:ssg-state_sl7:ste:1"/>
    </linux:rpminfo_test>
    <ind:family_test check="all" check_existence="at_least_one_exists" comment="installed OS part of unix family" id="oval:ssg-test_unix_wrlinux:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_unix_wrlinux:obj:1"/>
      <ind:state state_ref="oval:ssg-state_unix_wrlinux:ste:1"/>
    </ind:family_test>
    <unix:file_test check_existence="at_least_one_exists" version="1" id="oval:ssg-test_wrlinux:tst:1" check="all" comment="Test presence of /etc/wrlinux-release.">
      <unix:object object_ref="oval:ssg-obj_test_wrlinux:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Test HostLimit" id="oval:ssg-test_logwatch_configured_hostlimit:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_logwatch_configured_hostlimit:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Test SplitHosts" id="oval:ssg-test_logwatch_configured_splithosts:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_logwatch_configured_splithosts:obj:1"/>
    </ind:textfilecontent54_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_nodev_dev_shm:tst:1" version="1" comment="nodev on /dev/shm">
      <linux:object object_ref="oval:ssg-object_dev_shm_partition_nodev:obj:1"/>
      <linux:state state_ref="oval:ssg-state_dev_shm_nodev:ste:1"/>
    </linux:partition_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_noexec_dev_shm:tst:1" version="1" comment="noexec on /dev/shm">
      <linux:object object_ref="oval:ssg-object_dev_shm_partition_noexec:obj:1"/>
      <linux:state state_ref="oval:ssg-state_dev_shm_noexec:ste:1"/>
    </linux:partition_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_nosuid_dev_shm:tst:1" version="1" comment="nosuid on /dev/shm">
      <linux:object object_ref="oval:ssg-object_dev_shm_partition_nosuid:obj:1"/>
      <linux:state state_ref="oval:ssg-state_dev_shm_nosuid:ste:1"/>
    </linux:partition_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_nodev_nonroot_local_partitions:tst:1" version="1" comment="nodev on local filesystems">
      <linux:object object_ref="oval:ssg-object_non_root_partitions:obj:1"/>
      <linux:state state_ref="oval:ssg-state_local_nodev:ste:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test id="oval:ssg-test_nodev_etc_fstab_cd_dvd_drive:tst:1" check="all" comment="'nodev' mount option used for at least one CD / DVD drive alternative names in /etc/fstab" version="1">
      <ind:object object_ref="oval:ssg-object_nodev_etc_fstab_cd_dvd_drive:obj:1"/>
      <ind:state state_ref="oval:ssg-state_nodev_etc_fstab_cd_dvd_drive:ste:1"/>
    </ind:textfilecontent54_test>
    <linux:partition_test id="oval:ssg-test_nodev_runtime_cd_dvd_drive:tst:1" check="all" comment="'nodev' mount option used for at least one CD / DVD drive alternative names in runtime configuration" version="1">
      <linux:object object_ref="oval:ssg-object_nodev_runtime_cd_dvd_drive:obj:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test id="oval:ssg-test_nodev_etc_fstab_not_cd_dvd_drive:tst:1" check="at least one" check_existence="all_exist" comment="Check if removable partition is configured with 'nodev' mount option in /etc/fstab" version="1">
      <ind:object object_ref="oval:ssg-object_nodev_etc_fstab_not_cd_dvd_drive:obj:1"/>
      <ind:state state_ref="oval:ssg-state_nodev_etc_fstab_not_cd_dvd_drive:ste:1"/>
    </ind:textfilecontent54_test>
    <linux:partition_test id="oval:ssg-test_nodev_runtime_not_cd_dvd_drive:tst:1" check="all" check_existence="all_exist" comment="'nodev' mount option used for removable partition in runtime configuration" version="1">
      <linux:object object_ref="oval:ssg-object_nodev_runtime_not_cd_dvd_drive:obj:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test id="oval:ssg-test_noexec_etc_fstab_cd_dvd_drive:tst:1" check="all" comment="'noexec' mount option used for at least one CD / DVD drive alternative names in /etc/fstab" version="1">
      <ind:object object_ref="oval:ssg-object_noexec_etc_fstab_cd_dvd_drive:obj:1"/>
      <ind:state state_ref="oval:ssg-state_noexec_etc_fstab_cd_dvd_drive:ste:1"/>
    </ind:textfilecontent54_test>
    <linux:partition_test id="oval:ssg-test_noexec_runtime_cd_dvd_drive:tst:1" check="all" comment="'noexec' mount option used for at least one CD / DVD drive alternative names in runtime configuration" version="1">
      <linux:object object_ref="oval:ssg-object_noexec_runtime_cd_dvd_drive:obj:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test id="oval:ssg-test_noexec_etc_fstab_not_cd_dvd_drive:tst:1" check="at least one" check_existence="all_exist" comment="Check if removable partition is configured with 'noexec' mount option in /etc/fstab" version="1">
      <ind:object object_ref="oval:ssg-object_noexec_etc_fstab_not_cd_dvd_drive:obj:1"/>
      <ind:state state_ref="oval:ssg-state_noexec_etc_fstab_not_cd_dvd_drive:ste:1"/>
    </ind:textfilecontent54_test>
    <linux:partition_test id="oval:ssg-test_noexec_runtime_not_cd_dvd_drive:tst:1" check="all" check_existence="all_exist" comment="'noexec' mount option used for removable partition in runtime configuration" version="1">
      <linux:object object_ref="oval:ssg-object_noexec_runtime_not_cd_dvd_drive:obj:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test id="oval:ssg-test_nosuid_etc_fstab_cd_dvd_drive:tst:1" check="all" comment="'nosuid' mount option used for at least one CD / DVD drive alternative names in /etc/fstab" version="1">
      <ind:object object_ref="oval:ssg-object_nosuid_etc_fstab_cd_dvd_drive:obj:1"/>
      <ind:state state_ref="oval:ssg-state_nosuid_etc_fstab_cd_dvd_drive:ste:1"/>
    </ind:textfilecontent54_test>
    <linux:partition_test id="oval:ssg-test_nosuid_runtime_cd_dvd_drive:tst:1" check="all" comment="'nosuid' mount option used for at least one CD / DVD drive alternative names in runtime configuration" version="1">
      <linux:object object_ref="oval:ssg-object_nosuid_runtime_cd_dvd_drive:obj:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test id="oval:ssg-test_nosuid_etc_fstab_not_cd_dvd_drive:tst:1" check="at least one" check_existence="all_exist" comment="Check if removable partition is configured with 'nosuid' mount option in /etc/fstab" version="1">
      <ind:object object_ref="oval:ssg-object_nosuid_etc_fstab_not_cd_dvd_drive:obj:1"/>
      <ind:state state_ref="oval:ssg-state_nosuid_etc_fstab_not_cd_dvd_drive:ste:1"/>
    </ind:textfilecontent54_test>
    <linux:partition_test id="oval:ssg-test_nosuid_runtime_not_cd_dvd_drive:tst:1" check="all" check_existence="all_exist" comment="'nosuid' mount option used for removable partition in runtime configuration" version="1">
      <linux:object object_ref="oval:ssg-object_nosuid_runtime_not_cd_dvd_drive:obj:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="check for no cifs in /etc/fstab" id="oval:ssg-test_20340111:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_20340111:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="check for sec=krb5i or sec=ntlmv2i in /etc/fstab" id="oval:ssg-test_20340112:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_20340111:obj:1"/>
      <ind:state state_ref="oval:ssg-state_20340112:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="check for no cifs in /etc/mtab" id="oval:ssg-test_20340113:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_20340112:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="check for sec=krb5i or sec=ntlmv2i in /etc/mtab" id="oval:ssg-test_20340114:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_20340112:obj:1"/>
      <ind:state state_ref="oval:ssg-state_20340112:ste:1"/>
    </ind:textfilecontent54_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_nodev_tmp:tst:1" version="1" comment="nodev on /tmp">
      <linux:object object_ref="oval:ssg-object_tmp_nodev_partition:obj:1"/>
      <linux:state state_ref="oval:ssg-state_tmp_nodev:ste:1"/>
    </linux:partition_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_noexec_tmp:tst:1" version="1" comment="noexec on /tmp">
      <linux:object object_ref="oval:ssg-object_tmp_noexec_partition:obj:1"/>
      <linux:state state_ref="oval:ssg-state_tmp_noexec:ste:1"/>
    </linux:partition_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_nosuid_tmp:tst:1" version="1" comment="nosuid on /tmp">
      <linux:object object_ref="oval:ssg-object_tmp_nosuid_partition:obj:1"/>
      <linux:state state_ref="oval:ssg-state_tmp_nosuid:ste:1"/>
    </linux:partition_test>
    <linux:partition_test id="oval:ssg-test_mount_option_var_tmp:tst:1" version="1" comment="Ensure /var/tmp is mounted" check="all">
      <linux:object object_ref="oval:ssg-object_mount_option_var_tmp:obj:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Ensure bind mount option is on /var/tmp" id="oval:ssg-test_mount_option_var_tmp_bind:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_mount_option_var_tmp_bind:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="check NOZEROCONF=yes in /etc/sysconfig/network" id="oval:ssg-test_sysconfig_nozeroconf_yes:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sysconfig_nozeroconf_yes:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Test for udp6 based rpc services" id="oval:ssg-test_network_ipv6_disable_rpc_udp6:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_network_ipv6_disable_rpc_udp6:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Test for tcp6 based rpc services" id="oval:ssg-test_network_ipv6_disable_rpc_tcp6:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_network_ipv6_disable_rpc_tcp6:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:interface_test check="all" check_existence="at_least_one_exists" id="oval:ssg-test_promisc_interfaces:tst:1" version="1" comment="random">
      <unix:object object_ref="oval:ssg-object_promisc_interfaces:obj:1"/>
      <unix:state state_ref="oval:ssg-state_promisc:ste:1"/>
    </unix:interface_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="/etc/securetty file exists" id="oval:ssg-test_etc_securetty_exists:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_securetty_exists:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="no entries in /etc/securetty" id="oval:ssg-test_no_direct_root_logins:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_no_direct_root_logins:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the insecure locks in /etc/exports" id="oval:ssg-test_no_insecure_locks_exports:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_no_insecure_locks_exports:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:variable_test id="oval:ssg-test_shell_defined_default_uid_range:tst:1" check="all" check_existence="all_exist" comment="&lt;0, UID_MIN - 1&gt; system UIDs having shell set" version="1">
      <ind:object object_ref="oval:ssg-object_shell_defined_default_uid_range:obj:1"/>
      <ind:state state_ref="oval:ssg-state_shell_defined_default_uid_range:ste:1"/>
    </ind:variable_test>
    <ind:textfilecontent54_test id="oval:ssg-test_sys_uid_min_not_defined:tst:1" comment="SYS_UID_MIN not defined in /etc/login.defs" check="all" check_existence="none_exist" version="1">
      <ind:object object_ref="oval:ssg-object_last_sys_uid_min_from_etc_login_defs:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_sys_uid_max_not_defined:tst:1" comment="SYS_UID_MAX not defined in /etc/login.defs" check="all" check_existence="none_exist" version="1">
      <ind:object object_ref="oval:ssg-object_last_sys_uid_max_from_etc_login_defs:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:variable_test id="oval:ssg-test_shell_defined_reserved_uid_range:tst:1" check="all" check_existence="all_exist" comment="&lt;0, SYS_UID_MIN&gt; system UIDs having shell set" version="1">
      <ind:object object_ref="oval:ssg-object_shell_defined_reserved_uid_range:obj:1"/>
      <ind:state state_ref="oval:ssg-state_shell_defined_reserved_uid_range:ste:1"/>
    </ind:variable_test>
    <ind:variable_test id="oval:ssg-test_shell_defined_dynalloc_uid_range:tst:1" check="all" check_existence="all_exist" comment="&lt;SYS_UID_MIN, SYS_UID_MAX&gt; system UIDS having shell set" version="1">
      <ind:object object_ref="oval:ssg-object_shell_defined_dynalloc_uid_range:obj:1"/>
      <ind:state state_ref="oval:ssg-state_shell_defined_dynalloc_uid_range:ste:1"/>
    </ind:variable_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_aide_installed:tst:1" version="1" comment="package aide is installed">
      <linux:object object_ref="oval:ssg-obj_package_aide_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_audit_installed:tst:1" version="1" comment="package audit is installed">
      <linux:object object_ref="oval:ssg-obj_package_audit_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_bind_removed:tst:1" version="1" comment="package bind is removed">
      <linux:object object_ref="oval:ssg-obj_package_bind_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_dhcp_removed:tst:1" version="1" comment="package dhcp is removed">
      <linux:object object_ref="oval:ssg-obj_package_dhcp_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_dovecot_removed:tst:1" version="1" comment="package dovecot is removed">
      <linux:object object_ref="oval:ssg-obj_package_dovecot_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_httpd_removed:tst:1" version="1" comment="package httpd is removed">
      <linux:object object_ref="oval:ssg-obj_package_httpd_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_mcstrans_removed:tst:1" version="1" comment="package mcstrans is removed">
      <linux:object object_ref="oval:ssg-obj_package_mcstrans_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_net-snmp_removed:tst:1" version="1" comment="package net-snmp is removed">
      <linux:object object_ref="oval:ssg-obj_package_net-snmp_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_ntp_installed:tst:1" version="1" comment="package ntp is installed">
      <linux:object object_ref="oval:ssg-obj_package_ntp_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_openldap-servers_removed:tst:1" version="1" comment="package openldap-servers is removed">
      <linux:object object_ref="oval:ssg-obj_package_openldap-servers_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_prelink_removed:tst:1" version="1" comment="package prelink is removed">
      <linux:object object_ref="oval:ssg-obj_package_prelink_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_rsh_removed:tst:1" version="1" comment="package rsh is removed">
      <linux:object object_ref="oval:ssg-obj_package_rsh_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_rsyslog_installed:tst:1" version="1" comment="package rsyslog is installed">
      <linux:object object_ref="oval:ssg-obj_package_rsyslog_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_samba-common_installed:tst:1" version="1" comment="package samba-common is installed">
      <linux:object object_ref="oval:ssg-obj_package_samba-common_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_screen_installed:tst:1" version="1" comment="package screen is installed">
      <linux:object object_ref="oval:ssg-obj_package_screen_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_sendmail_removed:tst:1" version="1" comment="package sendmail is removed">
      <linux:object object_ref="oval:ssg-obj_package_sendmail_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_setroubleshoot_removed:tst:1" version="1" comment="package setroubleshoot is removed">
      <linux:object object_ref="oval:ssg-obj_package_setroubleshoot_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_squid_removed:tst:1" version="1" comment="package squid is removed">
      <linux:object object_ref="oval:ssg-obj_package_squid_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_talk-server_removed:tst:1" version="1" comment="package talk-server is removed">
      <linux:object object_ref="oval:ssg-obj_package_talk-server_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_talk_removed:tst:1" version="1" comment="package talk is removed">
      <linux:object object_ref="oval:ssg-obj_package_talk_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_telnet_removed:tst:1" version="1" comment="package telnet is removed">
      <linux:object object_ref="oval:ssg-obj_package_telnet_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_tftp_removed:tst:1" version="1" comment="package tftp is removed">
      <linux:object object_ref="oval:ssg-obj_package_tftp_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="all_exist" id="oval:ssg-test_package_vsftpd_installed:tst:1" version="1" comment="package vsftpd is installed">
      <linux:object object_ref="oval:ssg-obj_package_vsftpd_installed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_xorg-x11-server-common_removed:tst:1" version="1" comment="package xorg-x11-server-common is removed">
      <linux:object object_ref="oval:ssg-obj_package_xorg-x11-server-common_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:rpminfo_test check="all" check_existence="none_exist" id="oval:ssg-test_package_ypserv_removed:tst:1" version="1" comment="package ypserv is removed">
      <linux:object object_ref="oval:ssg-obj_package_ypserv_removed:obj:1"/>
    </linux:rpminfo_test>
    <linux:partition_test check="all" check_existence="all_exist" id="oval:ssg-test_var_log_partition:tst:1" version="1" comment="/var/log on own partition">
      <linux:object object_ref="oval:ssg-object_mount_var_log_own_partition:obj:1"/>
    </linux:partition_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Set banner" id="oval:ssg-test_postfix_server_banner:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_postfix_server_banner:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:file_test id="oval:ssg-test_removable_partition_doesnt_exist:tst:1" check="all" check_existence="none_exist" comment="Check if expected removable partitions truly exist on the system" version="1">
      <unix:object object_ref="oval:ssg-object_removable_partition_doesnt_exist:obj:1"/>
    </unix:file_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="check for client signing = mandatory in /etc/samba/smb.conf" id="oval:ssg-test_require_smb_client_signing:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_require_smb_client_signing:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="serial ports /etc/securetty" id="oval:ssg-test_serial_ports_etc_securetty:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_serial_ports_etc_securetty:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:environmentvariable58_test check="none satisfy" comment="environment variable PATH starts with : or ." id="oval:ssg-test_env_var_begins:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_root_path_no_dot:obj:1"/>
      <ind:state state_ref="oval:ssg-state_begins_colon_period:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" comment="environment variable PATH doesn't contain : twice in a row" id="oval:ssg-test_env_var_contains_doublecolon:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_root_path_no_dot:obj:1"/>
      <ind:state state_ref="oval:ssg-state_contains_double_colon:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" comment="environment variable PATH doesn't contain . twice in a row" id="oval:ssg-test_env_var_contains_doubleperiod:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_root_path_no_dot:obj:1"/>
      <ind:state state_ref="oval:ssg-state_contains_double_period:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" comment="environment variable PATH ends with : or ." id="oval:ssg-test_env_var_ends:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_root_path_no_dot:obj:1"/>
      <ind:state state_ref="oval:ssg-state_ends_colon_period:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" comment="environment variable PATH starts with an absolute path /" id="oval:ssg-test_env_var_begins_slash:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_root_path_no_dot:obj:1"/>
      <ind:state state_ref="oval:ssg-state_begins_slash:ste:1"/>
    </ind:environmentvariable58_test>
    <ind:environmentvariable58_test check="none satisfy" comment="environment variable PATH contains relative paths" id="oval:ssg-test_env_var_contains_relative_path:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_root_path_no_dot:obj:1"/>
      <ind:state state_ref="oval:ssg-state_contains_relative_path:ste:1"/>
    </ind:environmentvariable58_test>
    <linux:rpmverifyfile_test check_existence="none_exist" id="oval:ssg-test_verify_all_rpms_user_ownership:tst:1" version="1" check="all" comment="user ownership of all files matches local rpm database">
      <linux:object object_ref="oval:ssg-object_files_fail_user_ownership:obj:1"/>
    </linux:rpmverifyfile_test>
    <linux:rpmverifyfile_test check_existence="none_exist" id="oval:ssg-test_verify_all_rpms_group_ownership:tst:1" version="1" check="all" comment="group ownership of all files matches local rpm database">
      <linux:object object_ref="oval:ssg-object_files_fail_group_ownership:obj:1"/>
    </linux:rpmverifyfile_test>
    <linux:rpmverifyfile_test check_existence="none_exist" id="oval:ssg-test_verify_all_rpms_mode:tst:1" version="1" check="all" comment="mode of all files matches local rpm database">
      <linux:object object_ref="oval:ssg-object_files_fail_mode:obj:1"/>
    </linux:rpmverifyfile_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Ensure that the /etc/rsyslog.conf does not contain $InputTCPServerRun | $UDPServerRun | $InputRELPServerRun" id="oval:ssg-test_rsyslog_nolisten:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_rsyslog_nolisten:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Ensures system configured to export logs to remote host" id="oval:ssg-test_remote_rsyslog_conf:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_remote_loghost_rsyslog_conf:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Ensures system configured to export logs to remote host" id="oval:ssg-test_remote_rsyslog_d:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_remote_loghost_rsyslog_d:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the ^[\s]*SELINUXTYPE[\s]*=[\s]*([^#]*) expression in the /etc/selinux/config file" id="oval:ssg-test_selinux_policy:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_selinux_policy:obj:1"/>
      <ind:state state_ref="oval:ssg-state_selinux_policy:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="/selinux/enforce is 1" id="oval:ssg-test_etc_selinux_config:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_selinux_config:obj:1"/>
      <ind:state state_ref="oval:ssg-state_etc_selinux_config:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="The password hashing algorithm should be set correctly in /etc/libuser.conf" id="oval:ssg-test_etc_libuser_conf_cryptstyle:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_etc_libuser_conf_cryptstyle:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:variable_test id="oval:ssg-test_etc_login_defs_encrypt_method:tst:1" check="all" comment="The value of ENCRYPT_METHOD should be set appropriately in /etc/login.defs" version="1">
      <ind:object object_ref="oval:ssg-object_last_encrypt_method_instance_value:obj:1"/>
      <ind:state state_ref="oval:ssg-state_last_encrypt_method_instance_value:ste:1"/>
    </ind:variable_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="sshd uses protocol 2" id="oval:ssg-test_sshd_allow_only_protocol2:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_allow_only_protocol2:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the PermitEmptyPasswords[\s]*(&lt;:nocomment:&gt;*) setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_permitemptypasswords_no:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_permitemptypasswords_no:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the IgnoreRhosts[\s]*(&lt;:nocomment:&gt;*) setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_rsh_emulation_disabled:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_rsh_emulation_disabled:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Tests the value of the RhostsRSAAuthentication[\s]*(&lt;:nocomment:&gt;*) setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_disable_rhosts_rsa:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_disable_rhosts_rsa:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the IgnoreUserKnownHosts[\s]*(&lt;:nocomment:&gt;*) setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_disable_user_known_hosts:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_disable_user_known_hosts:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="Check value of PermitUserEnvironment in /etc/ssh/sshd_config" id="oval:ssg-test_sshd_no_user_envset:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_no_user_envset:obj:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="timeout is configured" id="oval:ssg-test_sshd_idle_timeout:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_sshd_idle_timeout:obj:1"/>
      <ind:state state_ref="oval:ssg-state_timeout_value_upper_bound:ste:1"/>
      <ind:state state_ref="oval:ssg-state_timeout_value_lower_bound:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test check="all" check_existence="all_exist" comment="Tests the value of the ClientAliveCountMax setting in the /etc/ssh/sshd_config file" id="oval:ssg-test_sshd_clientalivecountmax:tst:1" version="1">
      <ind:object object_ref="oval:ssg-obj_sshd_clientalivecountmax:obj:1"/>
      <ind:state state_ref="oval:ssg-state_sshd_clientalivecountmax:ste:1"/>
    </ind:textfilecontent54_test>
    <unix:sysctl_test id="oval:ssg-test_runtime_kernel_dmesg_restrict:tst:1" check="all" check_existence="all_exist" comment="Check kernel.dmesg_restrict kernel runtime parameter" version="1">
      <unix:object object_ref="oval:ssg-object_runtime_kernel_dmesg_restrict:obj:1"/>
      <unix:state state_ref="oval:ssg-state_runtime_kernel_dmesg_restrict:ste:1"/>
    </unix:sysctl_test>
    <ind:textfilecontent54_test id="oval:ssg-test_static_sysctld_kernel_dmesg_restrict:tst:1" check="all" check_existence="only_one_exists" comment="Check kernel.dmesg_restrict static configuration in /etc/sysctl.d/*" version="1">
      <ind:object object_ref="oval:ssg-object_static_sysctld_kernel_dmesg_restrict:obj:1"/>
      <ind:state state_ref="oval:ssg-state_static_sysctld_kernel_dmesg_restrict:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_static_etc_sysctl_kernel_dmesg_restrict:tst:1" check="all" comment="Check kernel.dmesg_restrict static configuration in /etc/sysctl.conf" version="1">
      <ind:object object_ref="oval:ssg-object_static_etc_sysctl_kernel_dmesg_restrict:obj:1"/>
      <!-- Re-use the above defined state (since the requirement is same for both locations) -->
      <ind:state state_ref="oval:ssg-state_static_sysctld_kernel_dmesg_restrict:ste:1"/>
    </ind:textfilecontent54_test>
    <ind:textfilecontent54_test id="oval:ssg-test_static_sysctld_kernel_dmesg_restrict_not_used:tst:1" check="all" check_existence="none_exist" comment="Check kernel.dmesg_restrict is not used in some file from /etc/sysctl.d/* location" version="1">
      <!-- Re-use the above defined object_static_sysctld_kernel_dmesg_restrict object. We require object of same properties,
         but this time we require no such object to exist in /etc/sysctl.d/* -->
      <ind:object object_ref="oval:ssg-object_static_sysctld_kernel_dmesg_restrict:obj:1"/>
    </ind:textfilecontent54_test>
    <unix:uname_test check="all" comment="64 bit architecture" id="oval:ssg-test_system_info_architecture_ppc_64:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_system_info_architecture_ppc_64:obj:1"/>
      <unix:state state_ref="oval:ssg-state_system_info_architecture_ppc_64:ste:1"/>
    </unix:uname_test>
    <unix:uname_test check="all" comment="64 bit architecture" id="oval:ssg-test_system_info_architecture_ppcle_64:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_system_info_architecture_ppcle_64:obj:1"/>
      <unix:state state_ref="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"/>
    </unix:uname_test>
    <ind:variable_test id="oval:ssg-tst_umask_for_daemons:tst:1" version="1" check="all" comment="Test the retrieved /etc/init.d/functions umask value(s) match the var_umask_for_daemons requirement">
      <ind:object object_ref="oval:ssg-obj_umask_for_daemons:obj:1"/>
      <ind:state state_ref="oval:ssg-ste_umask_for_daemons:ste:1"/>
    </ind:variable_test>
    <unix:file_test check="all" check_existence="all_exist" comment="Testing user ownership of /etc/shadow" id="oval:ssg-test_userowner_shadow_file:tst:1" version="1">
      <unix:object object_ref="oval:ssg-object_file_etc_shadow:obj:1"/>
      <unix:state state_ref="oval:ssg-state_etc_shadow_uid_root:ste:1"/>
    </unix:file_test>
    <ind:variable_test id="oval:ssg-test_existence_of_var_accounts_user_umask_as_number_variable:tst:1" comment="Verify the existence of var_accounts_user_umask_as_number variable" check="all" check_existence="at_least_one_exists" version="1">
      <ind:object object_ref="oval:ssg-object_var_accounts_user_umask_umask_as_number:obj:1"/>
    </ind:variable_test>
    <ind:variable_test id="oval:ssg-test_var_removable_partition_is_cd_dvd_drive:tst:1" check="all" comment="Check if removable partition variable value represents CD/DVD drive" version="1">
      <ind:object object_ref="oval:ssg-object_var_removable_partition_is_cd_dvd_drive:obj:1"/>
      <ind:state state_ref="oval:ssg-state_var_removable_partition_is_cd_dvd_drive:ste:1"/>
    </ind:variable_test>
    <ind:variable_test id="oval:ssg-test_existence_of_var_umask_for_daemons_as_number_variable:tst:1" comment="Verify the existence of var_umask_for_daemons_as_number variable" check="all" check_existence="at_least_one_exists" version="1">
      <ind:object object_ref="oval:ssg-object_var_umask_for_daemons_umask_as_number:obj:1"/>
    </ind:variable_test>
    <ind:textfilecontent54_test check="all" check_existence="none_exist" comment="query /proc/net/wireless" id="oval:ssg-test_wireless_disable_interfaces:tst:1" version="1">
      <ind:object object_ref="oval:ssg-object_wireless_disable_interfaces:obj:1"/>
    </ind:textfilecontent54_test>
  </tests>
  <objects>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_cracklib_present:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^password[\s]+(?:requisite|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_cracklib.so[\s]+.*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_default_useradd_inactive:obj:1" version="1">
      <ind:filepath>/etc/default/useradd</ind:filepath>
      <ind:pattern operation="pattern match">^\s*INACTIVE\s*=\s*(\d+)\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:environmentvariable58_object id="oval:ssg-object_env_var_path:obj:1" version="1">
      <ind:pid xsi:nil="true" datatype="int"/>
      <ind:name>PATH</ind:name>
    </ind:environmentvariable58_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_fail_delay_logindefs:obj:1" version="1">
      <ind:filepath>/etc/login.defs</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*FAIL_DELAY[\s]+(\d+)\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_fail_delay_systemauth:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^auth[\s]+[a-z]+[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_faildelay.so[\s]+delay=([0-9]+).*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_fail_delay_systemauthac:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth-ac</ind:filepath>
      <ind:pattern operation="pattern match">^auth[\s]+[a-z]+[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_faildelay.so[\s]+delay=([0-9]+).*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_pam_faildelay_not_included:obj:1" version="1">
      <ind:path>/lib/security</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">.*(pam_faildelay.so)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_systemauthac_not_included:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">.*(system-auth-ac)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_global_setting_auth:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^auth[\s]+include[\s]+system-auth-ac$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_global_setting_account:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^account[\s]+include[\s]+system-auth-ac$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_global_setting_password:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^password[\s]+include[\s]+system-auth-ac$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_global_setting_session:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^session[\s]+include[\s]+system-auth-ac$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:environmentvariable58_object id="oval:ssg-object_env_var_ld_library_path:obj:1" version="1">
      <ind:pid xsi:nil="true" datatype="int"/>
      <ind:name>LD_LIBRARY_PATH</ind:name>
    </ind:environmentvariable58_object>
    <unix:file_object id="oval:ssg-object_accounts_logins_logged_btmp:obj:1" version="1">
      <unix:filepath operation="equals">/var/log/btmp</unix:filepath>
    </unix:file_object>
    <unix:file_object id="oval:ssg-object_accounts_logins_logged_wtmp:obj:1" version="1">
      <unix:filepath operation="equals">/var/log/wtmp</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_security_limits_conf_maxlogins:obj:1" version="1">
      <ind:filepath>/etc/security/limits.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*\*[\s]+(?:hard|-)[\s]+maxlogins[\s]+(\d+)\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:password_object id="oval:ssg-object_accounts_maximum_age_login_defs_var:obj:1" version="1">
      <unix:username operation="pattern match">.*</unix:username>
    </unix:password_object>
    <unix:shadow_object comment="Users" id="oval:ssg-object_accounts_maximum_age_login_defs_users:obj:1" version="1">
      <unix:username var_ref="oval:ssg-var_accounts_maximum_age_login_defs_users:var:1" var_check="at least one"/>
    </unix:shadow_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_maximum_age_login_defs:obj:1" version="1">
      <ind:filepath>/etc/login.defs</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*PASS_MAX_DAYS[\s]+(\d+)\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:password_object id="oval:ssg-object_accounts_minimum_age_login_defs_var:obj:1" version="1">
      <unix:username operation="pattern match">.*</unix:username>
    </unix:password_object>
    <unix:shadow_object comment="Users" id="oval:ssg-object_accounts_minimum_age_login_defs_users:obj:1" version="1">
      <unix:username var_ref="oval:ssg-var_accounts_minimum_age_login_defs_users:var:1" var_check="at least one"/>
    </unix:shadow_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_minimum_age_login_defs:obj:1" version="1">
      <ind:filepath>/etc/login.defs</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*PASS_MIN_DAYS[\s]+(\d+)\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_no_uid_except_root:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>passwd</ind:filename>
      <ind:pattern operation="pattern match">^(?!root:)[^:]*:[^:]:0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="no password hashes in /etc/passwd." id="oval:ssg-obj_accounts_password_all_shadowed:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>passwd</ind:filename>
      <ind:pattern operation="pattern match">^[a-zA-Z0-9\-_]+\:(?!x\:)([a-zA-Z0-9\-_$]+\:)\d+\:\d+\:.*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_password_pam_cracklib_dcredit:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth</ind:filename>
      <ind:pattern operation="pattern match">^password[\s]+(?:requisite|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_cracklib.so[\w_\.\-=\s]*[\s]+dcredit=(-?\d+)(?:[\s]|$)</ind:pattern>
      <ind:instance datatype="int" operation="less than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_password_pam_cracklib_difok:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth</ind:filename>
      <ind:pattern operation="pattern match">^password[\s]+(?:requisite|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_cracklib.so[\w_\.\-=\s]*[\s]+difok=(-?\d+)(?:[\s]|$)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_password_pam_cracklib_lcredit:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth</ind:filename>
      <ind:pattern operation="pattern match">^password[\s]+(?:requisite|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_cracklib.so[\w_\.\-=\s]*[\s]+lcredit=(-?\d+)(?:[\s]|$)</ind:pattern>
      <ind:instance datatype="int" operation="less than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_password_pam_cracklib_maxrepeat:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth</ind:filename>
      <ind:pattern operation="pattern match">^password[\s]+(?:requisite|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_cracklib.so[\w_\.\-=\s]*[\s]+maxrepeat=(-?\d+)(?:[\s]|$)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_password_pam_cracklib_minlen:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth</ind:filename>
      <ind:pattern operation="pattern match">^password[\s]+(?:requisite|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_cracklib.so[\w_\.\-=\s]*[\s]+minlen=(-?\d+)(?:[\s]|$)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_password_pam_cracklib_ocredit:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth</ind:filename>
      <ind:pattern operation="pattern match">^password[\s]+(?:requisite|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_cracklib.so[\w_\.\-=\s]*[\s]+ocredit=(-?\d+)(?:[\s]|$)</ind:pattern>
      <ind:instance datatype="int" operation="less than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_password_pam_cracklib_ucredit:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth</ind:filename>
      <ind:pattern operation="pattern match">^password[\s]+(?:requisite|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_cracklib.so[\w_\.\-=\s]*[\s]+ucredit=(-?\d+)(?:[\s]|$)</ind:pattern>
      <ind:instance datatype="int" operation="less than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_password_pam_tally2_deny_system-auth:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth</ind:filename>
      <ind:pattern operation="pattern match">^auth[\s]+required[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_tally2\.so.*deny=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/security/opasswd exists" id="oval:ssg-object_etc_security_opasswd:obj:1" version="1">
      <unix:path operation="equals">/etc/security</unix:path>
      <unix:filename>opasswd</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_password_pam_unix_remember:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth</ind:filename>
      <ind:pattern operation="pattern match">^password[\s]+(?:sufficient|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*(?:(?:pam_pwhistory\.so)|(?:pam_unix\.so)).*remember=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_password_pam_unix_remember_systemauthac:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>system-auth-ac</ind:filename>
      <ind:pattern operation="pattern match">^password[\s]+(?:sufficient|required)[\s]+(?:/lib/security/(?:\$ISA/)*)*(?:(?:pam_pwhistory\.so)|(?:pam_unix\.so)).*remember=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:environmentvariable58_object id="oval:ssg-var_env_accounts_root_path_dirs_no_write:obj:1" version="1">
      <ind:pid xsi:nil="true" datatype="int"/>
      <ind:name>PATH</ind:name>
    </ind:environmentvariable58_object>
    <unix:file_object comment="List of directories in root's PATH" id="oval:ssg-object_accounts_root_path_dirs_no_write:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path var_ref="oval:ssg-var_accounts_root_path_dirs_no_write:var:1" var_check="at least one"/>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_accounts_invalid_umask_system:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)[\s]*[Uu][Mm][Aa][Ss][Kk][\s]+(?:=\s*)*(\d+)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_accounts_invalid_umask_user_home:obj:1" version="1">
      <ind:path operation="pattern match">/home/.*</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)[\s]*[Uu][Mm][Aa][Ss][Kk][\s]+(?:=\s*)*(\d+)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_accounts_invalid_umask_user_root:obj:1" version="1">
      <ind:path>/root</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)[\s]*[Uu][Mm][Aa][Ss][Kk][\s]+(?:=\s*)*(\d+)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_accounts_valid_umask_system:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)[\s]*[Uu][Mm][Aa][Ss][Kk][\s]+(?:=\s*)*(\d+)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_accounts_valid_umask_user_home:obj:1" version="1">
      <ind:path operation="pattern match">/home/.*</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)[\s]*[Uu][Mm][Aa][Ss][Kk][\s]+(?:=\s*)*(\d+)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_accounts_valid_umask_user_root:obj:1" version="1">
      <ind:path>/root</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)[\s]*[Uu][Mm][Aa][Ss][Kk][\s]+(?:=\s*)*(\d+)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_unique_name_var:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <ind:pattern operation="pattern match">^(.*):x:</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_unique_name:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <ind:pattern operation="pattern match">^(.*):x:</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_unique_id_var:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <ind:pattern operation="pattern match">^(?:[\S]*?:){2}([0-9]+):{1}</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_unique_id:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <ind:pattern operation="pattern match">^(?:[\S]*?:){2}([0-9]+):{1}</ind:pattern>
      <ind:instance operation="greater than" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_periodic_cron_checking_etc_crontab:obj:1" version="1">
      <ind:filepath>/etc/crontab</ind:filepath>
      <ind:pattern operation="pattern match">^(?!#)(?:(?:\d*(?:,\d|-\d)?|\*)+\s(?:\d*(?:,\d|-\d)?|\*)+\s\*\s*\s(?:\d*(?:,\d|-\d)?|\*)|@hourly|@weekly|@daily|@midnight)+.*aide\s.*--check</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_periodic_cron_checking_etc_cron_d:obj:1" version="1">
      <ind:path>/etc/cron.d</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)(?:(?:\d*(?:,\d|-\d)?|\*)+\s(?:\d*(?:,\d|-\d)?|\*)+\s\*\s*\s(?:\d*(?:,\d|-\d)?|\*)|@hourly|@weekly|@daily|@midnight)+.*aide\s.*--check</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_periodic_cron_checking_etc_cron_hourly:obj:1" version="1">
      <ind:path>/etc/cron.hourly</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#).*aide\s.*--check</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_periodic_cron_checking_etc_cron_daily:obj:1" version="1">
      <ind:path>/etc/cron.daily</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#).*aide\s.*--check</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_periodic_cron_checking_etc_cron_weekly:obj:1" version="1">
      <ind:path>/etc/cron.weekly</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#).*aide\s.*--check</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/at.allow" id="oval:ssg-object_at_access_controlled_at_allow:obj:1" version="1">
      <unix:filepath>/etc/at.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/at.deny" id="oval:ssg-object_at_access_controlled_at_deny:obj:1" version="1">
      <unix:filepath>/etc/at.deny</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/at.deny" id="oval:ssg-object_at_deny_nonempty_at_deny_not_exist:obj:1" version="1">
      <unix:filepath>/etc/at.deny</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object comment="/etc/at.deny" id="oval:ssg-object_at_deny_nonempty_at_deny_empty:obj:1" version="1">
      <ind:filepath>/etc/at.deny</ind:filepath>
      <ind:pattern operation="pattern match">^.*(\S).*$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/at.allow" id="oval:ssg-object_at_system_accounts_at_allow_exists:obj:1" version="1">
      <unix:filepath>/etc/at.allow</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object comment="/etc/at.allow" id="oval:ssg-object_at_system_accounts_allow_list:obj:1" version="1">
      <ind:filepath>/etc/at.allow</ind:filepath>
      <ind:pattern operation="pattern match">^(.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">0</ind:instance>
    </ind:textfilecontent54_object>
    <unix:password_object id="oval:ssg-object_at_system_accounts_at_allow:obj:1" version="1">
      <unix:username operation="equals" var_ref="oval:ssg-var_at_system_accounts_allow_list:var:1" var_check="at least one" datatype="string"/>
      <filter action="include">oval:ssg-state_at_system_accounts_at_allow_root:ste:1</filter>
      <filter action="include">oval:ssg-state_at_system_accounts_at_allow_uid:ste:1</filter>
    </unix:password_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_audit_rules_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/audit.rules</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_audit_rules_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/audit/audit.rules</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chmod_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the chmod syscall.  

         A typical pattern would be: 
         -a exit,always -S chmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+chmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chmod_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the chmod syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S chmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+chmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chmod_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the chmod syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S chmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+chmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chmod_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the chmod syscall.  

         A typical pattern would be: 
         -a exit,always -S chmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+chmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chmod_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the chmod syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S chmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+chmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chmod_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the chmod syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S chmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+chmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chown_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+chown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chown32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+chown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chown_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+chown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chown32_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+chown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chown_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+chown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chown32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+chown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chown_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+chown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_chown32_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+chown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmod_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fchmod syscall.  

         A typical pattern would be: 
         -a exit,always -S fchmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fchmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmod_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fchmod syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fchmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmod_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fchmod syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fchmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmod_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fchmod syscall.  

         A typical pattern would be: 
         -a exit,always -S fchmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fchmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmod_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fchmod syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fchmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmod_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fchmod syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fchmod
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchmod)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmodat_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fchmodat syscall.  

         A typical pattern would be: 
         -a exit,always -S fchmodat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fchmodat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmodat_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fchmodat syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fchmodat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchmodat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmodat_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fchmodat syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fchmodat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchmodat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmodat_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fchmodat syscall.  

         A typical pattern would be: 
         -a exit,always -S fchmodat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fchmodat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmodat_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fchmodat syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fchmodat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchmodat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchmodat_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fchmodat syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fchmodat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchmodat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchown_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchown32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchown_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchown32_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchown_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchown32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchown_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchown32_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchownat_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fchownat syscall.  

         A typical pattern would be: 
         -a exit,always -S fchownat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fchownat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchownat_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fchownat syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fchownat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchownat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchownat_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fchownat syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fchownat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchownat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchownat_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fchownat syscall.  

         A typical pattern would be: 
         -a exit,always -S fchownat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fchownat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchownat_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fchownat syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fchownat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fchownat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fchownat_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fchownat syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fchownat
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fchownat)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fremovexattr_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -S fremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fremovexattr_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fremovexattr_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fremovexattr_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -S fremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fremovexattr_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fremovexattr_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fsetxattr_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -S fsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fsetxattr_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fsetxattr_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fsetxattr_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the fsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -S fsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+fsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fsetxattr_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the fsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S fsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+fsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_fsetxattr_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the fsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S fsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+fsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lchown_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+lchown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lchown32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+lchown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lchown_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+lchown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lchown32_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+lchown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lchown_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+lchown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lchown32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+lchown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lchown_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+lchown)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lchown32_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+lchown32)(?:[\s]+|$)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lremovexattr_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the lremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -S lremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+lremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lremovexattr_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the lremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S lremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+lremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lremovexattr_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the lremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S lremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+lremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lremovexattr_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the lremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -S lremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+lremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lremovexattr_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the lremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S lremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+lremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lremovexattr_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the lremovexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S lremovexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+lremovexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lsetxattr_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the lsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -S lsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+lsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lsetxattr_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the lsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S lsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+lsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lsetxattr_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the lsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S lsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+lsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lsetxattr_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the lsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -S lsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+lsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lsetxattr_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the lsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S lsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+lsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_lsetxattr_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the lsetxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S lsetxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+lsetxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_removexattr_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the removexattr syscall.  

         A typical pattern would be: 
         -a exit,always -S removexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+removexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_removexattr_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the removexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S removexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+removexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_removexattr_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the removexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S removexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+removexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_removexattr_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the removexattr syscall.  

         A typical pattern would be: 
         -a exit,always -S removexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+removexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_removexattr_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the removexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S removexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+removexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_removexattr_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the removexattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S removexattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+removexattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_setxattr_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the setxattr syscall.  

         A typical pattern would be: 
         -a exit,always -S setxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+setxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_setxattr_x32_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the setxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S setxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+setxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_setxattr_x64_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the setxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S setxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+setxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_setxattr_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Watch for the setxattr syscall.  

         A typical pattern would be: 
         -a exit,always -S setxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+setxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_setxattr_x32_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch.  Remember that we can still have x32 libs on x64
         Watch for the setxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b32 -S setxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b32[\s]+)(.*-S[\s]+setxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_dac_modification_setxattr_x64_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- What's going on here?
         Ensure we have both exit and always in the action list
         Syscall numbers between x64/x32 dont always line up so split them by 
           arch. Remember that we can still have x32 libs on x64 
         Watch for the setxattr syscall.  

         A typical pattern would be: 
         -a exit,always -F arch=b64 -S setxattr
    -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(?:.*-F[\s]+arch=b64[\s]+)(.*-S[\s]+setxattr)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_file_deletion_events_unlink_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+unlink)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_file_deletion_events_unlink_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+unlink)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_file_deletion_events_rmdir_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+rmdir)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_file_deletion_events_rmdir_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+rmdir)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_insmod_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/sbin/insmod\s+\-p\s+x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_rmmod_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/sbin/rmmod\s+\-p\s+x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_modprobe_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/sbin/modprobe\s+\-p\s+x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_init_module_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-a\s+exit,always\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+init_module</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_delete_module_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-a\s+exit,always\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+delete_module</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_insmod_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/sbin/insmod\s+\-p\s+x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_rmmod_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/sbin/rmmod\s+\-p\s+x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_modprobe_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/sbin/modprobe\s+\-p\s+x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_init_module_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-a\s+exit,always\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+init_module</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rule_kernel_module_loading_delete_module_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-a\s+exit,always\s+(\-F\s+arch=(b64|b32)\s+)?\-S\s+delete_module</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_login_events_var_log_faillog_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/var/log/faillog\s+\-p\s+(wa|aw|xaw|xwa|wxa|axw|awx|wax)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_login_events_var_log_lastlog_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/var/log/lastlog\s+\-p\s+(wa|aw|xaw|xwa|wxa|axw|awx|wax)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_login_events_var_log_faillog_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/var/log/faillog\s+\-p\s+(wa|aw|xaw|xwa|wxa|axw|awx|wax)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_login_events_var_log_lastlog_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/var/log/lastlog\s+\-p\s+(wa|aw|xaw|xwa|wxa|axw|awx|wax)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_sched_setparam_el4:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+.*-S[\s]+sched_setparam</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_sched_setparam_el5:obj:1" version="1">
      <ind:path>/etc/audit</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+.*-S[\s]+sched_setparam</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_sched_setscheduler_el4:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+.*-S[\s]+sched_setscheduler</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_sched_setscheduler_el5:obj:1" version="1">
      <ind:path>/etc/audit</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+.*-S[\s]+sched_setscheduler</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_setdomainname_el4:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+.*-S[\s]+setdomainname</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_setdomainname_el5:obj:1" version="1">
      <ind:path>/etc/audit</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+.*-S[\s]+setdomainname</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_sethostname_el4:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+.*-S[\s]+sethostname</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_sethostname_el5:obj:1" version="1">
      <ind:path>/etc/audit</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+.*-S[\s]+sethostname</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_adjtimex_x86_el4:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b32.*-S[\s]+adjtimex</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_adjtimex_x86_64_el4:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b64.*-S[\s]+adjtimex</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_adjtimex_x86_el5:obj:1" version="1">
      <ind:path>/etc/audit</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b32.*-S[\s]+adjtimex</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_adjtimex_x86_64_el5:obj:1" version="1">
      <ind:path>/etc/audit</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b64.*-S[\s]+adjtimex</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_clock_settime_x86_el4:obj:1" version="1">
      <!-- Standard location of 'audit.rules' file on RHEL-4 is '/etc/audit.rules' -->
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- The version of audit package on RHEL-4 doesn't support '-F a0=' argument yet.
         Therefore use simplified 'clock_settime' audit rule form below -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b32.*-S[\s]+clock_settime</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_clock_settime_x86_64_el4:obj:1" version="1">
      <!-- Standard location of 'audit.rules' file on RHEL-4 is '/etc/audit.rules' -->
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <!-- The version of audit package on RHEL-4 doesn't suppport '-F a0=' argument yet.
         Therefore use simplified 'clock_settime' audit rule form below -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b64.*-S[\s]+clock_settime</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_clock_settime_x86_el5:obj:1" version="1">
      <!-- Standard location of 'audit.rules' file on RHEL-5 and above is '/etc/audit/audit.rules' -->
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- The version of audit package on RHEL-5 already supports '-F a0=' argument. Therefore
         use more advanced 'clock_settime' audit rule version -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b32[\s]+-S[\s]+clock_settime[\s]+-F[\s]+a0=(?:0x)?0[\s]+(?:-F[\s]+key=|-k[\s]+)time-change[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_clock_settime_x86_64_el5:obj:1" version="1">
      <!-- Standard location of 'audit.rules' file on RHEL-5 and above is '/etc/audit/audit.rules' -->
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <!-- The version of audit package on RHEL-5 already supports '-F a0=' argument. Therefore
         use more advanced 'clock_settime' audit rule version -->
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+always,exit[\s]+-F[\s]+arch=b64[\s]+-S[\s]+clock_settime[\s]+-F[\s]+a0=(?:0x)?0[\s]+(?:-F[\s]+key=|-k[\s]+)time-change[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_settimeofday_x86_el4:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b32.*-S[\s]+settimeofday</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_settimeofday_x86_64_el4:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b64.*-S[\s]+settimeofday</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_settimeofday_x86_el5:obj:1" version="1">
      <ind:path>/etc/audit</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b32.*-S[\s]+settimeofday</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_settimeofday_x86_64_el5:obj:1" version="1">
      <ind:path>/etc/audit</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b64.*-S[\s]+settimeofday</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_stime_x86_el4:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b32.*-S[\s]+stime</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_audit_rules_time_stime_x86_el5:obj:1" version="1">
      <ind:path>/etc/audit</ind:path>
      <ind:filename>audit.rules</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+-F[\s]+arch=b32.*-S[\s]+stime</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_creat_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+creat).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_creat_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+creat).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_creat_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+creat).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_creat_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+creat).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_creat_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+creat).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_creat_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+creat).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_ftruncate_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+ftruncate).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_ftruncate_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+ftruncate).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_ftruncate_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+ftruncate).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_ftruncate_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+ftruncate).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_ftruncate_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+ftruncate).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_ftruncate_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+ftruncate).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_open_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+open).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_open_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+open).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_open_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+open).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_open_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+open).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_open_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+open).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_open_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+open).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_openat_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+openat).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_openat_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+openat).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_openat_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+openat).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_openat_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+openat).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_openat_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+openat).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_openat_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+openat).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_truncate_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+truncate).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_truncate_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+truncate).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_truncate_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+truncate).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_fail_truncate_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+truncate).*\-F\s+success=0</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eacces_truncate_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+truncate).*\-F\s+exit=\-EACCES</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_unsuccessful_file_modification_eperm_truncate_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*-a[\s]+exit,always[\s]+(.*-S[\s]+truncate).*\-F\s+exit=\-EPERM</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_usr_sbin_useradd_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/useradd\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_usr_sbin_groupadd_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/groupadd\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_etc_passwd_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/passwd\s+\-p\s+(?:w)?(?:x)?a</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_etc_shadow_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/shadow\s+\-p\s+(?:w)?(?:x)?a</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_etc_group_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/group\s+\-p\s+(?:w)?(?:x)?a</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_etc_gshadow_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/gshadow\s+\-p\s+(?:w)?(?:x)?a</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_usr_sbin_useradd_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/useradd\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_usr_sbin_groupadd_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/groupadd\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_etc_passwd_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/passwd\s+\-p\s+(?:w)?(?:x)?a</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_etc_shadow_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/shadow\s+\-p\s+(?:w)?(?:x)?a</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_etc_group_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/group\s+\-p\s+(?:w)?(?:x)?a</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_creation_etc_gshadow_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/gshadow\s+\-p\s+(?:w)?(?:x)?a</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_disabling_usr_bin_passwd_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/bin/passwd\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_disabling_usr_bin_passwd_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/bin/passwd\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_usr_sbin_usermod_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/usermod\s+\-p\s+(?:w)?(?:a)?x(?:w)?(?:a)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_usr_sbin_groupmod_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/groupmod\s+\-p\s+(?:w)?(?:a)?x(?:w)?(?:a)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_etc_passwd_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/passwd\s+\-p\s+(?:a)?(?:x)?w(?:a)?(?:x)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_etc_shadow_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/shadow\s+\-p\s+(?:a)?(?:x)?w(?:a)?(?:x)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_etc_group_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/group\s+\-p\s+(?:a)?(?:x)?w(?:a)?(?:x)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_etc_gshadow_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/gshadow\s+\-p\s+(?:a)?(?:x)?w(?:a)?(?:x)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_usr_sbin_usermod_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/usermod\s+\-p\s+(?:w)?(?:a)?x(?:w)?(?:a)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_usr_sbin_groupmod_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/groupmod\s+\-p\s+(?:w)?(?:a)?x(?:w)?(?:a)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_etc_passwd_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/passwd\s+\-p\s+(?:a)?(?:x)?w(?:a)?(?:x)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_etc_shadow_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/shadow\s+\-p\s+(?:a)?(?:x)?w(?:a)?(?:x)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_etc_group_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/group\s+\-p\s+(?:a)?(?:x)?w(?:a)?(?:x)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_modification_etc_gshadow_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/etc/gshadow\s+\-p\s+(?:a)?(?:x)?w(?:a)?(?:x)?</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_termination_usr_sbin_userdel_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/userdel\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_termination_usr_sbin_groupdel_el4:obj:1" version="1">
      <ind:filepath>/etc/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/groupdel\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_termination_usr_sbin_userdel_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/userdel\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_rules_usergroup_termination_usr_sbin_groupdel_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/audit.rules</ind:filepath>
      <ind:pattern operation="pattern match">^\-w\s+/usr/sbin/groupdel\s+\-p\s+(?:w)?(?:a)?x</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audit_enabled_on_kernel_cmdline:obj:1" version="1">
      <ind:filepath>/boot/grub/grub.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*kernel\s/vmlinuz.*audit=(1).*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_audispds_syslog_plugin_enabled:obj:1" version="1">
      <ind:filepath>/etc/audisp/plugins.d/syslog.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*active[\s]*=[\s]*(yes)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_disk_error_action_el4:obj:1" version="1">
      <ind:filepath>/etc/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^disk_error_action\s*=\s*(exec|halt|single|syslog)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_disk_full_action_el4:obj:1" version="1">
      <ind:filepath>/etc/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^disk_full_action\s*=\s*(exec|halt|single|syslog)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_disk_error_action_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^disk_error_action\s*=\s*(exec|halt|single|syslog)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_disk_full_action_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^disk_full_action\s*=\s*(exec|halt|single|syslog)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_space_left_action_exec_syslog_el4:obj:1" version="1">
      <ind:filepath>/etc/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^space_left_action\s*=\s*(exec|syslog)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_space_left_action_email_el4:obj:1" version="1">
      <ind:filepath>/etc/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^space_left_action\s*=\s*(email)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_action_mail_acct_root_el4:obj:1" version="1">
      <ind:filepath>/etc/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^action_mail_acct\s*=\s*(root)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_action_mail_acct_external_el4:obj:1" version="1">
      <ind:filepath>/etc/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^action_mail_acct\s*=\s*(\S+@\S+\.\S+)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_space_left_action_exec_syslog_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^space_left_action\s*=\s*(exec|syslog)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_space_left_action_email_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^space_left_action\s*=\s*(email)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_action_mail_acct_root_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^action_mail_acct\s*=\s*(root)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_action_mail_acct_external_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^action_mail_acct\s*=\s*(\S+@\S+\.\S+)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:rpminfo_object id="oval:ssg-obj_auditd_data_retention_audit_storage_failure_package_sendmail_installed:obj:1" version="1">
      <linux:name>sendmail</linux:name>
    </linux:rpminfo_object>
    <ind:textfilecontent54_object id="oval:ssg-object_banner_etc_issue:obj:1" version="1">
      <ind:filepath>/etc/issue</ind:filepath>
      <ind:pattern var_ref="oval:ssg-system_login_banner_text:var:1" operation="pattern match"/>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:xmlfilecontent_object id="oval:ssg-object_banner_gui_enabled:obj:1" version="1">
      <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gdm/simple-greeter/%gconf.xml</ind:filepath>
      <ind:xpath>/gconf/entry[@name='banner_message_enable']/@value</ind:xpath>
    </ind:xmlfilecontent_object>
    <ind:xmlfilecontent_object id="oval:ssg-object_set_gdm_login_banner_text:obj:1" version="1">
      <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gdm/simple-greeter/%gconf.xml</ind:filepath>
      <ind:xpath datatype="string" operation="equals">/gconf/entry[@name='banner_message_text']/stringvalue[1]/text()</ind:xpath>
    </ind:xmlfilecontent_object>
    <unix:file_object id="oval:ssg-object_baseline_device_files_exists:obj:1" version="1">
      <unix:filepath operation="equals">/var/log/device-file-list</unix:filepath>
    </unix:file_object>
    <unix:file_object id="oval:ssg-object_baseline_device_files_cron:obj:1" version="1">
      <unix:filepath operation="equals">/etc/cron.weekly/baseline_checker.sh</unix:filepath>
    </unix:file_object>
    <unix:file_object id="oval:ssg-object_baseline_sgid_files_exists:obj:1" version="1">
      <unix:filepath operation="equals">/var/log/sgid-file-list</unix:filepath>
    </unix:file_object>
    <unix:file_object id="oval:ssg-object_baseline_sgid_files_cron:obj:1" version="1">
      <unix:filepath operation="equals">/etc/cron.weekly/baseline_checker.sh</unix:filepath>
    </unix:file_object>
    <unix:file_object id="oval:ssg-object_baseline_suid_files_exists:obj:1" version="1">
      <unix:filepath operation="equals">/var/log/suid-file-list</unix:filepath>
    </unix:file_object>
    <unix:file_object id="oval:ssg-object_baseline_suid_files_cron:obj:1" version="1">
      <unix:filepath operation="equals">/etc/cron.weekly/baseline_checker.sh</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_bootloader_audit_argument:obj:1" version="1">
      <ind:path>/boot/grub</ind:path>
      <ind:filename>grub.conf</ind:filename>
      <ind:pattern operation="pattern match">^\s*kernel\s+(?:/boot)*/vmlinuz.*audit=1.*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object id="oval:ssg-object_bootloader_exists:obj:1" version="1">
      <unix:filepath operation="equals">/boot/grub/grub.conf</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_bootloader_nousb_argument:obj:1" version="1">
      <ind:path>/boot/grub</ind:path>
      <ind:filename>grub.conf</ind:filename>
      <ind:pattern operation="pattern match">^\s*kernel\s+(?:/boot)*/vmlinuz.*nousb.*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_bootloader_password:obj:1" version="1">
      <ind:path>/boot/grub</ind:path>
      <ind:filename>grub.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*password[\s]+--[a-zA-Z0-9-]+[\s]+[\S]+$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_bootloader_password_hash:obj:1" version="1">
      <ind:path>/boot/grub</ind:path>
      <ind:filename>grub.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*password[\s]+--([a-zA-Z0-9-]+)[\s]+[\S]+$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/cron.allow" id="oval:ssg-object_cron_access_controlled_cron_allow:obj:1" version="1">
      <unix:filepath>/etc/cron.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.deny" id="oval:ssg-object_cron_access_controlled_cron_deny:obj:1" version="1">
      <unix:filepath>/etc/cron.deny</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.allow" id="oval:ssg-object_cron_system_accounts_cron_allow_exists:obj:1" version="1">
      <unix:filepath>/etc/cron.allow</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object comment="/etc/cron.allow" id="oval:ssg-object_cron_system_accounts_allow_list:obj:1" version="1">
      <ind:filepath>/etc/cron.allow</ind:filepath>
      <ind:pattern operation="pattern match">^(.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">0</ind:instance>
    </ind:textfilecontent54_object>
    <unix:password_object id="oval:ssg-object_cron_system_accounts_cron_allow:obj:1" version="1">
      <unix:username operation="equals" var_ref="oval:ssg-var_cron_system_accounts_allow_list:var:1" var_check="at least one" datatype="string"/>
      <filter action="include">oval:ssg-state_cron_system_accounts_cron_allow_root:ste:1</filter>
      <filter action="include">oval:ssg-state_cron_system_accounts_cron_allow_uid:ste:1</filter>
    </unix:password_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_dhcp_client_disable_ddns:obj:1" version="1">
      <ind:filepath>/etc/dhclient.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)do-forward-updates[\s]+(.*);[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="only local directories" id="oval:ssg-object_only_local_directories:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_world_writable_and_not_sticky:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="all local directories" id="oval:ssg-all_local_directories:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_gid_is_user_and_world_writable:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_disable_ctrlaltdel_reboot_conf:obj:1" version="1">
      <ind:filepath>/etc/inittab</ind:filepath>
      <ind:pattern operation="pattern match">^(?!#).*\:ctrlaltdel\:.*(shutdown|reboot).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_core_dumps_limitsconf:obj:1" version="1">
      <ind:path>/etc/security</ind:path>
      <ind:filename>limits.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*\*[\s]+hard[\s]+core[\s]+([\d]+)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nosignature_etc_rpmrc:obj:1" comment="check for nosignature in /etc/rpmrc" version="1">
      <ind:filepath>/etc/rpmrc</ind:filepath>
      <ind:pattern operation="pattern match">^(?:.*)?(nosignature)(?:.*)?$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nosignature_usr_lib_rpm_rpmrc:obj:1" comment="check for nosignature in /usr/lib/rpm/rpmrc" version="1">
      <ind:filepath>/usr/lib/rpm/rpmrc</ind:filepath>
      <ind:pattern operation="pattern match">^(?:.*)?(nosignature)(?:.*)?$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nosignature_usr_lib_rpm_redhat_rpmrc:obj:1" comment="check for nosignature in /usr/lib/rpm/redhat/rpmrc" version="1">
      <ind:filepath>/usr/lib/rpm/redhat/rpmrc</ind:filepath>
      <ind:pattern operation="pattern match">^(?:.*)?(nosignature)(?:.*)?$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nosignature_root_rpmrc:obj:1" comment="check for nosignature in /root/rpmrc" version="1">
      <ind:filepath>/root/rpmrc</ind:filepath>
      <ind:pattern operation="pattern match">^(?:.*)?(nosignature)(?:.*)?$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ensure_gpgcheck_never_disabled_repos:obj:1" version="1">
      <ind:path>/etc/yum.repos.d</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^\s*gpgcheck\s*=\s*0\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ensure_gpgcheck_never_disabled_conf:obj:1" comment="gpgcheck set in /etc/yum.conf" version="1">
      <ind:filepath>/etc/yum.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*gpgcheck\s*=\s*0\s*$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/postfix/aliases" id="oval:ssg-object_file_groupowner_aliases_postfix_aliases:obj:1" version="1">
      <unix:filepath>/etc/postfix/aliases</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/postfix/aliases.db" id="oval:ssg-object_file_groupowner_aliases_postfix_aliases_db:obj:1" version="1">
      <unix:filepath>/etc/postfix/aliases.db</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/aliases" id="oval:ssg-object_file_groupowner_aliases_sendmail_aliases:obj:1" version="1">
      <unix:filepath>/etc/aliases</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/aliases.db" id="oval:ssg-object_file_groupowner_aliases_sendmail_aliases_db:obj:1" version="1">
      <unix:filepath>/etc/aliases.db</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="List of files referenced in /etc/aliases" id="oval:ssg-object_file_groupowner_aliases_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_groupowner_aliases_files_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_aliases_files_list:obj:1" version="1">
      <ind:filepath>/etc/aliases</ind:filepath>
      <ind:pattern operation="pattern match">^[^#].*\s(/.*)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/dev/audio*" id="oval:ssg-object_file_groupowner_dev_audio:obj:1" version="1">
      <unix:path operation="equals">/dev</unix:path>
      <unix:filename operation="pattern match">^audio.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/dev/snd/*" id="oval:ssg-object_file_groupowner_dev_snd:obj:1" version="1">
      <unix:path operation="equals">/dev/snd</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_audit_log_list_el4:obj:1" version="1">
      <ind:filepath>/etc/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^log_file\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of audit log files" id="oval:ssg-object_file_groupowner_audit_log_el4:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_groupowner_audit_log_list_el4:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_audit_log_list_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^log_file\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of audit log files" id="oval:ssg-object_file_groupowner_audit_log_el5:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_groupowner_audit_log_list_el5:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/sbin/auditctl" id="oval:ssg-object_file_groupowner_sbin_auditctl:obj:1" version="1">
      <unix:filepath>/sbin/auditctl</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/auditd" id="oval:ssg-object_file_groupowner_sbin_auditd:obj:1" version="1">
      <unix:filepath>/sbin/auditd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/ausearch" id="oval:ssg-object_file_groupowner_sbin_ausearch:obj:1" version="1">
      <unix:filepath>/sbin/ausearch</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/aureport" id="oval:ssg-object_file_groupowner_sbin_aureport:obj:1" version="1">
      <unix:filepath>/sbin/aureport</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/autrace" id="oval:ssg-object_file_groupowner_sbin_autrace:obj:1" version="1">
      <unix:filepath>/sbin/autrace</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/audispd" id="oval:ssg-object_file_groupowner_sbin_audispd:obj:1" version="1">
      <unix:filepath>/sbin/audispd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/bin/traceroute" id="oval:ssg-object_file_groupowner_bin_traceroute:obj:1" version="1">
      <unix:filepath>/bin/traceroute</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc directories" id="oval:ssg-file_groupowner_binary_dirs_object_etc_dir:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/etc</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/etc files" id="oval:ssg-object_file_groupowner_binary_dirs_etc_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/etc</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/bin directories" id="oval:ssg-file_groupowner_binary_dirs_object_bin_dir:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/bin</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/bin files" id="oval:ssg-object_file_groupowner_binary_dirs_bin_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/bin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/bin directories" id="oval:ssg-file_groupowner_binary_dirs_object_usr_bin_dir:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/bin</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/bin files" id="oval:ssg-object_file_groupowner_binary_dirs_usr_bin_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/bin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/lbin directories" id="oval:ssg-file_groupowner_binary_dirs_object_usr_lbin_dir:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/lbin</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/lbin files" id="oval:ssg-object_file_groupowner_binary_dirs_usr_lbin_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/lbin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/usb directories" id="oval:ssg-file_groupowner_binary_dirs_object_usr_usb_dir:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/usb</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/usb files" id="oval:ssg-object_file_groupowner_binary_dirs_usr_usb_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/usb</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/sbin directories" id="oval:ssg-file_groupowner_binary_dirs_object_sbin_dir:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/sbin</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/sbin files" id="oval:ssg-object_file_groupowner_binary_dirs_sbin_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/sbin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/sbin directories" id="oval:ssg-file_groupowner_binary_dirs_object_usr_sbin_dir:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/sbin</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/sbin files" id="oval:ssg-object_file_groupowner_binary_dirs_usr_sbin_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/sbin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_core_dump_dir_list:obj:1" version="1">
      <ind:filepath>/etc/kdump.conf</ind:filepath>
      <ind:pattern operation="pattern match">path\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="Core dump directory" id="oval:ssg-object_file_groupowner_core_dump_dir:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_groupowner_core_dump_dir_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.d/" id="oval:ssg-object_file_groupowner_dir_etc_cron_d:obj:1" version="1">
      <unix:path>/etc/cron.d</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.daily/" id="oval:ssg-object_file_groupowner_dir_etc_cron_daily:obj:1" version="1">
      <unix:path>/etc/cron.daily</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.hourly/" id="oval:ssg-object_file_groupowner_dir_etc_cron_hourly:obj:1" version="1">
      <unix:path>/etc/cron.hourly</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.monthly/" id="oval:ssg-object_file_groupowner_dir_etc_cron_monthly:obj:1" version="1">
      <unix:path>/etc/cron.monthly</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.weekly/" id="oval:ssg-object_file_groupowner_dir_etc_cron_weekly:obj:1" version="1">
      <unix:path>/etc/cron.weekly</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/var/spool/cron/" id="oval:ssg-object_file_groupowner_dir_var_spool_cron:obj:1" version="1">
      <unix:path operation="equals">/var/spool/cron</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/crontab" id="oval:ssg-object_file_groupowner_etc_crontab:obj:1" version="1">
      <unix:filepath>/etc/crontab</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.d/*" id="oval:ssg-object_file_groupowner_etc_cron_d:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.d</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.daily/*" id="oval:ssg-object_file_groupowner_etc_cron_daily:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.daily</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.hourly/*" id="oval:ssg-object_file_groupowner_etc_cron_hourly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.hourly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.monthly/*" id="oval:ssg-object_file_groupowner_etc_cron_monthly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.monthly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.weekly/*" id="oval:ssg-object_file_groupowner_etc_cron_weekly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.weekly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/spool/cron/*" id="oval:ssg-object_file_groupowner_var_spool_cron:obj:1" version="1">
      <unix:path operation="equals">/var/spool/cron</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/at.allow" id="oval:ssg-object_file_groupowner_etc_at_allow:obj:1" version="1">
      <unix:filepath>/etc/at.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/at.deny" id="oval:ssg-object_file_groupowner_etc_at_deny:obj:1" version="1">
      <unix:filepath>/etc/at.deny</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.allow" id="oval:ssg-object_file_groupowner_etc_cron_allow:obj:1" version="1">
      <unix:filepath>/etc/cron.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.deny" id="oval:ssg-object_file_groupowner_etc_cron_deny:obj:1" version="1">
      <unix:filepath>/etc/cron.deny</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_etc_cups_printers_conf_list:obj:1" version="1">
      <ind:filepath>/etc/group</ind:filepath>
      <ind:pattern operation="pattern match">^(?:root|bin|sys|lp):x:([0-9]+):</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/cups/printers.conf" id="oval:ssg-object_file_groupowner_etc_cups_printers_conf:obj:1" version="1">
      <unix:filepath>/etc/cups/printers.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/exports" id="oval:ssg-object_file_groupowner_etc_exports:obj:1" version="1">
      <unix:filepath>/etc/exports</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/group" id="oval:ssg-object_file_groupowner_etc_group:obj:1" version="1">
      <unix:filepath>/etc/group</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/gshadow" id="oval:ssg-object_file_groupowner_etc_gshadow:obj:1" version="1">
      <unix:filepath>/etc/gshadow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/hosts" id="oval:ssg-object_file_groupowner_etc_hosts:obj:1" version="1">
      <unix:filepath>/etc/hosts</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ldap.conf" id="oval:ssg-object_file_groupowner_etc_ldap_conf:obj:1" version="1">
      <unix:filepath>/etc/ldap.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/nsswitch.conf" id="oval:ssg-object_file_groupowner_etc_nsswitch_conf:obj:1" version="1">
      <unix:filepath>/etc/nsswitch.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ntp.conf" id="oval:ssg-object_file_groupowner_etc_ntp_conf:obj:1" version="1">
      <unix:filepath>/etc/ntp.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/passwd" id="oval:ssg-object_file_groupowner_etc_passwd:obj:1" version="1">
      <unix:filepath>/etc/passwd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/resolv.conf" id="oval:ssg-object_file_groupowner_etc_resolv_conf:obj:1" version="1">
      <unix:filepath>/etc/resolv.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/smb.conf" id="oval:ssg-object_file_groupowner_etc_samba_smb_conf:obj:1" version="1">
      <unix:filepath>/etc/samba/smb.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/passdb.tdb" id="oval:ssg-object_file_groupowner_etc_samba_passdb_tdb:obj:1" version="1">
      <unix:filepath>/etc/samba/passdb.tdb</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/secrets.tdb" id="oval:ssg-object_file_groupowner_etc_samba_secrets_tdb:obj:1" version="1">
      <unix:filepath>/etc/samba/secrets.tdb</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/securetty" id="oval:ssg-object_file_groupowner_etc_securetty:obj:1" version="1">
      <unix:filepath>/etc/securetty</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/security/access.conf" id="oval:ssg-object_file_groupowner_etc_security_access_conf:obj:1" version="1">
      <unix:filepath>/etc/security/access.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/services" id="oval:ssg-object_file_groupowner_etc_services:obj:1" version="1">
      <unix:filepath>/etc/services</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/skel/*" id="oval:ssg-object_file_groupowner_etc_skel:obj:1" version="1">
      <unix:path>/etc/skel</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/sysctl.conf" id="oval:ssg-object_file_groupowner_etc_sysctl_conf:obj:1" version="1">
      <unix:filepath>/etc/sysctl.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/syslog.conf" id="oval:ssg-object_file_groupowner_etc_syslog_conf:obj:1" version="1">
      <unix:filepath>/etc/syslog.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/xinetd.conf" id="oval:ssg-object_file_groupowner_etc_xinetd_conf:obj:1" version="1">
      <unix:filepath>/etc/xinetd.conf</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_exports_dirs_list:obj:1" version="1">
      <ind:filepath>/etc/exports</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(/[\S]+)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of files referenced in /etc/exports" id="oval:ssg-object_file_groupowner_exports_dirs:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_groupowner_exports_dirs_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/etc/ftpusers" id="oval:ssg-object_file_groupowner_etc_ftpusers:obj:1" version="1">
      <unix:filepath>/etc/ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd.ftpusers" id="oval:ssg-object_file_groupowner_etc_vsftpd_ftpusers1:obj:1" version="1">
      <unix:filepath>/etc/vsftpd.ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd/ftpusers" id="oval:ssg-object_file_groupowner_etc_vsftpd_ftpusers2:obj:1" version="1">
      <unix:filepath>/etc/vsftpd/ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/bashrc" id="oval:ssg-object_file_groupowner_etc_bashrc:obj:1" version="1">
      <unix:filepath>/etc/bashrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.cshrc" id="oval:ssg-object_file_groupowner_etc_csh_cshrc:obj:1" version="1">
      <unix:filepath>/etc/csh.cshrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.login" id="oval:ssg-object_file_groupowner_etc_csh_login:obj:1" version="1">
      <unix:filepath>/etc/csh.login</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.logout" id="oval:ssg-object_file_groupowner_etc_csh_logout:obj:1" version="1">
      <unix:filepath>/etc/csh.logout</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/environment" id="oval:ssg-object_file_groupowner_etc_environment:obj:1" version="1">
      <unix:filepath>/etc/environment</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ksh.kshrc" id="oval:ssg-object_file_groupowner_etc_ksh_kshrc:obj:1" version="1">
      <unix:filepath>/etc/ksh.kshrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/profile" id="oval:ssg-object_file_groupowner_etc_profile:obj:1" version="1">
      <unix:filepath>/etc/profile</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/suid_profile" id="oval:ssg-object_file_groupowner_etc_suid_profile:obj:1" version="1">
      <unix:filepath>/etc/suid_profile</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/profile.d/*" id="oval:ssg-object_file_groupowner_etc_profiled:obj:1" version="1">
      <unix:path>/etc/profile.d</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/boot/grub/grub.conf" id="oval:ssg-object_file_groupowner_grub_conf:obj:1" version="1">
      <unix:filepath>/boot/grub/grub.conf</unix:filepath>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_groupowner_home_dirs_path_list:obj:1" version="1">
      <unix:username operation="pattern match">^.*$</unix:username>
      <filter action="include">oval:ssg-state_file_groupowner_home_dirs_path_group:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_groupowner_home_dirs_path_nfs_group:ste:1</filter>
    </unix:password_object>
    <unix:file_object comment="/home/*" id="oval:ssg-object_file_groupowner_home_dirs:obj:1" version="1">
      <unix:path operation="equals" var_ref="oval:ssg-var_file_groupowner_home_dirs_path_list:var:1" var_check="at least one" datatype="string"/>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_groupowner_home_files_path_list:obj:1" version="1">
      <unix:username operation="pattern match">^.*$</unix:username>
      <filter action="include">oval:ssg-state_file_groupowner_home_files_path_group:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_groupowner_home_files_path_nfs_group:ste:1</filter>
    </unix:password_object>
    <unix:file_object comment="/home/*" id="oval:ssg-object_file_groupowner_home_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals" var_ref="oval:ssg-var_file_groupowner_home_files_path_list:var:1" var_check="at least one" datatype="string"/>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_ldap_cacerts_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_cacert\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS CA cert" id="oval:ssg-object_file_groupowner_ldap_cacerts:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_groupowner_ldap_cacerts_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_ldap_certs_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_cert\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS cert" id="oval:ssg-object_file_groupowner_ldap_certs:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_groupowner_ldap_certs_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_ldap_keys_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_key\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS key" id="oval:ssg-object_file_groupowner_ldap_keys:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_groupowner_ldap_keys_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_groupowner_local_initialization_files_path_list_home:obj:1" version="1">
      <unix:username operation="pattern match">^.*$</unix:username>
      <filter action="include">oval:ssg-state_file_groupowner_local_initialization_files_path_group_home:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_groupowner_local_initialization_files_path_nfs_group_home:ste:1</filter>
    </unix:password_object>
    <unix:file_object comment="local initialization files - /home" id="oval:ssg-object_file_groupowner_local_initialization_files_home:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals" var_ref="oval:ssg-var_file_groupowner_local_initialization_files_path_list_home:var:1" var_check="at least one" datatype="string"/>
      <unix:filename operation="pattern match">^(\.bashrc|\.bash_login|\.bash_logout|\.bash_profile|\.cshrc|\.kshrc|\.login|\.logout|\.profile|\.env|\.dtprofile|\.dispatch|\.emacs|\.exrc)$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_groupowner_local_initialization_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_groupowner_local_initialization_files_path_list_root:obj:1" version="1">
      <unix:username>root</unix:username>
    </unix:password_object>
    <unix:file_object comment="local initialization files - /root" id="oval:ssg-object_file_groupowner_local_initialization_files_root:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals" var_ref="oval:ssg-var_file_groupowner_local_initialization_files_path_list_root:var:1" var_check="at least one" datatype="string"/>
      <unix:filename operation="pattern match">^(\.bashrc|\.bash_login|\.bash_logout|\.bash_profile|\.cshrc|\.kshrc|\.login|\.logout|\.profile|\.env|\.dtprofile|\.dispatch|\.emacs|\.exrc)$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_groupowner_local_initialization_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/etc/rc*/*" id="oval:ssg-object_file_groupowner_etc_rc:obj:1" version="1">
      <unix:path operation="pattern match">/etc/rc*</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/init.d/*" id="oval:ssg-object_file_groupowner_etc_initd:obj:1" version="1">
      <unix:path>/etc/init.d</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_shell_files_list:obj:1" version="1">
      <ind:filepath>/etc/shells</ind:filepath>
      <ind:pattern operation="pattern match">^(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of files referenced in /etc/shells" id="oval:ssg-object_file_groupowner_shell_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_groupowner_shell_files_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_groupowner_snmpd_conf_list:obj:1" version="1">
      <ind:filepath>/etc/group</ind:filepath>
      <ind:pattern operation="pattern match">^(?:root|bin|sys|system):x:([0-9]+):</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="snmpd.conf" id="oval:ssg-object_file_groupowner_snmpd_conf:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename>snmpd.conf</unix:filename>
      <filter action="exclude">oval:ssg-state_file_groupowner_snmpd_conf_symlink:ste:1</filter>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_groupowner_var_spool_at_list:obj:1" version="1">
      <unix:username operation="pattern match">^(root|bin|sys|daemon|cron)$</unix:username>
    </unix:password_object>
    <unix:file_object comment="/var/spool/at/*" id="oval:ssg-object_file_groupowner_var_spool_at:obj:1" version="1">
      <unix:path>/var/spool/at</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/yp/*" id="oval:ssg-object_file_groupowner_var_yp:obj:1" version="1">
      <unix:path>/var/yp</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/postfix/aliases" id="oval:ssg-object_file_owner_aliases_postfix_aliases:obj:1" version="1">
      <unix:filepath>/etc/postfix/aliases</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/postfix/aliases.db" id="oval:ssg-object_file_owner_aliases_postfix_aliases_db:obj:1" version="1">
      <unix:filepath>/etc/postfix/aliases.db</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/aliases" id="oval:ssg-object_file_owner_aliases_sendmail_aliases:obj:1" version="1">
      <unix:filepath>/etc/aliases</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/aliases.db" id="oval:ssg-object_file_owner_aliases_sendmail_aliases_db:obj:1" version="1">
      <unix:filepath>/etc/aliases.db</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="List of files referenced in /etc/aliases" id="oval:ssg-object_file_owner_aliases_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_aliases_files_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_aliases_files_list:obj:1" version="1">
      <ind:filepath>/etc/aliases</ind:filepath>
      <ind:pattern operation="pattern match">^[^#].*\s(/.*)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/dev/audio*" id="oval:ssg-object_file_owner_dev_audio:obj:1" version="1">
      <unix:path operation="equals">/dev</unix:path>
      <unix:filename operation="pattern match">^audio.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/dev/snd/*" id="oval:ssg-object_file_owner_dev_snd:obj:1" version="1">
      <unix:path operation="equals">/dev/snd</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_audit_log_list_el4:obj:1" version="1">
      <ind:filepath>/etc/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^log_file\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of audit log files" id="oval:ssg-object_file_owner_audit_log_el4:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_audit_log_list_el4:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_audit_log_list_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^log_file\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of audit log files" id="oval:ssg-object_file_owner_audit_log_el5:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_audit_log_list_el5:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/sbin/auditctl" id="oval:ssg-object_file_owner_sbin_auditctl:obj:1" version="1">
      <unix:filepath>/sbin/auditctl</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/auditd" id="oval:ssg-object_file_owner_sbin_auditd:obj:1" version="1">
      <unix:filepath>/sbin/auditd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/ausearch" id="oval:ssg-object_file_owner_sbin_ausearch:obj:1" version="1">
      <unix:filepath>/sbin/ausearch</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/aureport" id="oval:ssg-object_file_owner_sbin_aureport:obj:1" version="1">
      <unix:filepath>/sbin/aureport</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/autrace" id="oval:ssg-object_file_owner_sbin_autrace:obj:1" version="1">
      <unix:filepath>/sbin/autrace</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/audispd" id="oval:ssg-object_file_owner_sbin_audispd:obj:1" version="1">
      <unix:filepath>/sbin/audispd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/bin/traceroute" id="oval:ssg-object_file_owner_bin_traceroute:obj:1" version="1">
      <unix:filepath>/bin/traceroute</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_core_dump_dir_list:obj:1" version="1">
      <ind:filepath>/etc/kdump.conf</ind:filepath>
      <ind:pattern operation="pattern match">path\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="Core dump directory" id="oval:ssg-object_file_owner_core_dump_dir:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_core_dump_dir_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.d/" id="oval:ssg-object_file_owner_dir_etc_cron_d:obj:1" version="1">
      <unix:path>/etc/cron.d</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.daily/" id="oval:ssg-object_file_owner_dir_etc_cron_daily:obj:1" version="1">
      <unix:path>/etc/cron.daily</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.hourly/" id="oval:ssg-object_file_owner_dir_etc_cron_hourly:obj:1" version="1">
      <unix:path>/etc/cron.hourly</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.monthly/" id="oval:ssg-object_file_owner_dir_etc_cron_monthly:obj:1" version="1">
      <unix:path>/etc/cron.monthly</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.weekly/" id="oval:ssg-object_file_owner_dir_etc_cron_weekly:obj:1" version="1">
      <unix:path>/etc/cron.weekly</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/var/spool/cron/" id="oval:ssg-object_file_owner_dir_var_spool_cron:obj:1" version="1">
      <unix:path operation="equals">/var/spool/cron</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/crontab" id="oval:ssg-object_file_owner_etc_crontab:obj:1" version="1">
      <unix:filepath>/etc/crontab</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.d/*" id="oval:ssg-object_file_owner_etc_cron_d:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.d</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.daily/*" id="oval:ssg-object_file_owner_etc_cron_daily:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.daily</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.hourly/*" id="oval:ssg-object_file_owner_etc_cron_hourly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.hourly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.monthly/*" id="oval:ssg-object_file_owner_etc_cron_monthly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.monthly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.weekly/*" id="oval:ssg-object_file_owner_etc_cron_weekly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.weekly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/spool/cron/*" id="oval:ssg-object_file_owner_var_spool_cron:obj:1" version="1">
      <unix:path operation="equals">/var/spool/cron</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/at.allow" id="oval:ssg-object_file_owner_etc_at_allow:obj:1" version="1">
      <unix:filepath>/etc/at.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/at.deny" id="oval:ssg-object_file_owner_etc_at_deny:obj:1" version="1">
      <unix:filepath>/etc/at.deny</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.allow" id="oval:ssg-object_file_owner_etc_cron_allow:obj:1" version="1">
      <unix:filepath>/etc/cron.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.deny" id="oval:ssg-object_file_owner_etc_cron_deny:obj:1" version="1">
      <unix:filepath>/etc/cron.deny</unix:filepath>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_owner_etc_cups_printers_conf_list:obj:1" version="1">
      <unix:username operation="pattern match">^(root|bin|sys|lp)$</unix:username>
    </unix:password_object>
    <unix:file_object comment="/etc/cups/printers.conf" id="oval:ssg-object_file_owner_etc_cups_printers_conf:obj:1" version="1">
      <unix:filepath>/etc/cups/printers.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/exports" id="oval:ssg-object_file_owner_etc_exports:obj:1" version="1">
      <unix:filepath>/etc/exports</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/group" id="oval:ssg-object_file_owner_etc_group:obj:1" version="1">
      <unix:path>/etc</unix:path>
      <unix:filename>group</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/gshadow" id="oval:ssg-object_file_owner_etc_gshadow:obj:1" version="1">
      <unix:path>/etc</unix:path>
      <unix:filename>gshadow</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/hosts" id="oval:ssg-object_file_owner_etc_hosts:obj:1" version="1">
      <unix:filepath>/etc/hosts</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ldap.conf" id="oval:ssg-object_file_owner_etc_ldap_conf:obj:1" version="1">
      <unix:filepath>/etc/ldap.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/nsswitch.conf" id="oval:ssg-object_file_owner_etc_nsswitch_conf:obj:1" version="1">
      <unix:filepath>/etc/nsswitch.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ntp.conf" id="oval:ssg-object_file_owner_etc_ntp_conf:obj:1" version="1">
      <unix:filepath>/etc/ntp.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/passwd" id="oval:ssg-object_file_owner_etc_passwd:obj:1" version="1">
      <unix:path>/etc</unix:path>
      <unix:filename>passwd</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/resolv.conf" id="oval:ssg-object_file_owner_etc_resolv_conf:obj:1" version="1">
      <unix:filepath>/etc/resolv.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/smb.conf" id="oval:ssg-object_file_owner_etc_samba_smb_conf:obj:1" version="1">
      <unix:filepath>/etc/samba/smb.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/passdb.tdb" id="oval:ssg-object_file_owner_etc_samba_passdb_tdb:obj:1" version="1">
      <unix:filepath>/etc/samba/passdb.tdb</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/secrets.tdb" id="oval:ssg-object_file_owner_etc_samba_secrets_tdb:obj:1" version="1">
      <unix:filepath>/etc/samba/secrets.tdb</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/securetty" id="oval:ssg-object_file_owner_etc_securetty:obj:1" version="1">
      <unix:filepath>/etc/securetty</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/security/access.conf" id="oval:ssg-object_file_owner_etc_security_access_conf:obj:1" version="1">
      <unix:filepath>/etc/security/access.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/services" id="oval:ssg-object_file_owner_etc_services:obj:1" version="1">
      <unix:filepath>/etc/services</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/shadow" id="oval:ssg-object_file_etc_shadow:obj:1" version="1">
      <unix:filepath>/etc/shadow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/skel/*" id="oval:ssg-object_file_owner_etc_skel:obj:1" version="1">
      <unix:path>/etc/skel</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/sysctl.conf" id="oval:ssg-object_file_owner_etc_sysctl_conf:obj:1" version="1">
      <unix:filepath>/etc/sysctl.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/syslog.conf" id="oval:ssg-object_file_owner_etc_syslog_conf:obj:1" version="1">
      <unix:filepath>/etc/syslog.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/xinetd.conf" id="oval:ssg-object_file_owner_etc_xinetd_conf:obj:1" version="1">
      <unix:filepath>/etc/xinetd.conf</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_exports_dirs_list:obj:1" version="1">
      <ind:filepath>/etc/exports</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(/[\S]+)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of files referenced in /etc/exports" id="oval:ssg-object_file_owner_exports_dirs:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_exports_dirs_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/etc/ftpusers" id="oval:ssg-object_file_owner_etc_ftpusers:obj:1" version="1">
      <unix:filepath>/etc/ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd.ftpusers" id="oval:ssg-object_file_owner_etc_vsftpd_ftpusers1:obj:1" version="1">
      <unix:filepath>/etc/vsftpd.ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd/ftpusers" id="oval:ssg-object_file_owner_etc_vsftpd_ftpusers2:obj:1" version="1">
      <unix:filepath>/etc/vsftpd/ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/bashrc" id="oval:ssg-object_file_owner_etc_bashrc:obj:1" version="1">
      <unix:filepath>/etc/bashrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.cshrc" id="oval:ssg-object_file_owner_etc_csh_cshrc:obj:1" version="1">
      <unix:filepath>/etc/csh.cshrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.login" id="oval:ssg-object_file_owner_etc_csh_login:obj:1" version="1">
      <unix:filepath>/etc/csh.login</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.logout" id="oval:ssg-object_file_owner_etc_csh_logout:obj:1" version="1">
      <unix:filepath>/etc/csh.logout</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/environment" id="oval:ssg-object_file_owner_etc_environment:obj:1" version="1">
      <unix:filepath>/etc/environment</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ksh.kshrc" id="oval:ssg-object_file_owner_etc_ksh_kshrc:obj:1" version="1">
      <unix:filepath>/etc/ksh.kshrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/profile" id="oval:ssg-object_file_owner_etc_profile:obj:1" version="1">
      <unix:filepath>/etc/profile</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/suid_profile" id="oval:ssg-object_file_owner_etc_suid_profile:obj:1" version="1">
      <unix:filepath>/etc/suid_profile</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/profile.d/*" id="oval:ssg-object_file_owner_etc_profiled:obj:1" version="1">
      <unix:path>/etc/profile.d</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/boot/grub/grub.conf" id="oval:ssg-object_file_owner_grub_conf:obj:1" version="1">
      <unix:filepath>/boot/grub/grub.conf</unix:filepath>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_owner_home_dirs_path_list:obj:1" version="1">
      <unix:username operation="pattern match">^.*$</unix:username>
      <filter action="include">oval:ssg-state_file_owner_home_dirs_path_user:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_owner_home_dirs_path_nfs_user:ste:1</filter>
    </unix:password_object>
    <unix:file_object comment="/home/*" id="oval:ssg-object_file_owner_home_dirs:obj:1" version="1">
      <unix:path operation="equals" var_ref="oval:ssg-var_file_owner_home_dirs_path_list:var:1" var_check="at least one" datatype="string"/>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_owner_home_files_path_list:obj:1" version="1">
      <unix:username operation="pattern match">^.*$</unix:username>
      <filter action="include">oval:ssg-state_file_owner_home_files_path_group:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_owner_home_files_path_nfs_group:ste:1</filter>
    </unix:password_object>
    <unix:file_object comment="/home/*" id="oval:ssg-object_file_owner_home_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals" var_ref="oval:ssg-var_file_owner_home_files_path_list:var:1" var_check="at least one" datatype="string"/>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_ldap_cacerts_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_cacert\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS CA cert" id="oval:ssg-object_file_owner_ldap_cacerts:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_ldap_cacerts_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_ldap_certs_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_cert\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS cert" id="oval:ssg-object_file_owner_ldap_certs:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_ldap_certs_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_ldap_keys_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_key\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS key" id="oval:ssg-object_file_owner_ldap_keys:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_ldap_keys_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_owner_local_initialization_files_path_list_home:obj:1" version="1">
      <unix:username operation="pattern match">^.*$</unix:username>
      <filter action="include">oval:ssg-state_file_owner_local_initialization_files_path_group_home:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_owner_local_initialization_files_path_nfs_group_home:ste:1</filter>
    </unix:password_object>
    <unix:file_object comment="local initialization files - /home" id="oval:ssg-object_file_owner_local_initialization_files_home:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals" var_ref="oval:ssg-var_file_owner_local_initialization_files_path_list_home:var:1" var_check="at least one" datatype="string"/>
      <unix:filename operation="pattern match">^(\.bashrc|\.bash_login|\.bash_logout|\.bash_profile|\.cshrc|\.kshrc|\.login|\.logout|\.profile|\.env|\.dtprofile|\.dispatch|\.emacs|\.exrc)$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_owner_local_initialization_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_owner_local_initialization_files_path_list_root:obj:1" version="1">
      <unix:username>root</unix:username>
    </unix:password_object>
    <unix:file_object comment="local initialization files - /root" id="oval:ssg-object_file_owner_local_initialization_files_root:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals" var_ref="oval:ssg-var_file_owner_local_initialization_files_path_list_root:var:1" var_check="at least one" datatype="string"/>
      <unix:filename operation="pattern match">^(\.bashrc|\.bash_login|\.bash_logout|\.bash_profile|\.cshrc|\.kshrc|\.login|\.logout|\.profile|\.env|\.dtprofile|\.dispatch|\.emacs|\.exrc)$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_owner_local_initialization_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/etc/rc*/*" id="oval:ssg-object_file_owner_etc_rc:obj:1" version="1">
      <unix:path operation="pattern match">/etc/rc*</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/init.d/*" id="oval:ssg-object_file_owner_etc_initd:obj:1" version="1">
      <unix:path>/etc/init.d</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_shell_files_list:obj:1" version="1">
      <ind:filepath>/etc/shells</ind:filepath>
      <ind:pattern operation="pattern match">^(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of files referenced in /etc/shells" id="oval:ssg-object_file_owner_shell_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_shell_files_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_owner_smtp_logs_list:obj:1" version="1">
      <ind:filepath>/etc/syslog.conf</ind:filepath>
      <ind:pattern operation="pattern match">^mail\..*\s[-]?(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of SMTP log files" id="oval:ssg-object_file_owner_smtp_logs:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_owner_smtp_logs_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="snmpd.conf" id="oval:ssg-object_file_owner_snmpd_conf:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename>snmpd.conf</unix:filename>
      <filter action="exclude">oval:ssg-state_file_owner_snmpd_conf_symlink:ste:1</filter>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_owner_var_spool_at_list:obj:1" version="1">
      <unix:username operation="pattern match">^(root|bin|sys|daemon|cron)$</unix:username>
    </unix:password_object>
    <unix:file_object comment="/var/spool/at/*" id="oval:ssg-object_file_owner_var_spool_at:obj:1" version="1">
      <unix:path>/var/spool/at</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/yp/*" id="oval:ssg-object_file_owner_var_yp:obj:1" version="1">
      <unix:path>/var/yp</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/postfix/aliases" id="oval:ssg-object_file_permissions_aliases_postfix_aliases:obj:1" version="1">
      <unix:filepath>/etc/postfix/aliases</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/postfix/aliases.db" id="oval:ssg-object_file_permissions_aliases_postfix_aliases_db:obj:1" version="1">
      <unix:filepath>/etc/postfix/aliases.db</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/aliases" id="oval:ssg-object_file_permissions_aliases_sendmail_aliases:obj:1" version="1">
      <unix:filepath>/etc/aliases</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/aliases.db" id="oval:ssg-object_file_permissions_aliases_sendmail_aliases_db:obj:1" version="1">
      <unix:filepath>/etc/aliases.db</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="List of files referenced in /etc/aliases" id="oval:ssg-object_file_permissions_aliases_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_aliases_files_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_aliases_files_list:obj:1" version="1">
      <ind:filepath>/etc/aliases</ind:filepath>
      <ind:pattern operation="pattern match">^[^#].*\s(/.*)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/dev/audio*" id="oval:ssg-object_file_permissions_dev_audio:obj:1" version="1">
      <unix:path operation="equals">/dev</unix:path>
      <unix:filename operation="pattern match">^audio.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/dev/snd/*" id="oval:ssg-object_file_permissions_dev_snd:obj:1" version="1">
      <unix:path operation="equals">/dev/snd</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_audit_log_list_el4:obj:1" version="1">
      <ind:filepath>/etc/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^log_file\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of audit log files" id="oval:ssg-object_file_permissions_audit_log_el4:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_audit_log_list_el4:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_audit_log_list_el5:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^log_file\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of audit log files" id="oval:ssg-object_file_permissions_audit_log_el5:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_audit_log_list_el5:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/sbin/auditctl" id="oval:ssg-object_file_permissions_sbin_auditctl:obj:1" version="1">
      <unix:filepath>/sbin/auditctl</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/auditd" id="oval:ssg-object_file_permissions_sbin_auditd:obj:1" version="1">
      <unix:filepath>/sbin/auditd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/ausearch" id="oval:ssg-object_file_permissions_sbin_ausearch:obj:1" version="1">
      <unix:filepath>/sbin/ausearch</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/aureport" id="oval:ssg-object_file_permissions_sbin_aureport:obj:1" version="1">
      <unix:filepath>/sbin/aureport</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/autrace" id="oval:ssg-object_file_permissions_sbin_autrace:obj:1" version="1">
      <unix:filepath>/sbin/autrace</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/audispd" id="oval:ssg-object_file_permissions_sbin_audispd:obj:1" version="1">
      <unix:filepath>/sbin/audispd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/bin/traceroute" id="oval:ssg-object_file_permissions_bin_traceroute:obj:1" version="1">
      <unix:filepath>/bin/traceroute</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_core_dump_dir_list:obj:1" version="1">
      <ind:filepath>/etc/kdump.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[#\s]*path[\s]+(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="Core dump directory" id="oval:ssg-object_file_permissions_core_dump_dir:obj:1" version="1">
      <unix:path var_ref="oval:ssg-var_file_permissions_core_dump_dir_list:var:1" var_check="at least one"/>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.daily/*" id="oval:ssg-object_file_permissions_etc_cron_daily:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.daily</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_cron_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.hourly/*" id="oval:ssg-object_file_permissions_etc_cron_hourly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.hourly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_cron_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.monthly/*" id="oval:ssg-object_file_permissions_etc_cron_monthly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.monthly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_cron_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.weekly/*" id="oval:ssg-object_file_permissions_etc_cron_weekly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.weekly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_cron_files_symlink:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_cron_log_files_list:obj:1" version="1">
      <ind:filepath>/etc/syslog.conf</ind:filepath>
      <ind:pattern operation="pattern match">^cron\..*\s[-]?(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of cron log files" id="oval:ssg-object_file_permissions_cron_log_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_cron_log_files_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.d/" id="oval:ssg-object_file_permissions_dir_etc_cron_d:obj:1" version="1">
      <unix:path>/etc/cron.d</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.daily/" id="oval:ssg-object_file_permissions_dir_etc_cron_daily:obj:1" version="1">
      <unix:path>/etc/cron.daily</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.hourly/" id="oval:ssg-object_file_permissions_dir_etc_cron_hourly:obj:1" version="1">
      <unix:path>/etc/cron.hourly</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.monthly/" id="oval:ssg-object_file_permissions_dir_etc_cron_monthly:obj:1" version="1">
      <unix:path>/etc/cron.monthly</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.weekly/" id="oval:ssg-object_file_permissions_dir_etc_cron_weekly:obj:1" version="1">
      <unix:path>/etc/cron.weekly</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/var/spool/cron/" id="oval:ssg-object_file_permissions_dir_var_spool_cron:obj:1" version="1">
      <unix:path operation="equals">/var/spool/cron</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/crontab" id="oval:ssg-object_file_permissions_etc_crontab:obj:1" version="1">
      <unix:filepath>/etc/crontab</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.d/*" id="oval:ssg-object_file_permissions_etc_cron_d:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.d</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/spool/cron/*" id="oval:ssg-object_file_permissions_var_spool_cron:obj:1" version="1">
      <unix:path operation="equals">/var/spool/cron</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/at.allow" id="oval:ssg-object_file_permissions_etc_at_allow:obj:1" version="1">
      <unix:filepath>/etc/at.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/at.deny" id="oval:ssg-object_file_permissions_etc_at_deny:obj:1" version="1">
      <unix:filepath>/etc/at.deny</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.allow" id="oval:ssg-object_file_permissions_etc_cron_allow:obj:1" version="1">
      <unix:filepath>/etc/cron.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.deny" id="oval:ssg-object_file_permissions_etc_cron_deny:obj:1" version="1">
      <unix:filepath>/etc/cron.deny</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cups/printers.conf" id="oval:ssg-object_file_permissions_etc_cups_printers_conf:obj:1" version="1">
      <unix:filepath>/etc/cups/printers.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/exports" id="oval:ssg-object_file_permissions_etc_exports:obj:1" version="1">
      <unix:filepath>/etc/exports</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/group" id="oval:ssg-object_file_permissions_etc_group:obj:1" version="1">
      <unix:filepath>/etc/group</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/gshadow" id="oval:ssg-object_etc_gshadow:obj:1" version="1">
      <unix:path>/etc</unix:path>
      <unix:filename>gshadow</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/hosts" id="oval:ssg-object_file_permissions_etc_hosts:obj:1" version="1">
      <unix:filepath>/etc/hosts</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ldap.conf" id="oval:ssg-object_file_permissions_etc_ldap_conf:obj:1" version="1">
      <unix:filepath>/etc/ldap.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/news/incoming.conf" id="oval:ssg-object_file_permissions_etc_news_incoming_conf:obj:1" version="1">
      <unix:filepath>/etc/news/incoming.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/news/infeed.conf" id="oval:ssg-object_file_permissions_etc_news_infeed_conf:obj:1" version="1">
      <unix:filepath>/etc/news/infeed.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/news/passwd.nntp" id="oval:ssg-object_file_permissions_etc_news_passwd_nntp:obj:1" version="1">
      <unix:filepath>/etc/news/passwd.nntp</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/nsswitch.conf" id="oval:ssg-object_file_permissions_etc_nsswitch_conf:obj:1" version="1">
      <unix:filepath>/etc/nsswitch.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ntp.conf" id="oval:ssg-object_file_permissions_etc_ntp_conf:obj:1" version="1">
      <unix:filepath>/etc/ntp.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/passwd" id="oval:ssg-object_etc_passwd:obj:1" version="1">
      <unix:path>/etc</unix:path>
      <unix:filename>passwd</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/resolv.conf" id="oval:ssg-object_file_permissions_etc_resolv_conf:obj:1" version="1">
      <unix:filepath>/etc/resolv.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/smb.conf" id="oval:ssg-object_file_permissions_etc_samba_smb_conf:obj:1" version="1">
      <unix:filepath>/etc/samba/smb.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/passdb.tdb" id="oval:ssg-object_file_permissions_etc_samba_passdb_tdb:obj:1" version="1">
      <unix:filepath>/etc/samba/passdb.tdb</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/secrets.tdb" id="oval:ssg-object_file_permissions_etc_samba_secrets_tdb:obj:1" version="1">
      <unix:filepath>/etc/samba/secrets.tdb</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/securetty" id="oval:ssg-object_file_permissions_etc_securetty:obj:1" version="1">
      <unix:filepath>/etc/securetty</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/security/access.conf" id="oval:ssg-object_file_permissions_etc_security_access_conf:obj:1" version="1">
      <unix:filepath>/etc/security/access.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/services" id="oval:ssg-object_file_permissions_etc_services:obj:1" version="1">
      <unix:filepath>/etc/services</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/shadow" id="oval:ssg-object_etc_shadow:obj:1" version="1">
      <unix:path>/etc</unix:path>
      <unix:filename>shadow</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/skel/*" id="oval:ssg-object_file_permissions_etc_skel:obj:1" version="1">
      <unix:path>/etc/skel</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/sysctl.conf" id="oval:ssg-object_file_permissions_etc_sysctl_conf:obj:1" version="1">
      <unix:filepath>/etc/sysctl.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/syslog.conf" id="oval:ssg-object_file_permissions_etc_syslog_conf:obj:1" version="1">
      <unix:filepath>/etc/syslog.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/xinetd.conf" id="oval:ssg-object_file_permissions_etc_xinetd_conf:obj:1" version="1">
      <unix:filepath>/etc/xinetd.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/xinetd.d/*" id="oval:ssg-object_file_permissions_etc_xinetd_files:obj:1" version="1">
      <unix:path operation="equals">/etc/xinetd.d</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/xinetd.d/*" id="oval:ssg-object_file_permissions_etc_xinetd_dir:obj:1" version="1">
      <unix:path>/etc/xinetd.d</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/postfix/aliases" id="oval:ssg-object_file_permissions_extended_aliases_postfix_aliases:obj:1" version="1">
      <unix:filepath>/etc/postfix/aliases</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/postfix/aliases.db" id="oval:ssg-object_file_permissions_extended_aliases_postfix_aliases_db:obj:1" version="1">
      <unix:filepath>/etc/postfix/aliases.db</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/aliases" id="oval:ssg-object_file_permissions_extended_aliases_sendmail_aliases:obj:1" version="1">
      <unix:filepath>/etc/aliases</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/aliases.db" id="oval:ssg-object_file_permissions_extended_aliases_sendmail_aliases_db:obj:1" version="1">
      <unix:filepath>/etc/aliases.db</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="List of files referenced in /etc/aliases" id="oval:ssg-object_file_permissions_extended_aliases_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_aliases_files_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_aliases_files_list:obj:1" version="1">
      <ind:filepath>/etc/aliases</ind:filepath>
      <ind:pattern operation="pattern match">^[^#].*\s(/.*)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/dev/audio*" id="oval:ssg-object_file_permissions_extended_dev_audio:obj:1" version="1">
      <unix:path operation="equals">/dev</unix:path>
      <unix:filename operation="pattern match">^audio.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/dev/snd/*" id="oval:ssg-object_file_permissions_extended_dev_snd:obj:1" version="1">
      <unix:path operation="equals">/dev/snd</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_audit_log_list:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^log_file\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of audit log files" id="oval:ssg-object_file_permissions_extended_audit_log:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_audit_log_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/sbin/auditctl" id="oval:ssg-object_file_permissions_extended_sbin_auditctl:obj:1" version="1">
      <unix:filepath>/sbin/auditctl</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/auditd" id="oval:ssg-object_file_permissions_extended_sbin_auditd:obj:1" version="1">
      <unix:filepath>/sbin/auditd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/ausearch" id="oval:ssg-object_file_permissions_extended_sbin_ausearch:obj:1" version="1">
      <unix:filepath>/sbin/ausearch</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/aureport" id="oval:ssg-object_file_permissions_extended_sbin_aureport:obj:1" version="1">
      <unix:filepath>/sbin/aureport</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/autrace" id="oval:ssg-object_file_permissions_extended_sbin_autrace:obj:1" version="1">
      <unix:filepath>/sbin/autrace</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/sbin/audispd" id="oval:ssg-object_file_permissions_extended_sbin_audispd:obj:1" version="1">
      <unix:filepath>/sbin/audispd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/bin/traceroute" id="oval:ssg-object_file_permissions_extended_bin_traceroute:obj:1" version="1">
      <unix:filepath>/bin/traceroute</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/*" id="oval:ssg-object_file_permissions_extended_binary_dirs_etc:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/etc/</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/bin/*" id="oval:ssg-object_file_permissions_extended_binary_dirs_bin:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/bin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/bin/*" id="oval:ssg-object_file_permissions_extended_binary_dirs_usr_bin:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/bin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/lbin/*" id="oval:ssg-object_file_permissions_extended_binary_dirs_usr_lbin:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/lbin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/usb/*" id="oval:ssg-object_file_permissions_extended_binary_dirs_usr_usb:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/usb</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/sbin/*" id="oval:ssg-object_file_permissions_extended_binary_dirs_sbin:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/sbin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/sbin/*" id="oval:ssg-object_file_permissions_extended_binary_dirs_usr_sbin:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/sbin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_binary_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_core_dump_dir_list:obj:1" version="1">
      <ind:filepath>/etc/kdump.conf</ind:filepath>
      <ind:pattern operation="pattern match">path\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="Core dump directory" id="oval:ssg-object_file_permissions_extended_core_dump_dir:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_core_dump_dir_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_cron_log_files_list:obj:1" version="1">
      <ind:filepath>/etc/syslog.conf</ind:filepath>
      <ind:pattern operation="pattern match">^cron\..*\s[-]?(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of cron log files" id="oval:ssg-object_file_permissions_extended_cron_log_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_cron_log_files_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/etc/crontab" id="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_crontab:obj:1" version="1">
      <unix:filepath operation="equals">/etc/crontab</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.d" id="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_d:obj:1" version="1">
      <unix:filepath operation="equals">/etc/cron.d</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.daily" id="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_daily:obj:1" version="1">
      <unix:filepath operation="equals">/etc/cron.daily</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.hourly" id="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_hourly:obj:1" version="1">
      <unix:filepath operation="equals">/etc/cron.hourly</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.monthly" id="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_monthly:obj:1" version="1">
      <unix:filepath operation="equals">/etc/cron.monthly</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.weekly" id="oval:ssg-object_file_permissions_extended_crontab_dirs_etc_cron_weekly:obj:1" version="1">
      <unix:filepath operation="equals">/etc/cron.weekly</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/var/spool/cron" id="oval:ssg-object_file_permissions_extended_crontab_dirs_var_spool_cron:obj:1" version="1">
      <unix:filepath operation="equals">/var/spool/cron</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/crontab" id="oval:ssg-object_file_permissions_extended_crontab_files_etc_crontab:obj:1" version="1">
      <unix:filepath>/etc/crontab</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.d/*" id="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_d:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.d</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.daily/*" id="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_daily:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.daily</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.hourly/*" id="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_hourly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.hourly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.monthly/*" id="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_monthly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.monthly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.weekly/*" id="oval:ssg-object_file_permissions_extended_crontab_files_etc_cron_weekly:obj:1" version="1">
      <unix:path operation="equals">/etc/cron.weekly</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/spool/cron/*" id="oval:ssg-object_file_permissions_extended_crontab_files_var_spool_cron:obj:1" version="1">
      <unix:path operation="equals">/var/spool/cron</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/at.allow" id="oval:ssg-object_file_permissions_extended_etc_at_allow:obj:1" version="1">
      <unix:filepath>/etc/at.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/at.deny" id="oval:ssg-object_file_permissions_extended_etc_at_deny:obj:1" version="1">
      <unix:filepath>/etc/at.deny</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.allow" id="oval:ssg-object_file_permissions_extended_etc_cron_allow:obj:1" version="1">
      <unix:filepath>/etc/cron.allow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cron.deny" id="oval:ssg-object_file_permissions_extended_etc_cron_deny:obj:1" version="1">
      <unix:filepath>/etc/cron.deny</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/cups/printers.conf" id="oval:ssg-object_file_permissions_extended_etc_cups_printers_conf:obj:1" version="1">
      <unix:filepath>/etc/cups/printers.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/exports" id="oval:ssg-object_file_permissions_extended_etc_exports:obj:1" version="1">
      <unix:filepath>/etc/exports</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/group" id="oval:ssg-object_file_permissions_extended_etc_group:obj:1" version="1">
      <unix:filepath>/etc/group</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/gshadow" id="oval:ssg-object_file_permissions_extended_etc_gshadow:obj:1" version="1">
      <unix:filepath>/etc/gshadow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/hosts" id="oval:ssg-object_file_permissions_extended_etc_hosts:obj:1" version="1">
      <unix:filepath>/etc/hosts</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ldap.conf" id="oval:ssg-object_file_permissions_extended_etc_ldap_conf:obj:1" version="1">
      <unix:filepath>/etc/ldap.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/news/incoming.conf" id="oval:ssg-object_file_permissions_extended_etc_news_incoming_conf:obj:1" version="1">
      <unix:filepath>/etc/news/incoming.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/news/infeed.conf" id="oval:ssg-object_file_permissions_extended_etc_news_infeed_conf:obj:1" version="1">
      <unix:filepath>/etc/news/infeed.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/news/nnrp.access" id="oval:ssg-object_file_permissions_extended_etc_news_nnrp_access:obj:1" version="1">
      <unix:filepath>/etc/news/nnrp.access</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/news/passwd.nntp" id="oval:ssg-object_file_permissions_extended_etc_news_passwd_nntp:obj:1" version="1">
      <unix:filepath>/etc/news/passwd.nntp</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/nsswitch.conf" id="oval:ssg-object_file_permissions_extended_etc_nsswitch_conf:obj:1" version="1">
      <unix:filepath>/etc/nsswitch.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ntp.conf" id="oval:ssg-object_file_permissions_extended_etc_ntp_conf:obj:1" version="1">
      <unix:filepath>/etc/ntp.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/passwd" id="oval:ssg-object_file_permissions_extended_etc_passwd:obj:1" version="1">
      <unix:filepath>/etc/passwd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/resolv.conf" id="oval:ssg-object_file_permissions_extended_etc_resolv_conf:obj:1" version="1">
      <unix:filepath>/etc/resolv.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/smb.conf" id="oval:ssg-object_file_permissions_extended_etc_samba_smb_conf:obj:1" version="1">
      <unix:filepath>/etc/samba/smb.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/passdb.tdb" id="oval:ssg-object_file_permissions_extended_etc_samba_passdb_tdb:obj:1" version="1">
      <unix:filepath>/etc/samba/passdb.tdb</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/samba/secrets.tdb" id="oval:ssg-object_file_permissions_extended_etc_samba_secrets_tdb:obj:1" version="1">
      <unix:filepath>/etc/samba/secrets.tdb</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/security/access.conf" id="oval:ssg-object_file_permissions_extended_etc_security_access_conf:obj:1" version="1">
      <unix:filepath>/etc/security/access.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/services" id="oval:ssg-object_file_permissions_extended_etc_services:obj:1" version="1">
      <unix:filepath>/etc/services</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/shadow" id="oval:ssg-object_file_permissions_extended_etc_shadow:obj:1" version="1">
      <unix:filepath>/etc/shadow</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/skel/*" id="oval:ssg-object_file_permissions_extended_etc_skel:obj:1" version="1">
      <unix:path>/etc/skel</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/sysctl.conf" id="oval:ssg-object_file_permissions_extended_etc_sysctl_conf:obj:1" version="1">
      <unix:filepath>/etc/sysctl.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/syslog.conf" id="oval:ssg-object_file_permissions_extended_etc_syslog_conf:obj:1" version="1">
      <unix:filepath>/etc/syslog.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/xinetd.conf" id="oval:ssg-object_file_permissions_extended_etc_xinetd_conf:obj:1" version="1">
      <unix:filepath>/etc/xinetd.conf</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/xinetd.d/*" id="oval:ssg-object_file_permissions_extended_etc_xinetd_dir:obj:1" version="1">
      <unix:path>/etc/xinetd.d</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/ftpusers" id="oval:ssg-object_file_permissions_extended_etc_ftpusers:obj:1" version="1">
      <unix:filepath>/etc/ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd.ftpusers" id="oval:ssg-object_file_permissions_extended_etc_vsftpd_ftpusers1:obj:1" version="1">
      <unix:filepath>/etc/vsftpd.ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd/ftpusers" id="oval:ssg-object_file_permissions_extended_etc_vsftpd_ftpusers2:obj:1" version="1">
      <unix:filepath>/etc/vsftpd/ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/bashrc" id="oval:ssg-object_file_permissions_extended_etc_bashrc:obj:1" version="1">
      <unix:filepath>/etc/bashrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.cshrc" id="oval:ssg-object_file_permissions_extended_etc_csh_cshrc:obj:1" version="1">
      <unix:filepath>/etc/csh.cshrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.login" id="oval:ssg-object_file_permissions_extended_etc_csh_login:obj:1" version="1">
      <unix:filepath>/etc/csh.login</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.logout" id="oval:ssg-object_file_permissions_extended_etc_csh_logout:obj:1" version="1">
      <unix:filepath>/etc/csh.logout</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/environment" id="oval:ssg-object_file_permissions_extended_etc_environment:obj:1" version="1">
      <unix:filepath>/etc/environment</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ksh.kshrc" id="oval:ssg-object_file_permissions_extended_etc_ksh_kshrc:obj:1" version="1">
      <unix:filepath>/etc/ksh.kshrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/profile" id="oval:ssg-object_file_permissions_extended_etc_profile:obj:1" version="1">
      <unix:filepath>/etc/profile</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/suid_profile" id="oval:ssg-object_file_permissions_extended_etc_suid_profile:obj:1" version="1">
      <unix:filepath>/etc/suid_profile</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/profile.d/*" id="oval:ssg-object_file_permissions_extended_etc_profiled:obj:1" version="1">
      <unix:path>/etc/profile.d</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/boot/grub/grub.conf" id="oval:ssg-object_file_permissions_extended_grub_conf:obj:1" version="1">
      <unix:path>/boot/grub</unix:path>
      <unix:filename>grub.conf</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/home/*" id="oval:ssg-object_file_permissions_extended_home_dirs:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals">/home/</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_home_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/home/*" id="oval:ssg-object_file_permissions_extended_home_files:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/home/</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_home_files_symlink:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_ldap_cacerts_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_cacert\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS CA cert" id="oval:ssg-object_file_permissions_extended_ldap_cacerts:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_ldap_cacerts_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_ldap_certs_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_cert\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS cert" id="oval:ssg-object_file_permissions_extended_ldap_certs:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_ldap_certs_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_ldap_keys_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_key\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS key" id="oval:ssg-object_file_permissions_extended_ldap_keys:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_ldap_keys_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/lib/*" id="oval:ssg-object_file_permissions_extended_library_dirs_lib:obj:1" version="1">
      <unix:path>/lib</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_library_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/lib/*" id="oval:ssg-object_file_permissions_extended_library_dirs_usr_lib:obj:1" version="1">
      <unix:path>/usr/lib</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_library_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="local initialization files - /home" id="oval:ssg-object_file_permissions_extended_local_initialization_files_home:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals">/home</unix:path>
      <unix:filename operation="pattern match">^(\.bashrc|\.bash_login|\.bash_logout|\.bash_profile|\.cshrc|\.kshrc|\.login|\.logout|\.profile|\.env|\.dtprofile|\.dispatch|\.emacs|\.exrc)$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_local_initialization_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="local initialization files - /root" id="oval:ssg-object_file_permissions_extended_local_initialization_files_root:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals">/root</unix:path>
      <unix:filename operation="pattern match">^(\.bashrc|\.bash_login|\.bash_logout|\.bash_profile|\.cshrc|\.kshrc|\.login|\.logout|\.profile|\.env|\.dtprofile|\.dispatch|\.emacs|\.exrc)$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_local_initialization_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/share/man/*" id="oval:ssg-object_file_permissions_extended_usr_share_man:obj:1" version="1">
      <unix:path>/usr/share/man</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/usr/share/info/*" id="oval:ssg-object_file_permissions_extended_usr_share_info:obj:1" version="1">
      <unix:path>/usr/share/info</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/usr/share/infopage/*" id="oval:ssg-object_file_permissions_extended_usr_share_infopage:obj:1" version="1">
      <unix:path>/usr/share/infopage</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="*.mib" id="oval:ssg-object_file_permissions_extended_mib_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename operation="pattern match">^.*\.mib$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_mib_files_symlink:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_root_dir_var:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <ind:pattern operation="pattern match">^root:.*:(/.*):</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/root/*" id="oval:ssg-object_file_permissions_extended_root_dir:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_root_dir:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/etc/rc*/*" id="oval:ssg-object_file_permissions_extended_etc_rc:obj:1" version="1">
      <unix:path operation="pattern match">/etc/rc*</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/init.d/*" id="oval:ssg-object_file_permissions_extended_etc_initd:obj:1" version="1">
      <unix:path>/etc/init.d</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_shell_files_list:obj:1" version="1">
      <ind:filepath>/etc/shells</ind:filepath>
      <ind:pattern operation="pattern match">^(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of files referenced in /etc/shells" id="oval:ssg-object_file_permissions_extended_shell_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_shell_files_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_extended_smtp_logs_list:obj:1" version="1">
      <ind:filepath>/etc/syslog.conf</ind:filepath>
      <ind:pattern operation="pattern match">^mail\..*\s[-]?(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of SMTP log files" id="oval:ssg-object_file_permissions_extended_smtp_logs:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_extended_smtp_logs_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="snmpd.conf" id="oval:ssg-object_file_permissions_extended_snmpd_conf:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename>snmpd.conf</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_extended_snmpd_conf_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/sbin/*" id="oval:ssg-object_file_permissions_extended_usr_sbin_dir:obj:1" version="1">
      <unix:path>/usr/sbin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/log/*" id="oval:ssg-object_file_permissions_extended_var_log:obj:1" version="1">
      <unix:path>/var/log</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/spool/at/*" id="oval:ssg-object_file_permissions_extended_var_spool_at:obj:1" version="1">
      <unix:path>/var/spool/at</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/yp/*" id="oval:ssg-object_file_permissions_extended_var_yp:obj:1" version="1">
      <unix:path>/var/yp</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/home/.Xauthority and /home/.xauth" id="oval:ssg-object_file_permissions_extended_xauthority_files:obj:1" version="1">
      <unix:path operation="equals">/home/</unix:path>
      <unix:filename operation="pattern match">^(\.Xauthority|\.xauth)$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/ftpusers" id="oval:ssg-object_file_permissions_etc_ftpusers:obj:1" version="1">
      <unix:filepath>/etc/ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd.ftpusers" id="oval:ssg-object_file_permissions_etc_vsftpd_ftpusers1:obj:1" version="1">
      <unix:filepath>/etc/vsftpd.ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd/ftpusers" id="oval:ssg-object_file_permissions_etc_vsftpd_ftpusers2:obj:1" version="1">
      <unix:filepath>/etc/vsftpd/ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/bashrc" id="oval:ssg-object_file_permissions_etc_bashrc:obj:1" version="1">
      <unix:filepath>/etc/bashrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.cshrc" id="oval:ssg-object_file_permissions_etc_csh_cshrc:obj:1" version="1">
      <unix:filepath>/etc/csh.cshrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.login" id="oval:ssg-object_file_permissions_etc_csh_login:obj:1" version="1">
      <unix:filepath>/etc/csh.login</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/csh.logout" id="oval:ssg-object_file_permissions_etc_csh_logout:obj:1" version="1">
      <unix:filepath>/etc/csh.logout</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/environment" id="oval:ssg-object_file_permissions_etc_environment:obj:1" version="1">
      <unix:filepath>/etc/environment</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/ksh.kshrc" id="oval:ssg-object_file_permissions_etc_ksh_kshrc:obj:1" version="1">
      <unix:filepath>/etc/ksh.kshrc</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/profile" id="oval:ssg-object_file_permissions_etc_profile:obj:1" version="1">
      <unix:filepath>/etc/profile</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/suid_profile" id="oval:ssg-object_file_permissions_etc_suid_profile:obj:1" version="1">
      <unix:filepath>/etc/suid_profile</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/profile.d/*" id="oval:ssg-object_file_permissions_etc_profiled:obj:1" version="1">
      <unix:path>/etc/profile.d</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/boot/grub/grub.conf" id="oval:ssg-object_file_permissions_grub_conf:obj:1" version="1">
      <unix:path>/boot/grub</unix:path>
      <unix:filename>grub.conf</unix:filename>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_permissions_home_dirs_path_list:obj:1" version="1">
      <unix:username operation="pattern match">^.*$</unix:username>
      <filter action="include">oval:ssg-state_file_permissions_home_dirs_path_user:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_home_dirs_path_nfs_user:ste:1</filter>
    </unix:password_object>
    <unix:file_object comment="home directories" id="oval:ssg-object_file_permissions_home_dirs:obj:1" version="1">
      <unix:path operation="equals" var_ref="oval:ssg-var_file_permissions_home_dirs_path_list:var:1" var_check="at least one" datatype="string"/>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_permissions_home_files_path_list:obj:1" version="1">
      <unix:username operation="pattern match">^.*$</unix:username>
      <filter action="include">oval:ssg-state_file_permissions_home_files_path_user:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_home_files_path_nfs_user:ste:1</filter>
    </unix:password_object>
    <unix:file_object comment="/home/*" id="oval:ssg-object_file_permissions_home_files:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals" var_ref="oval:ssg-var_file_permissions_home_files_path_list:var:1" var_check="at least one" datatype="string"/>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_home_files_symlink:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_ldap_cacerts_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_cacert\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS CA cert" id="oval:ssg-object_file_permissions_ldap_cacerts:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_ldap_cacerts_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_ldap_certs_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_cert\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS cert" id="oval:ssg-object_file_permissions_ldap_certs:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_ldap_certs_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_ldap_keys_list:obj:1" version="1">
      <ind:filepath>/etc/ldap.conf</ind:filepath>
      <ind:pattern operation="pattern match">^tls_key\s.*\s(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="LDAP TLS key" id="oval:ssg-object_file_permissions_ldap_keys:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_ldap_keys_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="/lib directories" id="oval:ssg-object_file_permissions_lib_dir:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/lib</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_perms_nogroupwrite_noworldwrite:ste:1</filter>
      <filter action="exclude">oval:ssg-state_permissions_library_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/lib files" id="oval:ssg-object_file_permissions_lib_files:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/lib</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_perms_nogroupwrite_noworldwrite:ste:1</filter>
      <filter action="exclude">oval:ssg-state_permissions_library_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/lib directories" id="oval:ssg-object_file_permissions_usr_lib_dir:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/lib</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_perms_nogroupwrite_noworldwrite:ste:1</filter>
      <filter action="exclude">oval:ssg-state_permissions_library_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/lib files" id="oval:ssg-object_file_permissions_usr_lib_files:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/usr/lib</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_perms_nogroupwrite_noworldwrite:ste:1</filter>
      <filter action="exclude">oval:ssg-state_permissions_library_dirs_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="local initialization files - /home" id="oval:ssg-object_file_permissions_local_initialization_files_home:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals">/home</unix:path>
      <unix:filename operation="pattern match">^(\.bashrc|\.bash_login|\.bash_logout|\.bash_profile|\.cshrc|\.kshrc|\.login|\.logout|\.profile|\.env|\.dtprofile|\.dispatch|\.emacs|\.exrc)$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_local_initialization_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="local initialization files - /root" id="oval:ssg-object_file_permissions_local_initialization_files_root:obj:1" version="1">
      <unix:behaviors recurse="symlinks and directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals">/root</unix:path>
      <unix:filename operation="pattern match">^(\.bashrc|\.bash_login|\.bash_logout|\.bash_profile|\.cshrc|\.kshrc|\.login|\.logout|\.profile|\.env|\.dtprofile|\.dispatch|\.emacs|\.exrc)$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_local_initialization_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/share/man/*" id="oval:ssg-object_file_permissions_usr_share_man:obj:1" version="1">
      <unix:path>/usr/share/man</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/usr/share/info/*" id="oval:ssg-object_file_permissions_usr_share_info:obj:1" version="1">
      <unix:path>/usr/share/info</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/usr/share/infopage/*" id="oval:ssg-object_file_permissions_usr_share_infopage:obj:1" version="1">
      <unix:path>/usr/share/infopage</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="*.mib" id="oval:ssg-object_file_permissions_mib_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename operation="pattern match">^.*\.mib$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_mib_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_file_permissions_root_dir_var:obj:1" version="1">
      <unix:username operation="equals">root</unix:username>
    </unix:password_object>
    <unix:file_object comment="/root/*" id="oval:ssg-object_file_permissions_root_dir:obj:1" version="1">
      <unix:path var_ref="oval:ssg-var_file_permissions_root_dir:var:1" var_check="at least one"/>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/etc/rc.d/*" id="oval:ssg-object_file_permissions_etc_rc:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path>/etc/rc.d/</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_run_control_scripts_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/etc/init.d/*" id="oval:ssg-object_file_permissions_etc_initd:obj:1" version="1">
      <unix:path>/etc/init.d</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_run_control_scripts_symlink:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_shell_files_list:obj:1" version="1">
      <ind:filepath>/etc/shells</ind:filepath>
      <ind:pattern operation="pattern match">^(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of files referenced in /etc/shells" id="oval:ssg-object_file_permissions_shell_files:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_shell_files_list:var:1" var_check="at least one"/>
      <filter action="exclude">oval:ssg-state_file_permissions_shell_files_symlink:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_smtp_logs_list:obj:1" version="1">
      <ind:filepath>/etc/syslog.conf</ind:filepath>
      <ind:pattern operation="pattern match">^mail\..*\s[-]?(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="List of SMTP log files" id="oval:ssg-object_file_permissions_smtp_logs:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_smtp_logs_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="snmpd.conf" id="oval:ssg-object_file_permissions_snmpd_conf:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename>snmpd.conf</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_snmpd_conf_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/etc/ssh/*key" id="oval:ssg-object_file_permissions_ssh_private_host_keys:obj:1" version="1">
      <unix:path>/etc/ssh</unix:path>
      <unix:filename operation="pattern match">.*key$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/etc/ssh/*key.pub" id="oval:ssg-object_file_permissions_ssh_public_host_keys:obj:1" version="1">
      <unix:path>/etc/ssh</unix:path>
      <unix:filename operation="pattern match">.*.key.pub</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_file_permissions_tftp_binary_list:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/tftp</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*server\s.*(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="tftpd binary" id="oval:ssg-object_file_permissions_tftp_binary:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_file_permissions_tftp_binary_list:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object comment="world writeable" id="oval:ssg-object_file_permissions_unauthorized_world_write:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_unauthorized_world_write:ste:1</filter>
      <filter action="exclude">oval:ssg-state_file_permissions_unauthorized_world_write_proc:ste:1</filter>
      <filter action="include">oval:ssg-state_file_permissions_unauthorized_world_write_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/usr/bin/ldd" id="oval:ssg-object_file_permissions_usr_bin_ldd:obj:1" version="1">
      <unix:filepath>/usr/bin/ldd</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/usr/sbin/*" id="oval:ssg-object_file_permissions_usr_sbin_dir:obj:1" version="1">
      <unix:path>/usr/sbin</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_usr_sbin_dir_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/var/log/*" id="oval:ssg-object_file_permissions_var_log:obj:1" version="1">
      <unix:path>/var/log</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_var_log_wtmp:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/var/spool/at/*" id="oval:ssg-object_file_permissions_var_spool_at:obj:1" version="1">
      <unix:path>/var/spool/at</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/var/yp/*" id="oval:ssg-object_file_permissions_var_yp:obj:1" version="1">
      <unix:path>/var/yp</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/home/.Xauthority and /home/.xauth" id="oval:ssg-object_file_permissions_xauthority_files:obj:1" version="1">
      <unix:path operation="equals">/home/</unix:path>
      <unix:filename operation="pattern match">^(\.Xauthority|\.xauth)$</unix:filename>
    </unix:file_object>
    <unix:password_object id="oval:ssg-object_ftp_anonymous_shell:obj:1" version="3">
      <unix:username datatype="string" operation="pattern match">^ftp$</unix:username>
    </unix:password_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_default_umask_gssftp:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/gssftp</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)server_args.*(-u 077)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_default_umask_local_vsftpd:obj:1" version="1">
      <ind:filepath>/etc/vsftpd/vsftpd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)local_umask.*(077)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_default_umask_anon_vsftpd:obj:1" version="1">
      <ind:filepath>/etc/vsftpd/vsftpd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)anon_umask.*(077)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ftp_enable_warning_banner_gssftp:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/gssftp</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)banner[\s]*=[\s]*(/.*)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_enable_warning_banner_gssftp_text:obj:1" version="1">
      <ind:filepath var_ref="oval:ssg-var_ftp_enable_warning_banner_gssftp:var:1"/>
      <ind:pattern var_ref="oval:ssg-ftp_login_banner_text:var:1" operation="pattern match"/>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_enable_warning_banner_gssftp_list:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/gssftp</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)banner[\s]*=[\s]*(/.*)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ftp_enable_warning_banner_vsftpd:obj:1" version="1">
      <ind:filepath>/etc/vsftpd/vsftpd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)banner_file[\s]*=[\s]*(/.*)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_enable_warning_banner_vsftpd_text:obj:1" version="1">
      <ind:filepath var_ref="oval:ssg-var_ftp_enable_warning_banner_vsftpd:var:1"/>
      <ind:pattern var_ref="oval:ssg-ftp_login_banner_text:var:1" operation="pattern match"/>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_enable_warning_banner_vsftpd_list:obj:1" version="1">
      <ind:filepath>/etc/vsftpd/vsftpd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)banner_file[\s]*=[\s]*(/.*)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_ftpusers_file_empty_gssftp:obj:1" version="1">
      <ind:filepath>/etc/ftpusers</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)[\S]+</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_ftpusers_file_empty_vsftpd1:obj:1" version="1">
      <ind:filepath>/etc/vsftpd.ftpusers</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)[\S]+</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_ftpusers_file_empty_vsftpd2:obj:1" version="1">
      <ind:filepath>/etc/vsftpd/ftpusers</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)[\S]+</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/ftpusers" id="oval:ssg-object_ftp_ftpusers_file_exists_gssftp:obj:1" version="1">
      <unix:filepath>/etc/ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd.ftpusers" id="oval:ssg-object_ftp_ftpusers_file_exists_vsftpd1:obj:1" version="1">
      <unix:filepath>/etc/vsftpd.ftpusers</unix:filepath>
    </unix:file_object>
    <unix:file_object comment="/etc/vsftpd/ftpusers" id="oval:ssg-object_ftp_ftpusers_file_exists_vsftpd2:obj:1" version="1">
      <unix:filepath>/etc/vsftpd/ftpusers</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_log_transactions_gssftp:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/gssftp</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)server_args.*(-l)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ftp_log_transactions_vsftpd:obj:1" version="1">
      <ind:filepath>/etc/vsftpd/vsftpd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)(?i)xferlog_enable.*(yes)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:xmlfilecontent_object id="oval:ssg-object_gnome_screensaver_idle_activated:obj:1" version="1">
      <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml</ind:filepath>
      <ind:xpath>/gconf/entry[@name='idle_activation_enabled']/@value</ind:xpath>
    </ind:xmlfilecontent_object>
    <ind:xmlfilecontent_object id="oval:ssg-object_gnome_screensaver_idle_delay:obj:1" version="1">
      <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml</ind:filepath>
      <ind:xpath datatype="string" operation="equals">/gconf/entry[@name='idle_delay']/@value</ind:xpath>
    </ind:xmlfilecontent_object>
    <ind:xmlfilecontent_object id="oval:ssg-object_screensaver_lock_enabled:obj:1" version="1">
      <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml</ind:filepath>
      <ind:xpath>/gconf/entry[@name='lock_enabled']/@value</ind:xpath>
    </ind:xmlfilecontent_object>
    <ind:textfilecontent54_object comment="/etc/bashrc" id="oval:ssg-object_global_initialization_files_mesg_etc_bashrc:obj:1" version="1">
      <ind:filepath>/etc/bashrc</ind:filepath>
      <ind:pattern operation="pattern match">(mesg n|mesg -n)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="/etc/csh.cshrc" id="oval:ssg-object_global_initialization_files_mesg_etc_csh_cshrc:obj:1" version="1">
      <ind:filepath>/etc/csh.cshrc</ind:filepath>
      <ind:pattern operation="pattern match">(mesg n|mesg -n)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="/etc/csh.login" id="oval:ssg-object_global_initialization_files_mesg_etc_csh_login:obj:1" version="1">
      <ind:filepath>/etc/csh.login</ind:filepath>
      <ind:pattern operation="pattern match">(mesg n|mesg -n)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="/etc/csh.logout" id="oval:ssg-object_global_initialization_files_mesg_etc_csh_logout:obj:1" version="1">
      <ind:filepath>/etc/csh.logout</ind:filepath>
      <ind:pattern operation="pattern match">(mesg n|mesg -n)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="/etc/environment" id="oval:ssg-object_global_initialization_files_mesg_etc_environment:obj:1" version="1">
      <ind:filepath>/etc/environment</ind:filepath>
      <ind:pattern operation="pattern match">(mesg n|mesg -n)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="/etc/ksh.kshrc" id="oval:ssg-object_global_initialization_files_mesg_etc_ksh_kshrc:obj:1" version="1">
      <ind:filepath>/etc/ksh.kshrc</ind:filepath>
      <ind:pattern operation="pattern match">(mesg n|mesg -n)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="/etc/profile" id="oval:ssg-object_global_initialization_files_mesg_etc_profile:obj:1" version="1">
      <ind:filepath>/etc/profile</ind:filepath>
      <ind:pattern operation="pattern match">(mesg n|mesg -n)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="/etc/suid_profile" id="oval:ssg-object_global_initialization_files_mesg_etc_suid_profile:obj:1" version="1">
      <ind:filepath>/etc/suid_profile</ind:filepath>
      <ind:pattern operation="pattern match">(mesg n|mesg -n)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="/etc/profile.d/*" id="oval:ssg-object_global_initialization_files_mesg_etc_profiled:obj:1" version="1">
      <ind:path>/etc/profile.d</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">(mesg n|mesg -n)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:family_object id="oval:ssg-obj_centos4_unix_family:obj:1" version="1"/>
    <linux:rpminfo_object id="oval:ssg-obj_centos_4:obj:1" version="1">
      <linux:name>centos-release</linux:name>
    </linux:rpminfo_object>
    <ind:family_object id="oval:ssg-obj_centos5_unix_family:obj:1" version="1"/>
    <linux:rpminfo_object id="oval:ssg-obj_centos_5:obj:1" version="1">
      <linux:name>centos-release</linux:name>
    </linux:rpminfo_object>
    <ind:family_object id="oval:ssg-obj_rhel4_unix_family:obj:1" version="1"/>
    <linux:rpminfo_object id="oval:ssg-obj_rhel_4:obj:1" version="1">
      <linux:name>redhat-release</linux:name>
    </linux:rpminfo_object>
    <ind:family_object id="oval:ssg-obj_rhel5_unix_family:obj:1" version="1"/>
    <linux:rpminfo_object id="oval:ssg-obj_rhel5_workstation:obj:1" version="1">
      <linux:name>redhat-release</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_rhel5_server:obj:1" version="1">
      <linux:name>redhat-release</linux:name>
    </linux:rpminfo_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ip6tables_input_icmpv6_broadcast:obj:1" version="1">
      <ind:path>/etc/sysconfig</ind:path>
      <ind:filename>ip6tables</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*-A[\s]+INPUT[\s]+-p[\s]+icmpv6[\s]+-d[\s]+ff02::1[\s]+--icmpv6-type[\s]+128[\s]+-j[\s]+DROP$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:interface_object comment="Network Interfaces" id="oval:ssg-object_ip_6to4_tunnels:obj:1" version="1">
      <unix:name operation="pattern match">^.*$</unix:name>
    </unix:interface_object>
    <unix:process58_object comment="miredo process" id="oval:ssg-object_ip_teredo:obj:1" version="1">
      <unix:command_line datatype="string" operation="pattern match">^(?:.*/)*(?i)miredo(?:$|[\s]+.*$)+</unix:command_line>
      <unix:pid datatype="int" operation="greater than or equal">0</unix:pid>
    </unix:process58_object>
    <unix:interface_object comment="Network Interfaces" id="oval:ssg-object_ip_tunnels:obj:1" version="1">
      <unix:name operation="pattern match">^.*$</unix:name>
    </unix:interface_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_iptables_input_reject_rule:obj:1" version="1">
      <ind:path>/etc/sysconfig</ind:path>
      <ind:filename>iptables</ind:filename>
      <ind:pattern operation="pattern match">^(-[I|A]\s+(?:[A-Za-z0-9\-_]*)*INPUT\s+-j\s+REJECT\s+--reject-with\s+icmp-host-prohibited\s*)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_iptables_timestamp_reject_rule_requests:obj:1" version="1">
      <ind:path>/etc/sysconfig</ind:path>
      <ind:filename>iptables</ind:filename>
      <ind:pattern operation="pattern match">^(-[I|A]\s+(?:[A-Za-z0-9\-_]*)*INPUT\s+-p\s+icmp\s+-m\s+icmp\s+--icmp-type\s+timestamp-request\s+-j\s+DROP)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_iptables_timestamp_reject_rule_replies:obj:1" version="1">
      <ind:path>/etc/sysconfig</ind:path>
      <ind:filename>iptables</ind:filename>
      <ind:pattern operation="pattern match">^(-[I|A]\s+(?:[A-Za-z0-9\-_]*)*INPUT\s+-p\s+icmp\s+-m\s+icmp\s+--icmp-type\s+timestamp-reply\s+-j\s+DROP)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_appletalk_modprobed:obj:1" version="1" comment="kernel module appletalk disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+appletalk\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_appletalk_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of appletalk">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+appletalk\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_bluetooth_modprobed:obj:1" version="1" comment="kernel module bluetooth disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+bluetooth\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_bluetooth_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of bluetooth">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+bluetooth\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_bridge_modprobed:obj:1" version="1" comment="kernel module bridge disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+bridge\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_bridge_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of bridge">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+bridge\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_dccp_modprobed:obj:1" version="1" comment="kernel module dccp disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+dccp\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_dccp_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of dccp">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+dccp\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_dccp_ipv4_modprobed:obj:1" version="1" comment="kernel module dccp_ipv4 disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+dccp_ipv4\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_dccp_ipv4_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of dccp_ipv4">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+dccp_ipv4\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_dccp_ipv6_modprobed:obj:1" version="1" comment="kernel module dccp_ipv6 disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+dccp_ipv6\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_dccp_ipv6_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of dccp_ipv6">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+dccp_ipv6\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_ieee1394_modprobed:obj:1" version="1" comment="kernel module ieee1394 disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+ieee1394\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_ieee1394_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of ieee1394">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+ieee1394\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_ipv6_modprobed:obj:1" version="1" comment="kernel module ipv6 disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+ipv6\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_ipv6_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of ipv6">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+ipv6\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_rds_modprobed:obj:1" version="1" comment="kernel module rds disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+rds\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_rds_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of rds">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+rds\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_sctp_modprobed:obj:1" version="1" comment="kernel module sctp disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+sctp\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_sctp_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of sctp">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+sctp\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_tipc_modprobed:obj:1" version="1" comment="kernel module tipc disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+tipc\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_tipc_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of tipc">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+tipc\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_usb-storage_modprobed:obj:1" version="1" comment="kernel module usb-storage disabled">
      <ind:path>/etc/modprobe.d</ind:path>
      <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
      <ind:pattern operation="pattern match">^\s*install\s+usb-storage\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_kernmod_usb-storage_modprobeconf:obj:1" version="1" comment="Check depricated /etc/modprobe.conf for disablement of usb-storage">
      <ind:filepath>/etc/modprobe.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*install\s+usb-storage\s+(/bin/false|/bin/true)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_bindpw:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>ldap.conf</ind:filename>
      <ind:pattern operation="pattern match">^(?!#|[\s]*#).*[\s]*(bindpw)[\s]*.*$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_start_tls_nsswitch:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>nsswitch.conf</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)(?:.*)?ldap(?:.*)?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_start_tls_ssl:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>ldap.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*ssl[\s]+start_tls[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_start_tls_ciphers:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>ldap.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*tls_ciphers[\s]+(?i)(?:[\:]*(SHA|AES|3DES|TLSv1|SSLv3))+$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_tls_cert_nsswitch:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>nsswitch.conf</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)(?:.*)?ldap(?:.*)?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_tls_cert:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>ldap.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*tls_cert[\s]*(/.*)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_tls_checkpeer_nsswitch:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>nsswitch.conf</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)(?:.*)?ldap(?:.*)?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_tls_checkpeer:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>ldap.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*tls_checkpeer[\s]*(yes)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_tls_crlcheck_nsswitch:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>nsswitch.conf</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)(?:.*)?ldap(?:.*)?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ldap_client_tls_crlcheck:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>ldap.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*tls_crlcheck[\s]*(all)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_logrotate_rotate_all_files_etc_crontab:obj:1" version="1">
      <ind:filepath>/etc/crontab</ind:filepath>
      <ind:pattern operation="pattern match">^(?!#)(?:(?:\d*(?:,\d|-\d)?|\*)+\s(?:\d*(?:,\d|-\d)?|\*)+\s\*\s*\s*\s|@hourly|@daily|@midnight)+.*logrotate</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_logrotate_rotate_all_files_etc_cron_d:obj:1" version="1">
      <ind:path>/etc/cron.d</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)(?:(?:\d*(?:,\d|-\d)?|\*)+\s(?:\d*(?:,\d|-\d)?|\*)+\s\*\s*\s*\s|@hourly|@daily|@midnight)+.*logrotate</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_logrotate_rotate_all_files_etc_cron_hourly:obj:1" version="1">
      <ind:path>/etc/cron.hourly</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#).*logrotate</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_logrotate_rotate_all_files_etc_cron_daily:obj:1" version="1">
      <ind:path>/etc/cron.daily</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#).*logrotate</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:rpminfo_object id="oval:ssg-obj_mail_debug_enabled:obj:1" version="1">
      <linux:name>sendmail</linux:name>
    </linux:rpminfo_object>
    <ind:textfilecontent54_object comment="decode and uudecode in /etc/aliases should not include file paths" id="oval:ssg-obj_mail_decode_active:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>aliases</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?:decode|uudecode)+.*(/.*)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="PrivacyOptions in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-obj_mail_expn_active_sendmail:obj:1" version="1">
      <ind:path>/etc/mail</ind:path>
      <ind:filename>sendmail.cf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?:O\s*)*(?i)(?:PrivacyOptions).*(noexpn)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="ForwardPath in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-obj_mail_forward_files_sendmail:obj:1" version="1">
      <ind:path>/etc/mail</ind:path>
      <ind:filename>sendmail.cf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?:O\s*)*(?i)(?:ForwardPath).*(/.*)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment=".forward" id="oval:ssg-object_mail_forward_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/</unix:path>
      <unix:filename operation="pattern match">^\.forward$</unix:filename>
      <filter action="exclude">oval:ssg-state_mail_forward_files_symlink:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object comment="/etc/mail/helpfile must be empty" id="oval:ssg-obj_mail_help_command_sendmail:obj:1" version="1">
      <ind:path>/etc/mail</ind:path>
      <ind:filename>helpfile</ind:filename>
      <ind:pattern operation="pattern match">^([\s]*[\S]+)+</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="mail in /etc/syslog.conf should be set correctly" id="oval:ssg-obj_mail_log_enabled:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>syslog.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(mail\.\*|mail\.crit)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="LogLevel in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-obj_mail_log_level_sendmail:obj:1" version="1">
      <ind:path>/etc/mail</ind:path>
      <ind:filename>sendmail.cf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?:O\s*)*(?i)(?:LogLevel[\s]*=[\s]*(9|[0-9]{2,})+)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="DaemonPortOptions in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-obj_mail_external_enabled_sendmail:obj:1" version="1">
      <ind:path>/etc/mail</ind:path>
      <ind:filename>sendmail.cf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?:O\s*)*(?i)DaemonPortOptions.*Addr=(localhost|127.0.0.1|\[::1\])</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="promiscuous_relay in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-obj_mail_relaying_disabled_sendmail:obj:1" version="1">
      <ind:path>/etc/mail</ind:path>
      <ind:filename>sendmail.mc</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?:O\s*)*(?i)(promiscuous_relay).*</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="inet_interfaces in /etc/postfix/main.cf should be set correctly" id="oval:ssg-obj_mail_external_enabled_postfix:obj:1" version="1">
      <ind:path>/etc/postfix</ind:path>
      <ind:filename>main.cf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)inet_interfaces\s+=\s+([,]*[\s]*(?:localhost|loopback-only|127.0.0.1|\[::1\])*)+$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="smtpd_client_restrictions in /etc/postfix/main.cf should be set correctly" id="oval:ssg-obj_mail_relaying_disabled_postfix:obj:1" version="1">
      <ind:path>/etc/postfix</ind:path>
      <ind:filename>main.cf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)smtpd_client_restrictions\s*=\s*((?!permit.*)reject.*)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:rpminfo_object id="oval:ssg-obj_mail_up_to_date_sendmail:obj:1" version="1">
      <linux:name>sendmail</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_mail_up_to_date_postfix:obj:1" version="1">
      <linux:name>postfix</linux:name>
    </linux:rpminfo_object>
    <ind:textfilecontent54_object comment="SmtpGreetingMessage in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-obj_mail_version_info_sendmail:obj:1" version="1">
      <ind:path>/etc/mail</ind:path>
      <ind:filename>sendmail.cf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?:O\s*)*(?i)(SmtpGreetingMessage[\s]*=[\s]*(?:(?!\$j|\$v|\$Z).)+)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="smtpd_banner in /etc/postfix/main.cf should be set correctly" id="oval:ssg-obj_mail_version_info_postfix:obj:1" version="1">
      <ind:path>/etc/postfix</ind:path>
      <ind:filename>main.cf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?:O\s*)*(?i)(?:smtpd_banner.*(\$mail_version).*)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="PrivacyOptions in /etc/mail/sendmail.cf should be set correctly" id="oval:ssg-obj_mail_vrfy_active_sendmail:obj:1" version="1">
      <ind:path>/etc/mail</ind:path>
      <ind:filename>sendmail.cf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?:O\s*)*(?i)(?:PrivacyOptions).*(novrfy)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:rpminfo_object id="oval:ssg-obj_mail_wiz_active:obj:1" version="1">
      <linux:name>sendmail</linux:name>
    </linux:rpminfo_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nfs_nodev_etc_fstab:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match">^\s*\[?[\.\w-:]+\]?:[/\w-]+\s+[/\w-]+\s+nfs[4]?\s+(.*)$</ind:pattern>
      <!-- the "not equal" operation essentially means all instances of the regexp -->
      <ind:instance datatype="int" operation="not equal">0</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_no_nfs_defined_etc_fstab_nodev:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match">^\s*\[?[\.\w-:]+\]?:[/\w-]+\s+[/\w-]+\s+nfs[4]?\s+.*$</ind:pattern>
      <!-- the "not equal" operation below essentially means all instances of the regexp -->
      <ind:instance datatype="int" operation="not equal">0</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nfs_nosuid_etc_fstab:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match">^\s*\[?[\.\w-:]+\]?:[/\w-]+\s+[/\w-]+\s+nfs[4]?\s+(.*)$</ind:pattern>
      <!-- the "not equal" operation essentially means all instances of the regexp -->
      <ind:instance datatype="int" operation="not equal">0</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_no_nfs_defined_etc_fstab_nosuid:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match">^\s*\[?[\.\w-:]+\]?:[/\w-]+\s+[/\w-]+\s+nfs[4]?\s+.*$</ind:pattern>
      <!-- the "not equal" operation below essentially means all instances of the regexp -->
      <ind:instance datatype="int" operation="not equal">0</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_network_ipv6_default_gateway_ipv6_disabled:obj:1" version="1">
      <ind:filepath>/etc/sysconfig/network</ind:filepath>
      <ind:pattern operation="pattern match">^(?!#)[\s]*NETWORKING_IPV6[\s]*=[\s]*([a-z]+)[\s]*$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_network_ipv6_default_gateway:obj:1" version="1">
      <ind:path>/etc/sysconfig/network-scripts</ind:path>
      <ind:filename operation="pattern match">ifcfg-.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)[\s]*IPV6_DEFAULTGW[\s]*=[\s]*([a-zA-Z0-9:]+)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_network_ipv6_disable_interfaces_conf:obj:1" version="1">
      <ind:filepath>/etc/sysconfig/network</ind:filepath>
      <ind:pattern operation="pattern match">^(?!#)[\s]*NETWORKING_IPV6[\s]*=[\s]*([a-z]+)[\s]*$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nfs_enforce_host_access:obj:1" version="1">
      <ind:filepath>/etc/exports</ind:filepath>
      <ind:pattern operation="pattern match">^(?![\s]*#)(?![\s]*$)(?![\S]+(?:[\s]+(?=[\S]*[(,]{1}(?:ro|rw))[\S]*)+$).*</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nfs_mount_option_nosuid_remote_filesystems:obj:1" version="1">
      <ind:filepath>/etc/mtab</ind:filepath>
      <ind:pattern operation="pattern match">^.*[\s]+nfs[4]?[\s]+(?:.(?!nosuid))*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nfs_no_anonymous_empty:obj:1" version="1">
      <ind:filepath>/etc/exports</ind:filepath>
      <ind:pattern operation="pattern match">[\s]*(?!#)[\S]+.*</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nfs_no_anonymous:obj:1" version="1">
      <ind:filepath>/etc/exports</ind:filepath>
      <ind:pattern operation="pattern match">^(?![\s]*#)(?![\s]*$)(?![\S]+(?:[\s]+(?=[\S]*anonuid=(?:-1|60001|65534|65535))(?=[\S]*anongid=(?:-1|60001|65534|65535))[\S]*)+$).*</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nfs_no_insecure_locks_exports:obj:1" version="1">
      <ind:filepath>/etc/exports</ind:filepath>
      <ind:pattern operation="pattern match">.*insecure_locks.*</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nfs_use_root_squashing_all_exports_no_root_squash:obj:1" version="1">
      <ind:filepath>/etc/exports</ind:filepath>
      <ind:pattern operation="pattern match">.*no_root_squash.*</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nfs_use_root_squashing_all_exports_squash:obj:1" version="1">
      <ind:filepath>/etc/exports</ind:filepath>
      <ind:pattern operation="pattern match">^(?![\s]*#)(?![\s]*$)(?![\S]+(?:[\s]+(?=[\S]*[(,]{1}(?:all_squash|root_squash))[\S]*)+$).*</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_no_empty_passwords_system_auth:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">\s*nullok\s*</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_no_empty_passwords_system_auth_ac:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth-ac</ind:filepath>
      <ind:pattern operation="pattern match">\s*nullok\s*</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-file_permissions_unowned_userid_list_object:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <ind:pattern operation="pattern match">^[^:]+:[^:]+:([\d]+):[\d]+:[^:]*:[^:]+:[^:]*$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="all local files" id="oval:ssg-file_permissions_unowned_object:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path>/</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
      <filter action="exclude">oval:ssg-file_permissions_unowned_userid_list_match:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="look for .netrc in /home" id="oval:ssg-object_no_netrc_files_home:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals">/home</unix:path>
      <unix:filename operation="pattern match">^\.netrc$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="/root/*" id="oval:ssg-object_no_root_webbrowsing:obj:1" version="1">
      <unix:path>/root/.mozilla</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="look for .rhosts or .shosts in /root" id="oval:ssg-object_no_rsh_trust_files_root:obj:1" version="1">
      <unix:path operation="equals">/root</unix:path>
      <unix:filename operation="pattern match">^\.(r|s)hosts$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="look for .rhosts or .shosts in /home" id="oval:ssg-object_no_rsh_trust_files_home:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="1" recurse_file_system="local"/>
      <unix:path operation="equals">/home</unix:path>
      <unix:filename operation="pattern match">^\.(r|s)hosts$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="look for /etc/hosts.equiv or /etc/shosts.equiv" id="oval:ssg-object_no_rsh_trust_files_etc:obj:1" version="1">
      <unix:path operation="equals">/etc</unix:path>
      <unix:filename operation="pattern match">^s?hosts\.equiv$</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object comment="Ensure at least one NTP server is set" id="oval:ssg-obj_ntp_multiple_remote_servers:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>ntp.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*server[\s]+.+$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">2</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="Ensure at least one NTP server is set" id="oval:ssg-obj_ntp_remote_server:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>ntp.conf</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*server[\s]+.+$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_autofs_removed:obj:1" version="1">
      <linux:name>autofs</linux:name>
    </linux:rpminfo_object>
    <unix:file_object comment="/usr/local/uvscan/uvscan exists" id="oval:ssg-object_usr_local_uvscan:obj:1" version="1">
      <unix:path operation="equals">/usr/local/uvscan</unix:path>
      <unix:filename>uvscan</unix:filename>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_uvscan_periodic_cron_checking_etc_crontab:obj:1" version="1">
      <ind:filepath>/etc/crontab</ind:filepath>
      <ind:pattern operation="pattern match">^(?!#)(?:(?:\d*(?:,\d|-\d)?|\*)+\s(?:\d*(?:,\d|-\d)?|\*)+\s\*\s*\s\*|@hourly|@daily|@midnight)+.*uvscan</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_uvscan_periodic_cron_checking_etc_cron_d:obj:1" version="1">
      <ind:path>/etc/cron.d</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)(?:(?:\d*(?:,\d|-\d)?|\*)+\s(?:\d*(?:,\d|-\d)?|\*)+\s\*\s*\s\*|@hourly|@daily|@midnight)+.*uvscan</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_uvscan_periodic_cron_checking_etc_cron_hourly:obj:1" version="1">
      <ind:path>/etc/cron.hourly</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#).*uvscan</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_uvscan_periodic_cron_checking_etc_cron_daily:obj:1" version="1">
      <ind:path>/etc/cron.daily</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^(?!#).*uvscan</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/opt/NAI/LinuxShield/bin/nails exists" id="oval:ssg-object_opt_nai_linuxshield_bin_nails:obj:1" version="1">
      <unix:path operation="equals">/opt/NAI/LinuxShield/bin</unix:path>
      <unix:filename>nails</unix:filename>
    </unix:file_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_mfehiplsm_installed:obj:1" version="1">
      <linux:name>MFEhiplsm</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_iptables_installed:obj:1" version="1">
      <linux:name>iptables</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_kexec-tools_removed:obj:1" version="1">
      <linux:name>kexec-tools</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_krb5-workstation_removed:obj:1" version="1">
      <linux:name>krb5-workstation</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_openssh-clients_removed:obj:1" version="1">
      <linux:name>openssh-clients</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_openssh-server_removed:obj:1" version="1">
      <linux:name>openssh-server</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_postfix_installed:obj:1" version="1">
      <linux:name>postfix</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_portmap_removed:obj:1" version="1">
      <linux:name>portmap</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_rpcbind_removed:obj:1" version="1">
      <linux:name>rpcbind</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_rsh-server_removed:obj:1" version="1">
      <linux:name>rsh-server</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_samba-common_removed:obj:1" version="1">
      <linux:name>samba-common</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_samba3x-common_removed:obj:1" version="1">
      <linux:name>samba3x-common</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_samba-swat_removed:obj:1" version="1">
      <linux:name>samba-swat</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_samba3x-swat_removed:obj:1" version="1">
      <linux:name>samba3x-swat</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_samba_removed:obj:1" version="1">
      <linux:name>samba</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_samba3x_removed:obj:1" version="1">
      <linux:name>samba3x</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_sendmail_installed:obj:1" version="1">
      <linux:name>sendmail</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_telnet-server_removed:obj:1" version="1">
      <linux:name>telnet-server</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_tftp-server_removed:obj:1" version="1">
      <linux:name>tftp-server</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_vsftpd_removed:obj:1" version="1">
      <linux:name>vsftpd</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_xinetd_removed:obj:1" version="1">
      <linux:name>xinetd</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_ypbind_removed:obj:1" version="1">
      <linux:name>ypbind</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_yum-updatesd_removed:obj:1" version="1">
      <linux:name>yum-updatesd</linux:name>
    </linux:rpminfo_object>
    <linux:partition_object id="oval:ssg-object_mount_home_own_partition:obj:1" version="1">
      <linux:mount_point>/home</linux:mount_point>
    </linux:partition_object>
    <linux:partition_object id="oval:ssg-object_own_tmp_partition:obj:1" version="1">
      <linux:mount_point>/tmp</linux:mount_point>
    </linux:partition_object>
    <linux:partition_object id="oval:ssg-object_mount_var_own_partition:obj:1" version="1">
      <linux:mount_point>/var</linux:mount_point>
    </linux:partition_object>
    <linux:partition_object id="oval:ssg-object_mount_var_log_audit_own_partition:obj:1" version="1">
      <linux:mount_point>/var/log/audit</linux:mount_point>
    </linux:partition_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_require_singleuser_auth:obj:1" version="1">
      <ind:filepath>/etc/inittab</ind:filepath>
      <ind:pattern operation="pattern match">^.*\:S\:.*/sbin/sulogin[\s]*</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:password_object id="oval:ssg-object_restricted_accounts:obj:1" version="3" comment="The shutdown, halt, and reboot user accounts.">
      <unix:username datatype="string" operation="pattern match">^(shutdown|halt|reboot)$</unix:username>
    </unix:password_object>
    <unix:password_object id="oval:ssg-object_restricted_accounts_ftp:obj:1" version="3" comment="The ftp account.">
      <unix:username datatype="string" operation="equals">ftp</unix:username>
    </unix:password_object>
    <unix:password_object id="oval:ssg-object_restricted_accounts_games:obj:1" version="3" comment="The games account.">
      <unix:username datatype="string" operation="equals">games</unix:username>
    </unix:password_object>
    <unix:password_object id="oval:ssg-object_restricted_accounts_gopher:obj:1" version="3" comment="The gopher account.">
      <unix:username datatype="string" operation="equals">gopher</unix:username>
    </unix:password_object>
    <unix:password_object id="oval:ssg-object_restricted_accounts_news:obj:1" version="3" comment="The news account.">
      <unix:username datatype="string" operation="equals">news</unix:username>
    </unix:password_object>
    <ind:textfilecontent54_object id="oval:ssg-object_rhosts_auth_pam_files:obj:1" version="1">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">.*rhosts_auth.*</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:rpmverifyfile_object id="oval:ssg-object_files_fail_md5_hash:obj:1" version="1" comment="rpm verify of all files">
      <linux:behaviors nomd5="false"/>
      <linux:name operation="pattern match">.*</linux:name>
      <linux:epoch operation="pattern match">.*</linux:epoch>
      <linux:version operation="pattern match">.*</linux:version>
      <linux:release operation="pattern match">.*</linux:release>
      <linux:arch operation="pattern match">.*</linux:arch>
      <linux:filepath operation="pattern match">^.*bin/.*$</linux:filepath>
      <filter action="include">oval:ssg-state_files_fail_md5_hash:ste:1</filter>
    </linux:rpmverifyfile_object>
    <ind:textfilecontent54_object id="oval:ssg-object_samba_encrypt_passwords_option:obj:1" version="1">
      <ind:filepath>/etc/samba/smb.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)encrypt[\s]+passwords[\s]+.*(yes)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_samba_guest_ok_option:obj:1" version="1">
      <ind:filepath>/etc/samba/smb.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)guest[\s]+ok[\s]+.*(yes)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_samba_hosts_option:obj:1" version="1">
      <ind:filepath>/etc/samba/smb.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)hosts[\s]+.*</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_samba_security_option:obj:1" version="1">
      <ind:filepath>/etc/samba/smb.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)security[\s]+.*(share)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_samba-swat_restricted_disabled:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/swat</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)disable.*(yes)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_samba-swat_restricted_access:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/swat</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)only_from[\s]*=[\s]*(localhost|127.0.0.1)[\s]*$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="virtual consoles /etc/securetty" id="oval:ssg-object_virtual_consoles_etc_securetty:obj:1" version="1">
      <ind:filepath>/etc/securetty</ind:filepath>
      <ind:pattern operation="pattern match">^(tty[0-9]+|console)$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_selinux_enforcing:obj:1" version="1">
      <ind:path>/etc/selinux</ind:path>
      <ind:filename>config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*SELINUX[\s]*=[\s]*([a-z]+)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_selinuxtype_targeted:obj:1" version="1">
      <ind:path>/etc/selinux</ind:path>
      <ind:filename>config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*SELINUXTYPE[\s]*=[\s]*([a-z]+)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_auditd:obj:1" version="1">
      <unix:service_name>auditd</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_auditd:obj:1" version="1">
      <unix:service_name>auditd</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_auditd:obj:1" version="1">
      <unix:service_name>auditd</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_auditd:obj:1" version="1">
      <unix:service_name>auditd</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_auditd:obj:1" version="1">
      <unix:service_name>auditd</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_auditd:obj:1" version="1">
      <unix:service_name>auditd</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_auditd:obj:1" version="1">
      <unix:service_name>auditd</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_autofs:obj:1" version="1">
      <unix:service_name>autofs</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_autofs:obj:1" version="1">
      <unix:service_name>autofs</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_autofs:obj:1" version="1">
      <unix:service_name>autofs</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_autofs:obj:1" version="1">
      <unix:service_name>autofs</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_autofs:obj:1" version="1">
      <unix:service_name>autofs</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_autofs:obj:1" version="1">
      <unix:service_name>autofs</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_autofs:obj:1" version="1">
      <unix:service_name>autofs</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_dovecot:obj:1" version="1">
      <unix:service_name>dovecot</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_dovecot:obj:1" version="1">
      <unix:service_name>dovecot</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_dovecot:obj:1" version="1">
      <unix:service_name>dovecot</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_dovecot:obj:1" version="1">
      <unix:service_name>dovecot</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_dovecot:obj:1" version="1">
      <unix:service_name>dovecot</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_dovecot:obj:1" version="1">
      <unix:service_name>dovecot</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_dovecot:obj:1" version="1">
      <unix:service_name>dovecot</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_iptables:obj:1" version="1">
      <unix:service_name>iptables</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_iptables:obj:1" version="1">
      <unix:service_name>iptables</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_iptables:obj:1" version="1">
      <unix:service_name>iptables</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_iptables:obj:1" version="1">
      <unix:service_name>iptables</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_iptables:obj:1" version="1">
      <unix:service_name>iptables</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_iptables:obj:1" version="1">
      <unix:service_name>iptables</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_iptables:obj:1" version="1">
      <unix:service_name>iptables</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_kdump:obj:1" version="1">
      <unix:service_name>kdump</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_kdump:obj:1" version="1">
      <unix:service_name>kdump</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_kdump:obj:1" version="1">
      <unix:service_name>kdump</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_kdump:obj:1" version="1">
      <unix:service_name>kdump</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_kdump:obj:1" version="1">
      <unix:service_name>kdump</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_kdump:obj:1" version="1">
      <unix:service_name>kdump</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_kdump:obj:1" version="1">
      <unix:service_name>kdump</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_ntpd:obj:1" version="1">
      <unix:service_name>ntpd</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_ntpd:obj:1" version="1">
      <unix:service_name>ntpd</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_ntpd:obj:1" version="1">
      <unix:service_name>ntpd</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_ntpd:obj:1" version="1">
      <unix:service_name>ntpd</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_ntpd:obj:1" version="1">
      <unix:service_name>ntpd</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_ntpd:obj:1" version="1">
      <unix:service_name>ntpd</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_ntpd:obj:1" version="1">
      <unix:service_name>ntpd</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_postfix:obj:1" version="1">
      <unix:service_name>postfix</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_postfix:obj:1" version="1">
      <unix:service_name>postfix</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_postfix:obj:1" version="1">
      <unix:service_name>postfix</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_postfix:obj:1" version="1">
      <unix:service_name>postfix</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_postfix:obj:1" version="1">
      <unix:service_name>postfix</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_postfix:obj:1" version="1">
      <unix:service_name>postfix</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_postfix:obj:1" version="1">
      <unix:service_name>postfix</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_xinetd_rexec_disabled:obj:1" version="1">
      <!-- the rpm package rsh-server installs a xinetd config file in /etc/xinetd.d which controls rexec -->
      <!-- in this case /sbin/chkconfig edits /etc/xinetd.d/rexec to enable/disable this service which is why we check it this way -->
      <ind:filepath>/etc/xinetd.d/rexec</ind:filepath>
      <ind:pattern operation="pattern match">^\s*disable\s+=\s+yes\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_xinetd_rlogin_disabled:obj:1" version="1">
      <!-- the rpm package rsh-server installs a xinetd config file in /etc/xinetd.d which controls rlogin -->
      <!-- in this case /sbin/chkconfig edits /etc/xinetd.d/rlogin to enable/disable this service which is why we check it this way -->
      <ind:filepath>/etc/xinetd.d/rlogin</ind:filepath>
      <ind:pattern operation="pattern match">^\s*disable\s+=\s+yes\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_portmap:obj:1" version="1">
      <unix:service_name>portmap</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_portmap:obj:1" version="1">
      <unix:service_name>portmap</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_portmap:obj:1" version="1">
      <unix:service_name>portmap</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_portmap:obj:1" version="1">
      <unix:service_name>portmap</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_portmap:obj:1" version="1">
      <unix:service_name>portmap</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_portmap:obj:1" version="1">
      <unix:service_name>portmap</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_portmap:obj:1" version="1">
      <unix:service_name>portmap</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_rpcbind:obj:1" version="1">
      <unix:service_name>rpcbind</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_rpcbind:obj:1" version="1">
      <unix:service_name>rpcbind</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_rpcbind:obj:1" version="1">
      <unix:service_name>rpcbind</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_rpcbind:obj:1" version="1">
      <unix:service_name>rpcbind</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_rpcbind:obj:1" version="1">
      <unix:service_name>rpcbind</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_rpcbind:obj:1" version="1">
      <unix:service_name>rpcbind</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_rpcbind:obj:1" version="1">
      <unix:service_name>rpcbind</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_xinetd_rsh_disabled:obj:1" version="1">
      <!-- the rpm package rsh-server installs a xinetd config file in /etc/xinetd.d which controls rsh -->
      <!-- in this case /sbin/chkconfig edits /etc/xinetd.d/rsh to enable/disable this service which is why we check it this way -->
      <ind:filepath>/etc/xinetd.d/rsh</ind:filepath>
      <ind:pattern operation="pattern match">^\s*disable\s+=\s+yes\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_sshd:obj:1" version="1">
      <unix:service_name>sshd</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_sshd:obj:1" version="1">
      <unix:service_name>sshd</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_sshd:obj:1" version="1">
      <unix:service_name>sshd</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_sshd:obj:1" version="1">
      <unix:service_name>sshd</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_sshd:obj:1" version="1">
      <unix:service_name>sshd</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_sshd:obj:1" version="1">
      <unix:service_name>sshd</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_sshd:obj:1" version="1">
      <unix:service_name>sshd</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <ind:textfilecontent54_object comment="Disable Telnet Service" id="oval:ssg-obj_disable_telnet_service:obj:1" version="1">
      <ind:path>/etc/xinetd.d</ind:path>
      <ind:filename>telnet</ind:filename>
      <ind:pattern operation="pattern match">^\s*disable\s+=\s+yes\s*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_tftp:obj:1" version="1">
      <unix:service_name>tftp</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_tftp:obj:1" version="1">
      <unix:service_name>tftp</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_tftp:obj:1" version="1">
      <unix:service_name>tftp</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_tftp:obj:1" version="1">
      <unix:service_name>tftp</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_tftp:obj:1" version="1">
      <unix:service_name>tftp</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_tftp:obj:1" version="1">
      <unix:service_name>tftp</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_tftp:obj:1" version="1">
      <unix:service_name>tftp</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_gssftp:obj:1" version="1">
      <unix:service_name>gssftp</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_gssftp:obj:1" version="1">
      <unix:service_name>gssftp</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_gssftp:obj:1" version="1">
      <unix:service_name>gssftp</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_gssftp:obj:1" version="1">
      <unix:service_name>gssftp</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_gssftp:obj:1" version="1">
      <unix:service_name>gssftp</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_gssftp:obj:1" version="1">
      <unix:service_name>gssftp</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_gssftp:obj:1" version="1">
      <unix:service_name>gssftp</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_vsftpd:obj:1" version="1">
      <unix:service_name>vsftpd</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_vsftpd:obj:1" version="1">
      <unix:service_name>vsftpd</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_vsftpd:obj:1" version="1">
      <unix:service_name>vsftpd</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_vsftpd:obj:1" version="1">
      <unix:service_name>vsftpd</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_vsftpd:obj:1" version="1">
      <unix:service_name>vsftpd</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_vsftpd:obj:1" version="1">
      <unix:service_name>vsftpd</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_vsftpd:obj:1" version="1">
      <unix:service_name>vsftpd</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_xinetd:obj:1" version="1">
      <unix:service_name>xinetd</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_xinetd:obj:1" version="1">
      <unix:service_name>xinetd</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_xinetd:obj:1" version="1">
      <unix:service_name>xinetd</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_xinetd:obj:1" version="1">
      <unix:service_name>xinetd</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_xinetd:obj:1" version="1">
      <unix:service_name>xinetd</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_xinetd:obj:1" version="1">
      <unix:service_name>xinetd</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_xinetd:obj:1" version="1">
      <unix:service_name>xinetd</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_ypbind:obj:1" version="1">
      <unix:service_name>ypbind</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_ypbind:obj:1" version="1">
      <unix:service_name>ypbind</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_ypbind:obj:1" version="1">
      <unix:service_name>ypbind</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_ypbind:obj:1" version="1">
      <unix:service_name>ypbind</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_ypbind:obj:1" version="1">
      <unix:service_name>ypbind</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_ypbind:obj:1" version="1">
      <unix:service_name>ypbind</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_ypbind:obj:1" version="1">
      <unix:service_name>ypbind</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel0_yum-updatesd:obj:1" version="1">
      <unix:service_name>yum-updatesd</unix:service_name>
      <unix:runlevel operation="equals">0</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel1_yum-updatesd:obj:1" version="1">
      <unix:service_name>yum-updatesd</unix:service_name>
      <unix:runlevel operation="equals">1</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel2_yum-updatesd:obj:1" version="1">
      <unix:service_name>yum-updatesd</unix:service_name>
      <unix:runlevel operation="equals">2</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel3_yum-updatesd:obj:1" version="1">
      <unix:service_name>yum-updatesd</unix:service_name>
      <unix:runlevel operation="equals">3</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel4_yum-updatesd:obj:1" version="1">
      <unix:service_name>yum-updatesd</unix:service_name>
      <unix:runlevel operation="equals">4</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel5_yum-updatesd:obj:1" version="1">
      <unix:service_name>yum-updatesd</unix:service_name>
      <unix:runlevel operation="equals">5</unix:runlevel>
    </unix:runlevel_object>
    <unix:runlevel_object id="oval:ssg-obj_runlevel6_yum-updatesd:obj:1" version="1">
      <unix:service_name>yum-updatesd</unix:service_name>
      <unix:runlevel operation="equals">6</unix:runlevel>
    </unix:runlevel_object>
    <ind:textfilecontent54_object comment="check /etc/pam.d/system-auth for correct settings" id="oval:ssg-object_set_password_hashing_algorithm_systemauth:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*password[\s]+.*[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="check /etc/pam.d/system-auth-ac for correct settings" id="oval:ssg-object_set_password_hashing_algorithm_systemauthac:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth-ac</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*password[\s]+.*[\s]+pam_unix\.so[\s]+.*sha512.*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_shells_file_references:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <ind:pattern operation="pattern match">^.*:(/.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_shells_file_references_var:obj:1" version="1">
      <ind:filepath>/etc/shells</ind:filepath>
      <ind:pattern operation="pattern match">^(.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="snmpd.conf" id="oval:ssg-object_snmpd_not_default_password:obj:1" version="1">
      <ind:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <ind:path>/</ind:path>
      <ind:filename>snmpd.conf</ind:filename>
      <ind:pattern operation="pattern match">^(?!#|[\s]*#).*(public|private|snmp-trap|password)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="snmpd.conf" id="oval:ssg-object_snmpd_use_approved_encryption:obj:1" version="1">
      <ind:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <ind:path>/</ind:path>
      <ind:filename>snmpd.conf</ind:filename>
      <ind:pattern operation="pattern match">^(?!#|[\s]*#)[\s]*(?i)(?:createUser)[\s]+(?:(?!AES).)+$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="snmpd.conf" id="oval:ssg-object_snmpd_use_approved_hash:obj:1" version="1">
      <ind:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <ind:path>/</ind:path>
      <ind:filename>snmpd.conf</ind:filename>
      <ind:pattern operation="pattern match">^(?!#|[\s]*#)[\s]*(?i)(?:createUser)[\s]+(?:(?!SHA).)+$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="snmpd.conf" id="oval:ssg-object_snmpd_use_newer_protocol:obj:1" version="1">
      <ind:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <ind:path>/</ind:path>
      <ind:filename>snmpd.conf</ind:filename>
      <ind:pattern operation="pattern match">^(?!#|[\s]*#)[\s]*(?i)(v1|v2c|community|com2sec)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ssh_gssapiauthentication:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>ssh_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)GSSAPIAuthentication[\s]+no[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ssh_no_cbc:obj:1" version="1">
      <ind:filepath>/etc/ssh/ssh_config</ind:filepath>
      <ind:pattern operation="pattern match">^[Cc][Ii][Pp][Hh][Ee][Rr][Ss]\s+([,]*[a-z]+[0-9]+-(?!cbc)[a-z]+)+$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_ssh_protocol_2:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>ssh_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)Protocol[\s]+2[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ssh_use_approved_ciphers:obj:1" version="1">
      <ind:filepath>/etc/ssh/ssh_config</ind:filepath>
      <ind:pattern operation="pattern match">^[Cc][Ii][Pp][Hh][Ee][Rr][Ss]\s+([,]*(?:aes|3des)+[0-9]+-[a-z]+)+$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_ssh_use_approved_macs:obj:1" version="1">
      <ind:filepath>/etc/ssh/ssh_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)MACS[\s]+(.*)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_compression:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)Compression[\s]+(no|delayed)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_permitrootlogin_yes:obj:1" version="1">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)PermitRootLogin[\s]+yes[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_permitrootlogin_no:obj:1" version="1">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)PermitRootLogin[\s]+no[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_banner_set:obj:1" version="1">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_gssapiauthentication:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)GSSAPIAuthentication[\s]+no[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_ipfiltering_allow:obj:1" version="2">
      <ind:path>/etc</ind:path>
      <ind:filename>hosts.allow</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*sshd</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_ipfiltering_deny:obj:1" version="2">
      <ind:path>/etc</ind:path>
      <ind:filename>hosts.deny</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*sshd</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_kerberosauthentication:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)KerberosAuthentication[\s]+no[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_listen_addresses:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)ListenAddress\s+(?!0\.0\.0\.0)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[A-Fa-f0-9:]+)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_no_cbc:obj:1" version="1">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[Cc][Ii][Pp][Hh][Ee][Rr][Ss]\s+([,]*[a-z]+[0-9]+-(?!cbc)[a-z]+)+$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_pam_lastlog:obj:1" version="2">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>sshd</ind:filename>
      <ind:pattern operation="pattern match">^.*pam_lastlog\.so(?:(?!silent).)*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_printlastlog:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)PrintLastLog[\s]+no[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_privilegeseparation:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)UsePrivilegeSeparation[\s]+yes[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_protocol_2:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)Protocol[\s]+2[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_rhostsrsaauthentication:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)RhostsRSAAuthentication[\s]+no[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_strictmodes:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)StrictModes[\s]+yes[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_use_approved_ciphers:obj:1" version="1">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[Cc][Ii][Pp][Hh][Ee][Rr][Ss]\s+([,]*(?:aes|3des)+[0-9]+-[a-z]+)+$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_use_approved_macs:obj:1" version="1">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)MACS[\s]+(.*)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_pam_access:obj:1" version="2">
      <ind:path>/etc/pam.d</ind:path>
      <ind:filename>sshd</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*account[\s]+required[\s]+pam_access\.so</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_users_groups:obj:1" version="2">
      <ind:path>/etc/ssh</ind:path>
      <ind:filename>sshd_config</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*(?i)(AllowGroups|AllowUsers)[\s]*</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="/etc/pam.d/su" id="oval:ssg-object_sudo_wheel:obj:1" version="1">
      <ind:filepath>/etc/pam.d/su</ind:filepath>
      <ind:pattern operation="pattern match">^([\s]*auth[\s]+required[\s]+(?:/lib/security/(?:\$ISA/)*)*pam_wheel.so.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sysconfig_networking_bootproto_ifcfg:obj:1" version="1">
      <ind:path>/etc/sysconfig/network-scripts</ind:path>
      <ind:filename operation="pattern match">ifcfg-.*</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*BOOTPROTO[\s]*=[\s"]*([^#"\s]*)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sysconfig_networking_userctl_ifcfg:obj:1" version="1">
      <ind:path>/etc/sysconfig/network-scripts</ind:path>
      <ind:filename operation="pattern match">ifcfg-.*</ind:filename>
      <ind:pattern operation="pattern match">^USERCTL=yes$</ind:pattern>
      <ind:instance datatype="int" operation="greater than">0</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_kernel_execshield:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*kernel.exec-shield[\s]*=[\s]*1*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_kernel_execshield:obj:1" version="1">
      <unix:name>kernel.exec-shield</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_kernel_exec_shield:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*kernel.exec-shield[\s]*=[\s]*1*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_kernel_exec_shield:obj:1" version="1">
      <unix:name>kernel.exec-shield</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_kernel_randomize_va_space:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*kernel.randomize_va_space[\s]*=[\s]*1*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_kernel_randomize_va_space:obj:1" version="1">
      <unix:name>kernel.randomize_va_space</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_conf_all_accept_redirects:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.conf.all.accept_redirects[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_conf_all_accept_redirects:obj:1" version="1">
      <unix:name>net.ipv4.conf.all.accept_redirects</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_conf_default_accept_redirects:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.conf.default.accept_redirects[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_conf_default_accept_redirects:obj:1" version="1">
      <unix:name>net.ipv4.conf.default.accept_redirects</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_conf_all_accept_source_route:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.conf.all.accept_source_route[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_conf_all_accept_source_route:obj:1" version="1">
      <unix:name>net.ipv4.conf.all.accept_source_route</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_conf_default_accept_source_route:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.conf.default.accept_source_route[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_conf_default_accept_source_route:obj:1" version="1">
      <unix:name>net.ipv4.conf.default.accept_source_route</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_conf_all_log_martians:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.conf.all.log_martians[\s]*=[\s]*1*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_conf_all_log_martians:obj:1" version="1">
      <unix:name>net.ipv4.conf.all.log_martians</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_conf_default_log_martians:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.conf.default.log_martians[\s]*=[\s]*1*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_conf_default_log_martians:obj:1" version="1">
      <unix:name>net.ipv4.conf.default.log_martians</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_conf_all_send_redirects:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.conf.all.send_redirects[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_conf_all_send_redirects:obj:1" version="1">
      <unix:name>net.ipv4.conf.all.send_redirects</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_conf_default_send_redirects:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.conf.default.send_redirects[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_conf_default_send_redirects:obj:1" version="1">
      <unix:name>net.ipv4.conf.default.send_redirects</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.icmp_echo_ignore_broadcasts[\s]*=[\s]*1*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:obj:1" version="1">
      <unix:name>net.ipv4.icmp_echo_ignore_broadcasts</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_ip_forward:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.ip_forward[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_ip_forward:obj:1" version="1">
      <unix:name>net.ipv4.ip_forward</unix:name>
    </unix:sysctl_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_tcp_max_syn_backlog:obj:1" version="1">
      <unix:name>net.ipv4.tcp_max_syn_backlog</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_tcp_max_syn_backlog:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.tcp_max_syn_backlog[\s]*=[\s]*1280*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv4_tcp_syncookies:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv4.tcp_syncookies[\s]*=[\s]*1*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv4_tcp_syncookies:obj:1" version="1">
      <unix:name>net.ipv4.tcp_syncookies</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv6_conf_all_accept_redirects:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv6.conf.all.accept_redirects[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_sysctl_net_ipv6_conf_all_accept_redirects:obj:1" version="1">
      <unix:name>net.ipv6.conf.all.accept_redirects</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv6_conf_forwarding_all:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv6.conf.all.forwarding[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctl_net_ipv6_conf_forwarding_default:obj:1" version="1">
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*net.ipv6.conf.default.forwarding[\s]*=[\s]*0*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_syslog_nolisten:obj:1" version="1">
      <ind:path>/etc/sysconfig</ind:path>
      <ind:filename>syslog</ind:filename>
      <ind:pattern operation="pattern match">^(?!#)[\s]*SYSLOGD_OPTIONS[\s]*=[\s]*".*(-r)[\s"]</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_syslog_remote_loghost:obj:1" version="1">
      <ind:path>/etc</ind:path>
      <ind:filename>syslog.conf</ind:filename>
      <ind:pattern operation="pattern match">^\*\.\*[\s]+(?:@|\:omrelp\:)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/hosts.allow" id="oval:ssg-object_system_access_control_hosts_allow_exists:obj:1" version="1">
      <unix:filepath>/etc/hosts.allow</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object comment="/etc/hosts.deny" id="oval:ssg-object_system_access_control_hosts_deny_configured:obj:1" version="1">
      <ind:filepath>/etc/hosts.deny</ind:filepath>
      <ind:pattern operation="pattern match">^(ALL: ALL[:| ]*.*)$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:uname_object comment="32 bit architecture" id="oval:ssg-object_system_info_architecture_x86:obj:1" version="1"/>
    <unix:uname_object comment="64 bit architecture" id="oval:ssg-object_system_info_architecture_x86_64:obj:1" version="1"/>
    <ind:textfilecontent54_object id="oval:ssg-object_tftpd_user_shell_disabled:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/tftp</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)disable.*(yes)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_tftpd_user_shell_user:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/tftp</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?!#)user.*(tftp)</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:password_object id="oval:ssg-object_tftpd_user_shell:obj:1" version="3">
      <unix:username datatype="string" operation="pattern match">^tftp$</unix:username>
    </unix:password_object>
    <ind:textfilecontent54_object id="oval:ssg-object_tftpd_uses_secure_mode:obj:1" version="1">
      <ind:filepath>/etc/xinetd.d/tftp</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*server_args[\s]+=[\s]+\-s[\s]+.+$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_inittab_default_runlevel:obj:1" version="1">
      <ind:filepath>/etc/inittab</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*id:3:initdefault:[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_passwd_content:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <!-- User names from /etc/passwd (1-th column) captured as subexpression of this object -->
      <ind:pattern operation="pattern match">^([^:]+):.*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-object_count_of_all_usernames_from_etc_passwd:obj:1" version="1">
      <ind:var_ref>oval:ssg-variable_count_of_all_usernames_from_etc_passwd:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:textfilecontent54_object id="oval:ssg-object_last_pass_min_len_from_etc_login_defs:obj:1" version="1">
      <!-- Read whole /etc/login.defs as single line so we can retrieve last PASS_MIN_LEN directive occurrence -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/login.defs</ind:filepath>
      <!-- Retrieve last (uncommented) occurrence of PASS_MIN_LEN directive -->
      <ind:pattern operation="pattern match">.*\n[^#]*(PASS_MIN_LEN\s+\d+)\s*\n</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-object_last_pass_min_len_instance_value:obj:1" version="1">
      <ind:var_ref>oval:ssg-variable_last_pass_min_len_instance_value:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_password_pam_cracklib_retry:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_cracklib\.so.*retry=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_password_pam_pwquality_retry:obj:1" version="1">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*password\s+(?:(?:required)|(?:requisite))\s+pam_pwquality\.so.*retry=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_last_pass_warn_age_from_etc_login_defs:obj:1" version="1">
      <!-- Read whole /etc/login.defs as single line so we can retrieve last PASS_WARN_AGE directive occurrence -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/login.defs</ind:filepath>
      <!-- Retrieve last (uncommented) occurrence of PASS_WARN_AGE directive -->
      <ind:pattern operation="pattern match">.*\n[^#]*(PASS_WARN_AGE\s+\d+)\s*\n</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-object_last_pass_warn_age_instance_value:obj:1" version="1">
      <ind:var_ref>oval:ssg-variable_last_pass_warn_age_instance_value:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_preauth_silent_system-auth:obj:1" version="1">
      <!-- Read whole /etc/pam.d/system-auth content as single line so we can verify existing order of PAM modules -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <!-- Since order of PAM modules matters ensure pam_faillock.so preauth silent in auth section is listed before
         pam_unix.so module in auth section -->
      <ind:pattern operation="pattern match">[\n][\s]*auth[\s]+required[\s]+pam_faillock\.so[\s]+preauth[\s]+silent[\s]+[^\n]*deny=([0-9]+)[\s]*(?s).*[\n][\s]*auth[\s]+(?:(?:sufficient)|(?:\[.*default=die.*\]))[\s]+pam_unix\.so[^\n]*[\n]</ind:pattern>
      <!-- Check only the first instance -->
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_authfail_deny_system-auth:obj:1" version="1">
      <!-- Read whole /etc/pam.d/system-auth content as single line so we can verify existing order of PAM modules -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <!-- Since order of PAM modules matters ensure pam_faillock.so in auth section is listed right after pam_unix.so auth row -->
      <ind:pattern operation="pattern match">[\n][\s]*auth[\s]+(?:(?:sufficient)|(?:\[.*default=die.*\]))[\s]+pam_unix\.so[^\n]+(?s).*[\n][\s]*auth[\s]+\[default=die\][\s]+pam_faillock\.so[\s]+authfail[\s]+[^\n]*deny=([0-9]+)[^\n]*[\n]</ind:pattern>
      <!-- Check only the first instance -->
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_account_phase_system-auth:obj:1" version="1">
      <!-- Read whole /etc/pam.d/system-auth content as single line so we can verify existing order of PAM modules -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <!-- Since order of PAM modules matters ensure pam_faillock.so in account section is listed right before pam_unix.so account row -->
      <ind:pattern operation="pattern match">[\n][\s]*account[\s]+required[\s]+pam_faillock\.so[^\n]*[\n][\s]*account[\s]+required[\s]+pam_unix\.so[^\n]*[\n]</ind:pattern>
      <!-- Check only the first instance -->
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_preauth_silent_password-auth:obj:1" version="1">
      <!-- Read whole /etc/pam.d/password-auth content as single line so we can verify existing order of PAM modules -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/pam.d/password-auth</ind:filepath>
      <!-- Since order of PAM modules matters ensure pam_faillock.so preauth silent in auth section is listed before
         pam_unix.so module in auth section -->
      <ind:pattern operation="pattern match">[\n][\s]*auth[\s]+required[\s]+pam_faillock\.so[\s]+preauth[\s]+silent[\s]+[^\n]*deny=([0-9]+)[\s]*(?s).*[\n][\s]*auth[\s]+(?:(?:sufficient)|(?:\[.*default=die.*\]))[\s]+pam_unix\.so[^\n]*[\n]</ind:pattern>
      <!-- Check only the first instance -->
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_authfail_deny_password-auth:obj:1" version="1">
      <!-- Read whole /etc/pam.d/system-auth content as single line so we can verify existing order of PAM modules -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/pam.d/password-auth</ind:filepath>
      <!-- Since order of PAM modules matters ensure pam_faillock.so in auth section is listed right after pam_unix.so auth row -->
      <ind:pattern operation="pattern match">[\n][\s]*auth[\s]+(?:(?:sufficient)|(?:\[.*default=die.*\]))[\s]+pam_unix\.so[^\n]+(?s).*[\n][\s]*auth[\s]+\[default=die\][\s]+pam_faillock\.so[\s]+authfail[\s]+[^\n]*deny=([0-9]+)[^\n]*[\n]</ind:pattern>
      <!-- Check only the first instance -->
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_account_phase_password-auth:obj:1" version="1">
      <!-- Read whole /etc/pam.d/system-auth content as single line so we can verify existing order of PAM modules -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/pam.d/password-auth</ind:filepath>
      <!-- Since order of PAM modules matters ensure pam_faillock.so in account section is listed right before pam_unix.so account row -->
      <ind:pattern operation="pattern match">[\n][\s]*account[\s]+required[\s]+pam_faillock\.so[^\n]*[\n][\s]*account[\s]+required[\s]+pam_unix\.so[^\n]*[\n]</ind:pattern>
      <!-- Check only the first instance -->
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_fail_interval_system-auth:obj:1" version="2">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*auth\s+(?:(?:required))\s+pam_faillock\.so\s+preauth.*fail_interval=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_authfail_fail_interval_system-auth:obj:1" version="2">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so\s+authfail.*fail_interval=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_fail_interval_password-auth:obj:1" version="2">
      <ind:filepath>/etc/pam.d/password-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so\s+authfail.*fail_interval=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_preauth_fail_interval_password-auth:obj:1" version="2">
      <ind:filepath>/etc/pam.d/password-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*auth\s+(?:(?:required))\s+pam_faillock\.so\s+preauth.*fail_interval=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_unlock_time_system-auth:obj:1" version="2">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*auth\s+(?:(?:required))\s+pam_faillock\.so\s+preauth.*unlock_time=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_authfail_unlock_time_system-auth:obj:1" version="2">
      <ind:filepath>/etc/pam.d/system-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so\s+authfail.*unlock_time=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_unlock_time_password-auth:obj:1" version="2">
      <ind:filepath>/etc/pam.d/password-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so\s+authfail.*unlock_time=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_accounts_passwords_pam_faillock_preauth_unlock_time_password-auth:obj:1" version="2">
      <ind:filepath>/etc/pam.d/password-auth</ind:filepath>
      <ind:pattern operation="pattern match">^\s*auth\s+(?:(?:required))\s+pam_faillock\.so\s+preauth.*unlock_time=([0-9]*).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_profile_tmout:obj:1" version="1">
      <ind:filepath>/etc/profile</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*TMOUT[\s]*=[\s]*(.*)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_profiled_tmout:obj:1" version="1">
      <ind:path>/etc/profile.d</ind:path>
      <ind:filename operation="pattern match">^.*\.sh$</ind:filename>
      <ind:pattern operation="pattern match">^[\s]*TMOUT[\s]*=[\s]*(.*)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_umask_from_etc_bashrc:obj:1" comment="Umask value from /etc/bashrc" version="1">
      <ind:filepath>/etc/bashrc</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)UMASK(?-i)[\s]+([^#\s]*)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-obj_accounts_umask_etc_bashrc:obj:1" version="1">
      <ind:var_ref>oval:ssg-var_etc_bashrc_umask_as_number:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_umask_from_etc_csh_cshrc:obj:1" comment="Umask value from /etc/csh.cshrc" version="1">
      <ind:filepath>/etc/csh.cshrc</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)UMASK(?-i)[\s]+([^#\s]*)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-obj_accounts_umask_etc_csh_cshrc:obj:1" version="1">
      <ind:var_ref>oval:ssg-var_etc_csh_cshrc_umask_as_number:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_umask_from_etc_login_defs:obj:1" comment="Umask value from /etc/login.defs" version="1">
      <ind:filepath>/etc/login.defs</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)UMASK(?-i)[\s]+([^#\s]*)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-obj_accounts_umask_etc_login_defs:obj:1" version="1">
      <ind:var_ref>oval:ssg-var_etc_login_defs_umask_as_number:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_umask_from_etc_profile:obj:1" comment="Umask value from /etc/profile" version="1">
      <ind:filepath>/etc/profile</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)UMASK(?-i)[\s]+([^#\s]*)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-obj_accounts_umask_etc_profile:obj:1" version="1">
      <ind:var_ref>oval:ssg-var_etc_profile_umask_as_number:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_build_database_dirpath:obj:1" version="1">
      <ind:filepath>/etc/aide.conf</ind:filepath>
      <ind:pattern operation="pattern match">^@@define[\s]DBDIR[\s]+(/.*)$</ind:pattern>
      <ind:instance operation="equals" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_build_new_database_filename:obj:1" version="1">
      <ind:filepath>/etc/aide.conf</ind:filepath>
      <ind:pattern operation="pattern match">^database_out=file:@@{DBDIR}/([a-z.]+)$</ind:pattern>
      <!-- From aide.conf(5) - "If there are multiple database_out lines, then the first one is used" =>
         therefore we will retrieve only the first instance -->
      <ind:instance operation="equals" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_operational_database_filename:obj:1" version="1">
      <ind:filepath>/etc/aide.conf</ind:filepath>
      <ind:pattern operation="pattern match">^database=file:@@{DBDIR}/([a-z.]+)$</ind:pattern>
      <!-- From aide.conf(5) - "If there are multiple database_out lines, then the first one is used" =>
                  therefore we will retrieve only the first instance -->
      <ind:instance operation="equals" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object id="oval:ssg-object_aide_build_new_database_absolute_path:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-variable_aide_build_new_database_absolute_path:var:1" var_check="at least one"/>
    </unix:file_object>
    <unix:file_object id="oval:ssg-object_aide_operational_database_absolute_path:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-variable_aide_operational_database_absolute_path:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object comment="notify personnel when aide completes" id="oval:ssg-object_test_aide_scan_notification:obj:1" version="1">
      <ind:filepath>/etc/crontab</ind:filepath>
      <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*root@.*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="notify personnel when aide completes" id="oval:ssg-object_aide_var_cron_notification:obj:1" version="1">
      <ind:filepath>/var/spool/cron/root</ind:filepath>
      <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*root@.*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)" id="oval:ssg-object_aide_crontabs_notification:obj:1" version="1">
      <ind:path operation="pattern match">/etc/cron.(d|daily|weekly|monthly)</ind:path>
      <ind:filename operation="pattern match">^.*$</ind:filename>
      <ind:pattern operation="pattern match">^.*/usr/sbin/aide[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*root@.*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_non_fips_hashes:obj:1" version="1">
      <ind:filepath>/etc/aide.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[A-Z]*[\s]*=[\s]*.*(sha1|rmd160|sha256|whirlpool|tiger|haval|gost|crc32).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">0</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_use_fips_hashes:obj:1" version="1">
      <ind:filepath>/etc/aide.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[A-Z]*[\s]*=[\s]*([a-z0-9\+]*)$</ind:pattern>
      <ind:instance datatype="int" operation="greater than">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_verify_acls:obj:1" version="1">
      <ind:filepath>/etc/aide.conf</ind:filepath>
      <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[A-Z]*[\s]*=[\s]*([a-z0-9\+]*)$</ind:pattern>
      <ind:instance datatype="int" operation="greater than">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_aide_verify_ext_attributes:obj:1" version="1">
      <ind:filepath>/etc/aide.conf</ind:filepath>
      <ind:pattern operation="pattern match">^(?!ALLXTRAHASHES)[A-Z]*[\s]*=[\s]*([a-z0-9\+]*)$</ind:pattern>
      <ind:instance datatype="int" operation="greater than">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_conf_log_group_root:obj:1" comment="log_group = root" version="1">
      <ind:filepath operation="equals">/etc/audit/auditd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[ ]*log_group[ ]+=[ ]+root[ ]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_action_mail_acct:obj:1" version="2">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
      <!-- Require at least one space before and after the equal sign -->
      <ind:pattern operation="pattern match">^[ ]*action_mail_acct[ ]+=[ ]+(\S+)[ ]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_admin_space_left_action:obj:1" version="2">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
      <!-- Require at least one space before and after the equal sign -->
      <ind:pattern operation="pattern match">^[ ]*admin_space_left_action[ ]+=[ ]+(\S+)[ ]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_flush:obj:1" version="1">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
      <!-- Require at least one space before and after the equal sign -->
      <ind:pattern operation="pattern match">^[ ]*flush[ ]+=[ ]+(\S+)[ ]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_max_log_file:obj:1" version="2">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
      <!-- Require at least one space before and after the equal sign -->
      <ind:pattern operation="pattern match">^[ ]*max_log_file[ ]+=[ ]+(\d+)[ ]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_max_log_file_action:obj:1" version="2">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
      <!-- Require at least one space before and after the equal sign -->
      <ind:pattern operation="pattern match">^[ ]*max_log_file_action[ ]+=[ ]+(\S+)[ ]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_num_logs:obj:1" version="2">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
      <!-- Require at least one space before and after the equal sign -->
      <ind:pattern operation="pattern match">^[ ]*num_logs[ ]+=[ ]+(\d+)[ ]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_auditd_data_retention_space_left_action:obj:1" version="2">
      <ind:filepath>/etc/audit/auditd.conf</ind:filepath>
      <!-- Allow only space (exactly) as delimiter: https://fedorahosted.org/audit/browser/trunk/src/auditd-config.c#L426 -->
      <!-- Require at least one space before and after the equal sign -->
      <ind:pattern operation="pattern match">^[ ]*space_left_action[ ]+=[ ]+(\S+)[ ]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_cups_disable_browsing_browsing_off:obj:1" version="2">
      <ind:filepath>/etc/cups/cupsd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*Browsing[\s]+(?:Off|No)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_cups_disable_browsing_browseallow:obj:1" version="2">
      <ind:filepath>/etc/cups/cupsd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*BrowseAllow[\s]+(?:none)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_cups_disable_printserver_disable_port:obj:1" version="2">
      <ind:filepath>/etc/cups/cupsd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*Port[\s]+(\d)+</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_cups_disable_printserver_use_listen:obj:1" version="2">
      <ind:filepath>/etc/cups/cupsd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*Listen[\s]+(?:localhost|127\.0\.0\.1|::1):(\d)+</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/httpd/conf/" id="oval:ssg-object_dir_perms_etc_httpd_conf:obj:1" version="1">
      <unix:path>/etc/httpd/conf</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <unix:file_object comment="/var/log/httpd/" id="oval:ssg-object_dir_perms_var_log_httpd:obj:1" version="1">
      <unix:path>/var/log/httpd</unix:path>
      <unix:filename xsi:nil="true"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_hostbasedauthentication:obj:1" version="2">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)HostbasedAuthentication(?-i)[\s]+yes[\s]*(?:|(?:#.*))?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_prelinking_disabled:obj:1" version="2">
      <ind:filepath>/etc/sysconfig/prelink</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*PRELINKING=no[\s]*</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_yum_ensure_gpgcheck_globally_activated:obj:1" comment="gpgcheck set in /etc/yum.conf" version="1">
      <ind:filepath>/etc/yum.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*gpgcheck\s*=\s*1\s*$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_dnf_ensure_gpgcheck_globally_activated:obj:1" comment="gpgcheck set in /etc/dnf/dnf.conf" version="1">
      <ind:filepath>/etc/dnf/dnf.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\s*gpgcheck\s*=\s*1\s*$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_logrotate_conf_daily_setting:obj:1" version="2">
      <!-- Read whole /etc/logrotate.conf at once (as single line) -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/logrotate.conf</ind:filepath>
      <!-- From the content extract the text chunk after the last (uncommented)
         occurrence of 'daily' keyword till the EOF (including the 'daily'
         string itself) -->
      <ind:pattern operation="pattern match">(?:daily)*.*(?=[\n][\s]*daily)(.*)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
      <!-- From the found object exclude that one containing some (uncommented)
         occurrence of (weekly / monthly / yearly) outside the {} block section
         of /etc/logrotate.conf -->
      <filter action="exclude">oval:ssg-state_another_rotate_interval_after_daily:ste:1</filter>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_cron_daily_logrotate_existence:obj:1" version="1">
      <ind:filepath>/etc/cron.daily/logrotate</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*/usr/sbin/logrotate[\s]*/etc/logrotate.conf(?:.*)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:rpminfo_object id="oval:ssg-object_package_gpg-pubkey:obj:1" version="1">
      <linux:name>gpg-pubkey</linux:name>
    </linux:rpminfo_object>
    <unix:file_object comment="binary directories" id="oval:ssg-object_file_ownership_binary_directories:obj:1" version="1">
      <!-- Check that /bin, /sbin, /usr/sbin, /usr/sbin, /usr/local/bin,
         /usr/local/sbin, and /usr/libexec directories belong to user with uid 0 (root) -->
      <unix:path operation="pattern match">^\/(|s)bin|^\/usr\/(|local\/)(|s)bin|^\/usr\/libexec</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_owner_binaries_not_root:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="binary files" id="oval:ssg-object_file_ownership_binary_files:obj:1" version="1">
      <!-- Check that files within /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin,
         /usr/local/sbin, and /usr/libexec directories belong to user with uid 0 (root) -->
      <unix:path operation="pattern match">^\/(|s)bin|^\/usr\/(|local\/)(|s)bin|^\/usr\/libexec</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_owner_binaries_not_root:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="library directories" id="oval:ssg-object_file_ownership_lib_dir:obj:1" version="1">
      <!-- Check that /lib, /lib64, /usr/lib, and /usr/lib64 directories belong to user with uid 0 (root) -->
      <unix:path operation="pattern match">^\/lib(|64)\/|^\/usr\/lib(|64)\/</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_owner_libraries_not_root:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="library files" id="oval:ssg-object_file_ownership_lib_files:obj:1" version="1">
      <!-- Check that files within /lib, /lib64, /usr/lib, and /usr/lib64 directories belong to user with uid 0 (root) -->
      <unix:path operation="pattern match">^\/lib(|64)\/|^\/usr\/lib(|64)\/</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_owner_libraries_not_root:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/var/log/audit directories" id="oval:ssg-object_ownership_var_log_audit_directories:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="all"/>
      <unix:path operation="equals">/var/log/audit</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_owner_not_root_root_var_log_audit:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/var/log/audit files" id="oval:ssg-object_ownership_var_log_audit_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="all"/>
      <unix:path operation="equals">/var/log/audit</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_owner_not_root_root_var_log_audit:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/var/log/audit directories" id="oval:ssg-object_ownership_var_log_audit_directories-non_root:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="all"/>
      <unix:path operation="equals">/var/log/audit</unix:path>
      <unix:filename xsi:nil="true"/>
      <filter action="include">oval:ssg-state_owner_not_root_var_log_audit-non_root:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/var/log/audit files" id="oval:ssg-object_ownership_var_log_audit_files-non_root:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="all"/>
      <unix:path operation="equals">/var/log/audit</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_owner_not_root_var_log_audit-non_root:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="binary files" id="oval:ssg-object_file_permissions_binary_files:obj:1" version="1">
      <!-- Check that binary files under /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin,
         /usr/local/sbin, and /usr/libexec directories have safe permissions (go-w) -->
      <unix:path operation="pattern match">^\/(|s)bin|^\/usr\/(|local\/)(|s)bin|^\/usr\/libexec</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_perms_binary_files_nogroupwrite_noworldwrite:ste:1</filter>
      <filter action="exclude">oval:ssg-state_perms_binary_files_symlink:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/etc/httpd/conf/* permissions" id="oval:ssg-object_file_permissions_httpd_server_conf_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/etc/httpd/conf</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
    </unix:file_object>
    <unix:file_object comment="all local files" id="oval:ssg-object_file_permissions_ungroupowned:obj:1" version="1">
      <!-- We can't traverse symlinks here since e.g. /sys file system might contain symlink loops
         resulting into excessive memory use by the scanner process & possible subsequent OOM killer
         termination of it. See e.g.: https://www.redhat.com/archives/open-scap-list/2014-May/msg00005.html
         Therefore traverse only directories -->
      <unix:behaviors recurse="directories" recurse_direction="down" recurse_file_system="local"/>
      <unix:path>/</unix:path>
      <unix:filename operation="pattern match">.*</unix:filename>
      <filter action="exclude">oval:ssg-state_file_permissions_ungroupowned:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-etc_group_object:obj:1" version="1">
      <ind:filepath>/etc/group</ind:filepath>
      <ind:pattern operation="pattern match">^[^:]+:[^:]*:([\d]+):[^:]*$</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/var/log/audit files" id="oval:ssg-object_var_log_audit_files-non_root:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/var/log/audit</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_not_mode_0640:ste:1</filter>
    </unix:file_object>
    <unix:file_object comment="/var/log/audit files" id="oval:ssg-object_var_log_audit_files:obj:1" version="1">
      <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local"/>
      <unix:path operation="equals">/var/log/audit</unix:path>
      <unix:filename operation="pattern match">^.*$</unix:filename>
      <filter action="include">oval:ssg-state_not_mode_0600:ste:1</filter>
    </unix:file_object>
    <ind:textfilecontent54_object comment="Banner for FTP Users" id="oval:ssg-object_test_ftp_present_banner:obj:1" version="1">
      <ind:filepath>/etc/vsftpd/vsftpd.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*banner_file[\s]*=[\s]*/etc/issue*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_gid_passwd_group_same_var:obj:1" version="1">
      <ind:filepath>/etc/group</ind:filepath>
      <!-- Group ID (GID) from /etc/group (3-rd column) captured as subexpression of this object -->
      <ind:pattern operation="pattern match">^.*:x:([0-9]+):</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_gid_passwd_group_same:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <!-- Group ID (GID) from /etc/passwd (4-th column) captured as subexpression of this object -->
      <ind:pattern operation="pattern match">^.*:[0-9]+:([0-9]+):</ind:pattern>
      <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object comment="/etc/shadow" id="oval:ssg-object_groupowner_shadow_file:obj:1" version="1">
      <unix:filepath>/etc/shadow</unix:filepath>
    </unix:file_object>
    <linux:rpminfo_object id="oval:ssg-obj_linuxshield_install_antivirus:obj:1" version="1">
      <linux:name>McAfeeVSEForLinux</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_mcafee_runtime_installed:obj:1" version="1">
      <linux:name>MFErt</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_mcafee_management_agent:obj:1" version="1">
      <linux:name>MFEcma</linux:name>
    </linux:rpminfo_object>
    <unix:file_object id="oval:ssg-object_mcafee_accm_exists:obj:1" version="1">
      <unix:path>/opt/McAfee/accm/bin</unix:path>
      <unix:filename>accm</unix:filename>
    </unix:file_object>
    <linux:rpminfo_object id="oval:ssg-obj_mcafee_hbss_hips_installed:obj:1" version="1">
      <linux:name>MFEhiplsm</linux:name>
    </linux:rpminfo_object>
    <unix:file_object id="oval:ssg-object_mcafee_auditengine_exists:obj:1" version="1">
      <unix:path>/opt/McAfee/auditengine/bin</unix:path>
      <unix:filename>auditmanager</unix:filename>
    </unix:file_object>
    <linux:rpminfo_object id="oval:ssg-obj_centos6:obj:1" version="1">
      <linux:name>centos-release</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_centos7:obj:1" version="1">
      <linux:name>centos-release</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-object_fedora_release_rpm:obj:1" version="1">
      <linux:name>fedora-release</linux:name>
    </linux:rpminfo_object>
    <ind:textfilecontent54_object id="oval:ssg-object_fedora_vendor_product:obj:1" version="1">
      <ind:filepath>/etc/system-release-cpe</ind:filepath>
      <ind:pattern operation="pattern match">^cpe:\/o:fedoraproject:fedora:[\d]+$</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:family_object id="oval:ssg-object_unix_family:obj:1" version="1"/>
    <linux:rpminfo_object id="oval:ssg-obj_rhel_workstation:obj:1" version="1">
      <linux:name>redhat-release-workstation</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_rhel_server:obj:1" version="1">
      <linux:name>redhat-release-server</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_rhel_computenode:obj:1" version="1">
      <linux:name>redhat-release-computenode</linux:name>
    </linux:rpminfo_object>
    <ind:family_object id="oval:ssg-obj_rhel7_unix_family:obj:1" version="1"/>
    <linux:rpminfo_object id="oval:ssg-obj_rhel7_workstation:obj:1" version="1">
      <linux:name>redhat-release-workstation</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_rhel7_server:obj:1" version="1">
      <linux:name>redhat-release-server</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_rhel7_computenode:obj:1" version="1">
      <linux:name>redhat-release-computenode</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_sl6:obj:1" version="1">
      <linux:name>sl-release</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_sl7:obj:1" version="1">
      <linux:name>sl-release</linux:name>
    </linux:rpminfo_object>
    <ind:family_object id="oval:ssg-obj_unix_wrlinux:obj:1" version="1"/>
    <unix:file_object version="1" id="oval:ssg-obj_test_wrlinux:obj:1">
      <unix:filepath>/etc/wrlinux-release</unix:filepath>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-object_logwatch_configured_hostlimit:obj:1" version="1">
      <ind:filepath>/etc/logwatch/conf/logwatch.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]HostLimit[\s]*=[\s]*no[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_logwatch_configured_splithosts:obj:1" version="1">
      <ind:filepath>/etc/logwatch/conf/logwatch.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]SplitHosts[\s]*=[\s]*yes[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:partition_object id="oval:ssg-object_dev_shm_partition_nodev:obj:1" version="1">
      <linux:mount_point>/dev/shm</linux:mount_point>
    </linux:partition_object>
    <linux:partition_object id="oval:ssg-object_dev_shm_partition_noexec:obj:1" version="1">
      <linux:mount_point>/dev/shm</linux:mount_point>
    </linux:partition_object>
    <linux:partition_object id="oval:ssg-object_dev_shm_partition_nosuid:obj:1" version="1">
      <linux:mount_point>/dev/shm</linux:mount_point>
    </linux:partition_object>
    <linux:partition_object id="oval:ssg-object_non_root_partitions:obj:1" version="1">
      <!-- look at all partitions except root -->
      <linux:mount_point operation="pattern match">^/\w.*$</linux:mount_point>
      <filter action="include">oval:ssg-state_local_nodev:ste:1</filter>
    </linux:partition_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nodev_etc_fstab_cd_dvd_drive:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match" datatype="string" var_ref="oval:ssg-variable_cd_dvd_drive_regex_pattern:var:1" var_check="at least one"/>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:partition_object id="oval:ssg-object_nodev_runtime_cd_dvd_drive:obj:1" version="1">
      <!-- CD / DVD drive can be mounted under any mount_point. We don't know ahead its exact name.
         => Capture all & filter out only the relevant ones via the corresponding state -->
      <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
      <!-- Therefore from all the captured mount points select only those having
         device set to some CD / DVD drive alternative name and simultaneously
         having 'nodev' mount option used -->
      <filter action="include">oval:ssg-state_nodev_runtime_cd_dvd_drive:ste:1</filter>
    </linux:partition_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nodev_etc_fstab_not_cd_dvd_drive:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match" datatype="string" var_ref="oval:ssg-variable_not_cd_dvd_drive_regex_pattern:var:1" var_check="at least one"/>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:partition_object id="oval:ssg-object_nodev_runtime_not_cd_dvd_drive:obj:1" version="1">
      <!-- Removable partition can be mounted under any mount point. We don't know it's
         exact name ahead => capture all & filter out only those relevant later via state -->
      <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
      <!-- From all the captured mount points select only those having device equal
         to 'var_removable_partition' variable value and simultaneously having
         'nodev' mount option set -->
      <filter action="include">oval:ssg-state_nodev_runtime_not_cd_dvd_drive:ste:1</filter>
    </linux:partition_object>
    <ind:textfilecontent54_object id="oval:ssg-object_noexec_etc_fstab_cd_dvd_drive:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match" datatype="string" var_ref="oval:ssg-variable_cd_dvd_drive_regex_pattern:var:1" var_check="at least one"/>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:partition_object id="oval:ssg-object_noexec_runtime_cd_dvd_drive:obj:1" version="1">
      <!-- CD / DVD drive can be mounted under any mount_point. We don't know ahead its exact name.
         => Capture all & filter out only the relevant ones via the corresponding state -->
      <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
      <!-- Therefore from all the captured mount points select only those having
         device set to some CD / DVD drive alternative name and simultaneously
         having 'noexec' mount option used -->
      <filter action="include">oval:ssg-state_noexec_runtime_cd_dvd_drive:ste:1</filter>
    </linux:partition_object>
    <ind:textfilecontent54_object id="oval:ssg-object_noexec_etc_fstab_not_cd_dvd_drive:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match" datatype="string" var_ref="oval:ssg-variable_not_cd_dvd_drive_regex_pattern:var:1" var_check="at least one"/>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:partition_object id="oval:ssg-object_noexec_runtime_not_cd_dvd_drive:obj:1" version="1">
      <!-- Removable partition can be mounted under any mount point. We don't know it's
         exact name ahead => Capture all & filter out only those relevant later via state -->
      <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
      <!-- From all the captured mount points select only those having device equal
         to 'var_removable_partition' variable value and simultaneously having
         'noexec' mount option set -->
      <filter action="include">oval:ssg-state_noexec_runtime_not_cd_dvd_drive:ste:1</filter>
    </linux:partition_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nosuid_etc_fstab_cd_dvd_drive:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match" datatype="string" var_ref="oval:ssg-variable_cd_dvd_drive_regex_pattern:var:1" var_check="at least one"/>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:partition_object id="oval:ssg-object_nosuid_runtime_cd_dvd_drive:obj:1" version="1">
      <!-- CD / DVD drive can be mounted under any mount_point. We don't know ahead its exact name.
         => Capture all & filter out only the relevant ones via the corresponding state -->
      <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
      <!-- Therefore from all the captured mount points select only those having
         device set to some CD / DVD drive alternative name and simultaneously
         having 'nosuid' mount option used -->
      <filter action="include">oval:ssg-state_nosuid_runtime_cd_dvd_drive:ste:1</filter>
    </linux:partition_object>
    <ind:textfilecontent54_object id="oval:ssg-object_nosuid_etc_fstab_not_cd_dvd_drive:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match" datatype="string" var_ref="oval:ssg-variable_not_cd_dvd_drive_regex_pattern:var:1" var_check="at least one"/>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:partition_object id="oval:ssg-object_nosuid_runtime_not_cd_dvd_drive:obj:1" version="1">
      <!-- Removable partition can be mounted under any mount point. We don't know it's
         exact name ahead => capture all & filter out only those relevant later via state -->
      <linux:mount_point operation="pattern match">^.*$</linux:mount_point>
      <!-- From all the captured mount points select only those having device equal
         to 'var_removable_partition' variable value and simultaneously having
         'nosuid' mount option set -->
      <filter action="include">oval:ssg-state_nosuid_runtime_not_cd_dvd_drive:ste:1</filter>
    </linux:partition_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_20340111:obj:1" version="1">
      <ind:filepath>/etc/fstab</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*[\S]+[\s]+[\S]+[\s]+cifs[\s]+([\S]+)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_20340112:obj:1" version="1">
      <ind:filepath>/etc/mtab</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*[\S]+[\s]+[\S]+[\s]+cifs[\s]+([\S]+)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <linux:partition_object id="oval:ssg-object_tmp_nodev_partition:obj:1" version="1">
      <linux:mount_point>/tmp</linux:mount_point>
    </linux:partition_object>
    <linux:partition_object id="oval:ssg-object_tmp_noexec_partition:obj:1" version="1">
      <linux:mount_point>/tmp</linux:mount_point>
    </linux:partition_object>
    <linux:partition_object id="oval:ssg-object_tmp_nosuid_partition:obj:1" version="1">
      <linux:mount_point>/tmp</linux:mount_point>
    </linux:partition_object>
    <linux:partition_object id="oval:ssg-object_mount_option_var_tmp:obj:1" version="1">
      <linux:mount_point operation="pattern match">/var/tmp</linux:mount_point>
    </linux:partition_object>
    <ind:textfilecontent54_object comment="look for the partition mount point in /etc/mtab" id="oval:ssg-object_mount_option_var_tmp_bind:obj:1" version="1">
      <ind:filepath>/etc/mtab</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*/tmp[\s]+/var/tmp[\s]+.*bind.*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">
    1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sysconfig_nozeroconf_yes:obj:1" version="1">
      <ind:filepath>/etc/sysconfig/network</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*NOZEROCONF[\s]*=[\s]*yes</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="Test for udp6 based rpc services" id="oval:ssg-obj_network_ipv6_disable_rpc_udp6:obj:1" version="1">
      <ind:filepath>/etc/netconfig</ind:filepath>
      <ind:pattern operation="pattern match">^udp6\s+tpi_clts\s+v\s+inet6\s+udp\s+-\s+-$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="Test for tcp6 based rpc services" id="oval:ssg-obj_network_ipv6_disable_rpc_tcp6:obj:1" version="1">
      <ind:filepath>/etc/netconfig</ind:filepath>
      <ind:pattern operation="pattern match">^tcp6\s+tpi_cots_ord\s+v\s+inet6\s+tcp\s+-\s+-$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:interface_object id="oval:ssg-object_promisc_interfaces:obj:1" version="1">
      <unix:name operation="pattern match">^.*$</unix:name>
      <filter action="include">oval:ssg-state_promisc:ste:1</filter>
    </unix:interface_object>
    <ind:textfilecontent54_object comment="/etc/securetty file exists" id="oval:ssg-object_etc_securetty_exists:obj:1" version="1">
      <ind:filepath>/etc/securetty</ind:filepath>
      <ind:pattern operation="pattern match">^.*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="no entries /etc/securetty" id="oval:ssg-object_no_direct_root_logins:obj:1" version="1">
      <ind:filepath>/etc/securetty</ind:filepath>
      <ind:pattern operation="pattern match">^$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_no_insecure_locks_exports:obj:1" version="2">
      <ind:filepath>/etc/exports</ind:filepath>
      <ind:pattern operation="pattern match">^(.*?(\binsecure_locks\b)[^$]*)$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_last_uid_min_from_etc_login_defs:obj:1" version="1">
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/login.defs</ind:filepath>
      <!-- Last (uncommented) instance od UID_MIN directive -->
      <ind:pattern operation="pattern match">.*\n(?!#|SYS_)(UID_MIN[\s]+[\d]+)\s*\n</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_last_sys_uid_min_from_etc_login_defs:obj:1" version="1">
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/login.defs</ind:filepath>
      <!-- Last (uncommented) instance of SYS_UID_MIN directive -->
      <ind:pattern operation="pattern match">.*\n[^#]*(SYS_UID_MIN[\s]+[\d]+)\s*\n</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_last_sys_uid_max_from_etc_login_defs:obj:1" version="1">
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/login.defs</ind:filepath>
      <!-- Last (uncommented) instance of SYS_UID_MAX directive -->
      <ind:pattern operation="pattern match">.*\n[^#]*(SYS_UID_MAX[\s]+[\d]+)\s*\n</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_passwd_entries:obj:1" version="1">
      <ind:filepath>/etc/passwd</ind:filepath>
      <ind:pattern operation="pattern match">^(?!root).*:x:([\d]+):[\d]+:[^:]*:[^:]*:(?!\/sbin\/nologin|\/bin\/sync|\/sbin\/shutdown|\/sbin\/halt).*$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-object_shell_defined_default_uid_range:obj:1" version="1">
      <ind:var_ref>oval:ssg-variable_default_range_quad_expr:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:variable_object id="oval:ssg-object_shell_defined_reserved_uid_range:obj:1" version="1">
      <ind:var_ref>oval:ssg-variable_reserved_range_quad_expr:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:variable_object id="oval:ssg-object_shell_defined_dynalloc_uid_range:obj:1" version="1">
      <ind:var_ref>oval:ssg-variable_dynalloc_range_quad_expr:var:1</ind:var_ref>
    </ind:variable_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_aide_installed:obj:1" version="1">
      <linux:name>aide</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_audit_installed:obj:1" version="1">
      <linux:name>audit</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_bind_removed:obj:1" version="1">
      <linux:name>bind</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_dhcp_removed:obj:1" version="1">
      <linux:name>dhcp</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_dovecot_removed:obj:1" version="1">
      <linux:name>dovecot</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_httpd_removed:obj:1" version="1">
      <linux:name>httpd</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_mcstrans_removed:obj:1" version="1">
      <linux:name>mcstrans</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_net-snmp_removed:obj:1" version="1">
      <linux:name>net-snmp</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_ntp_installed:obj:1" version="1">
      <linux:name>ntp</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_openldap-servers_removed:obj:1" version="1">
      <linux:name>openldap-servers</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_prelink_removed:obj:1" version="1">
      <linux:name>prelink</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_rsh_removed:obj:1" version="1">
      <linux:name>rsh</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_rsyslog_installed:obj:1" version="1">
      <linux:name>rsyslog</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_samba-common_installed:obj:1" version="1">
      <linux:name>samba-common</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_screen_installed:obj:1" version="1">
      <linux:name>screen</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_sendmail_removed:obj:1" version="1">
      <linux:name>sendmail</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_setroubleshoot_removed:obj:1" version="1">
      <linux:name>setroubleshoot</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_squid_removed:obj:1" version="1">
      <linux:name>squid</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_talk-server_removed:obj:1" version="1">
      <linux:name>talk-server</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_talk_removed:obj:1" version="1">
      <linux:name>talk</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_telnet_removed:obj:1" version="1">
      <linux:name>telnet</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_tftp_removed:obj:1" version="1">
      <linux:name>tftp</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_vsftpd_installed:obj:1" version="1">
      <linux:name>vsftpd</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_xorg-x11-server-common_removed:obj:1" version="1">
      <linux:name>xorg-x11-server-common</linux:name>
    </linux:rpminfo_object>
    <linux:rpminfo_object id="oval:ssg-obj_package_ypserv_removed:obj:1" version="1">
      <linux:name>ypserv</linux:name>
    </linux:rpminfo_object>
    <linux:partition_object id="oval:ssg-object_mount_var_log_own_partition:obj:1" version="1">
      <linux:mount_point>/var/log</linux:mount_point>
    </linux:partition_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_postfix_server_banner:obj:1" version="1">
      <ind:filepath>/etc/postfix/main.cf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*smtpd_banner[\s]*=[\s]*\$myhostname[\s]+ESMTP[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:file_object id="oval:ssg-object_removable_partition_doesnt_exist:obj:1" version="1">
      <unix:filepath var_ref="oval:ssg-var_removable_partition:var:1" var_check="at least one"/>
    </unix:file_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_require_smb_client_signing:obj:1" version="1">
      <ind:filepath>/etc/samba/smb.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*client[\s]+signing[\s]*=[\s]*mandatory</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="serial ports /etc/securetty" id="oval:ssg-object_serial_ports_etc_securetty:obj:1" version="1">
      <ind:filepath>/etc/securetty</ind:filepath>
      <ind:pattern operation="pattern match">^ttyS[0-9]+$</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:environmentvariable58_object id="oval:ssg-object_root_path_no_dot:obj:1" version="1">
      <ind:pid xsi:nil="true" datatype="int"/>
      <ind:name>PATH</ind:name>
    </ind:environmentvariable58_object>
    <linux:rpmverifyfile_object id="oval:ssg-object_files_fail_user_ownership:obj:1" version="1" comment="rpm verify of all files">
      <linux:behaviors nomd5="true" noghostfiles="true"/>
      <linux:name operation="pattern match">.*</linux:name>
      <linux:epoch operation="pattern match">.*</linux:epoch>
      <linux:version operation="pattern match">.*</linux:version>
      <linux:release operation="pattern match">.*</linux:release>
      <linux:arch operation="pattern match">.*</linux:arch>
      <linux:filepath operation="pattern match">.*</linux:filepath>
      <filter action="include">oval:ssg-state_files_fail_user_ownership:ste:1</filter>
    </linux:rpmverifyfile_object>
    <linux:rpmverifyfile_object id="oval:ssg-object_files_fail_group_ownership:obj:1" version="1" comment="rpm verify of all files">
      <linux:behaviors nomd5="true" noghostfiles="true"/>
      <linux:name operation="pattern match">.*</linux:name>
      <linux:epoch operation="pattern match">.*</linux:epoch>
      <linux:version operation="pattern match">.*</linux:version>
      <linux:release operation="pattern match">.*</linux:release>
      <linux:arch operation="pattern match">.*</linux:arch>
      <linux:filepath operation="pattern match">.*</linux:filepath>
      <filter action="include">oval:ssg-state_files_fail_group_ownership:ste:1</filter>
    </linux:rpmverifyfile_object>
    <linux:rpmverifyfile_object id="oval:ssg-object_files_fail_mode:obj:1" version="1" comment="rpm verify of all files">
      <linux:behaviors nomd5="true" noghostfiles="true"/>
      <linux:name operation="pattern match">.*</linux:name>
      <linux:epoch operation="pattern match">.*</linux:epoch>
      <linux:version operation="pattern match">.*</linux:version>
      <linux:release operation="pattern match">.*</linux:release>
      <linux:arch operation="pattern match">.*</linux:arch>
      <linux:filepath operation="pattern match">.*</linux:filepath>
      <filter action="include">oval:ssg-state_files_fail_mode:ste:1</filter>
    </linux:rpmverifyfile_object>
    <ind:textfilecontent54_object id="oval:ssg-object_rsyslog_nolisten:obj:1" version="2">
      <ind:filepath>/etc/rsyslog.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*\$(?:Input(?:TCP|RELP)|UDP)ServerRun</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_remote_loghost_rsyslog_conf:obj:1" version="1">
      <ind:filepath>/etc/rsyslog.conf</ind:filepath>
      <ind:pattern operation="pattern match">^\*\.\*[\s]+(?:@|\:omrelp\:)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_remote_loghost_rsyslog_d:obj:1" version="1">
      <ind:path>/etc/rsyslog.d</ind:path>
      <ind:filename operation="pattern match">.*</ind:filename>
      <ind:pattern operation="pattern match">^\*\.\*[\s]+(?:@|\:omrelp\:)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_selinux_policy:obj:1" version="1">
      <ind:filepath>/etc/selinux/config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*SELINUXTYPE[\s]*=[\s]*([^\s]*)</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_etc_selinux_config:obj:1" version="1">
      <ind:filepath>/etc/selinux/config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*SELINUX[\s]*=[\s]*(.*)[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object comment="The password hashing algorithm should be set correctly in /etc/libuser.conf" id="oval:ssg-object_etc_libuser_conf_cryptstyle:obj:1" version="1">
      <ind:filepath>/etc/libuser.conf</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*crypt_style[\s]+=[\s]+(?i)sha512[\s]*$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_last_encrypt_method_from_etc_login_defs:obj:1" version="1">
      <!-- Read whole /etc/login.defs as single line so we can retrieve last ENCRYPT_METHOD directive occurrence -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/login.defs</ind:filepath>
      <!-- Retrieve last (uncommented) occurrence of ENCRYPT_METHOD directive -->
      <ind:pattern operation="pattern match">.*\n[^#]*(ENCRYPT_METHOD\s+\w+)\s*\n</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-object_last_encrypt_method_instance_value:obj:1" version="1">
      <ind:var_ref>oval:ssg-variable_last_encrypt_method_instance_value:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_allow_only_protocol2:obj:1" version="3">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)Protocol[\s]+2[\s]*(?:|(?:#.*))?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_permitemptypasswords_no:obj:1" version="2">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)PermitEmptyPasswords(?-i)[\s]+no[\s]*(?:|(?:#.*))?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_rsh_emulation_disabled:obj:1" version="2">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)IgnoreRhosts(?-i)[\s]+no[\s]*(?:|(?:#.*))?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_disable_rhosts_rsa:obj:1" version="2">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)RhostsRSAAuthentication(?-i)[\s]+no[\s]*(?:|(?:#.*))?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_disable_user_known_hosts:obj:1" version="2">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)IgnoreUserKnownHosts(?-i)[\s]+yes[\s]*(?:|(?:#.*))?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_no_user_envset:obj:1" version="2">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)PermitUserEnvironment(?-i)[\s]+no[\s]*(?:|(?:#.*))?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_sshd_idle_timeout:obj:1" version="2">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)ClientAliveInterval[\s]+(\d+)[\s]*(?:|(?:#.*))?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-obj_sshd_clientalivecountmax:obj:1" version="2">
      <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)ClientAliveCountMax[\s]+([\d]+)[\s]*(?:|(?:#.*))?$</ind:pattern>
      <ind:instance datatype="int">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:sysctl_object id="oval:ssg-object_runtime_kernel_dmesg_restrict:obj:1" version="1">
      <unix:name>kernel.dmesg_restrict</unix:name>
    </unix:sysctl_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_sysctld_kernel_dmesg_restrict:obj:1" version="1">
      <!-- Read whole /etc/sysctl.d/* file as a single line so we can retrieve the last kernel.dmesg_restrict directive instance -->
      <ind:behaviors singleline="true"/>
      <ind:path>/etc/sysctl.d</ind:path>
      <!-- apply_sysctl() routine from /etc/init.d/functions on RHEL-6 applies sysctl configuration from each /etc/sysctl.d/*
         file: https://git.fedorahosted.org/cgit/initscripts.git/tree/rc.d/init.d/functions?h=rhel6-branch#n646 -->
      <ind:filename operation="pattern match">^.*$</ind:filename>
      <ind:pattern operation="pattern match">(?:^|.*\n)[^#]*kernel.dmesg_restrict[\s]*=[\s]*(\d+)[\s]*\n</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:textfilecontent54_object id="oval:ssg-object_static_etc_sysctl_kernel_dmesg_restrict:obj:1" version="1">
      <!-- Read whole /etc/sysctl.conf file as a single line so we can retrieve the last kernel.dmesg_restrict directive instance -->
      <ind:behaviors singleline="true"/>
      <ind:filepath>/etc/sysctl.conf</ind:filepath>
      <ind:pattern operation="pattern match">(?:^|.*\n)[^#]*kernel.dmesg_restrict[\s]*=[\s]*(\d+)[\s]*\n</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <unix:uname_object comment="64 bit architecture" id="oval:ssg-object_system_info_architecture_ppc_64:obj:1" version="1"/>
    <unix:uname_object comment="64 bit architecture" id="oval:ssg-object_system_info_architecture_ppcle_64:obj:1" version="1"/>
    <ind:textfilecontent54_object id="oval:ssg-obj_umask_from_etc_init_d_functions:obj:1" comment="Umask value from /etc/init.d/functions" version="1">
      <ind:filepath>/etc/init.d/functions</ind:filepath>
      <ind:pattern operation="pattern match">^[\s]*(?i)UMASK(?-i)[\s]+([^#\s]*)</ind:pattern>
      <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
    </ind:textfilecontent54_object>
    <ind:variable_object id="oval:ssg-obj_umask_for_daemons:obj:1" version="1">
      <ind:var_ref>oval:ssg-var_etc_init_d_functions_umask_as_number:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:variable_object id="oval:ssg-object_var_accounts_user_umask_umask_as_number:obj:1" version="1">
      <ind:var_ref>oval:ssg-var_accounts_user_umask_umask_as_number:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:variable_object id="oval:ssg-object_var_removable_partition_is_cd_dvd_drive:obj:1" version="1">
      <ind:var_ref>oval:ssg-var_removable_partition:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:variable_object id="oval:ssg-object_var_umask_for_daemons_umask_as_number:obj:1" version="1">
      <ind:var_ref>oval:ssg-var_umask_for_daemons_umask_as_number:var:1</ind:var_ref>
    </ind:variable_object>
    <ind:textfilecontent54_object id="oval:ssg-object_wireless_disable_interfaces:obj:1" version="1">
      <ind:filepath>/proc/net/wireless</ind:filepath>
      <ind:pattern operation="pattern match">^\s*[-\w]+:</ind:pattern>
      <ind:instance datatype="int" operation="equals">1</ind:instance>
    </ind:textfilecontent54_object>
  </objects>
  <states>
    <ind:textfilecontent54_state id="oval:ssg-state_etc_default_useradd_inactive:ste:1" version="1">
      <ind:subexpression operation="less than or equal" var_ref="oval:ssg-var_account_disable_post_pw_expiration:var:1" datatype="int"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_etc_default_useradd_inactive_nonnegative:ste:1" version="1">
      <ind:subexpression operation="greater than" datatype="int">-1</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:environmentvariable58_state comment="starts with colon or period" id="oval:ssg-state_path_begins_colon_period:ste:1" version="1">
      <ind:value operation="pattern match">^[:\.]</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="colon twice in a row" id="oval:ssg-state_path_contains_double_colon:ste:1" version="1">
      <ind:value operation="pattern match">::</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="period twice in a row" id="oval:ssg-state_path_contains_double_period:ste:1" version="1">
      <ind:value operation="pattern match">\.\.</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="ends with colon or period" id="oval:ssg-state_path_ends_colon_period:ste:1" version="1">
      <ind:value operation="pattern match">[:\.]$</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="begins with a slash" id="oval:ssg-state_path_begins_slash:ste:1" version="1">
      <ind:value operation="pattern match">^[^/]</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="elements begin with a slash" id="oval:ssg-state_path_contains_relative_path:ste:1" version="1">
      <ind:value operation="pattern match">[^\\]:[^/]</ind:value>
    </ind:environmentvariable58_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_fail_delay_logindefs:ste:1" version="1">
      <ind:subexpression operation="greater than or equal" datatype="int">4</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_fail_delay_systemauth:ste:1" version="1">
      <ind:subexpression operation="greater than or equal" datatype="int">4000000</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_fail_delay_systemauthac:ste:1" version="1">
      <ind:subexpression operation="greater than or equal" datatype="int">4000000</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:environmentvariable58_state comment="starts with colon or period" id="oval:ssg-state_ld_library_path_begins_colon_period:ste:1" version="1">
      <ind:value operation="pattern match">^[:\.]</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="colon twice in a row" id="oval:ssg-state_ld_library_path_contains_double_colon:ste:1" version="1">
      <ind:value operation="pattern match">::</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="period twice in a row" id="oval:ssg-state_ld_library_path_contains_double_period:ste:1" version="1">
      <ind:value operation="pattern match">\.\.</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="ends with colon or period" id="oval:ssg-state_ld_library_path_ends_colon_period:ste:1" version="1">
      <ind:value operation="pattern match">[:\.]$</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="begins with a slash" id="oval:ssg-state_ld_library_path_begins_slash:ste:1" version="1">
      <ind:value operation="pattern match">^[^/]</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="elements begin with a slash" id="oval:ssg-state_ld_library_path_contains_relative_path:ste:1" version="1">
      <ind:value operation="pattern match">[^\\]:[^/]</ind:value>
    </ind:environmentvariable58_state>
    <ind:textfilecontent54_state id="oval:ssg-state_maxlogins:ste:1" version="1">
      <ind:subexpression operation="less than or equal" var_ref="oval:ssg-max_concurrent_login_sessions_value:var:1" datatype="int"/>
    </ind:textfilecontent54_state>
    <unix:shadow_state comment="Users" id="oval:ssg-state_accounts_maximum_age_login_defs_users:ste:1" version="1">
      <unix:chg_req operation="less than or equal" var_ref="oval:ssg-var_accounts_maximum_age_login_defs:var:1" datatype="int"/>
    </unix:shadow_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_maximum_age_login_defs:ste:1" version="1">
      <ind:subexpression operation="less than or equal" var_ref="oval:ssg-var_accounts_maximum_age_login_defs:var:1" datatype="int"/>
    </ind:textfilecontent54_state>
    <unix:shadow_state comment="Users" id="oval:ssg-state_accounts_minimum_age_login_defs_users:ste:1" version="1">
      <unix:chg_allow operation="greater than or equal" var_ref="oval:ssg-var_accounts_minimum_age_login_defs:var:1" datatype="int"/>
    </unix:shadow_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_minimum_age_login_defs:ste:1" version="1">
      <ind:subexpression operation="greater than or equal" var_ref="oval:ssg-var_accounts_minimum_age_login_defs:var:1" datatype="int"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_password_pam_cracklib_dcredit:ste:1" version="1">
      <ind:instance datatype="int">1</ind:instance>
      <ind:subexpression datatype="int" operation="less than or equal" var_ref="oval:ssg-var_password_pam_cracklib_dcredit:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_password_pam_cracklib_difok:ste:1" version="1">
      <ind:instance datatype="int">1</ind:instance>
      <ind:subexpression datatype="int" operation="greater than or equal" var_ref="oval:ssg-var_password_pam_cracklib_difok:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_password_pam_cracklib_lcredit:ste:1" version="1">
      <ind:instance datatype="int">1</ind:instance>
      <ind:subexpression datatype="int" operation="less than or equal" var_ref="oval:ssg-var_password_pam_cracklib_lcredit:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_password_pam_cracklib_maxrepeat:ste:1" version="1">
      <ind:instance datatype="int">1</ind:instance>
      <ind:subexpression datatype="int" operation="greater than or equal" var_ref="oval:ssg-var_password_pam_cracklib_maxrepeat:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_password_pam_cracklib_minlen:ste:1" version="1">
      <ind:instance datatype="int">1</ind:instance>
      <ind:subexpression datatype="int" operation="greater than or equal" var_ref="oval:ssg-var_password_pam_cracklib_minlen:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_password_pam_cracklib_ocredit:ste:1" version="1">
      <ind:instance datatype="int">1</ind:instance>
      <ind:subexpression datatype="int" operation="less than or equal" var_ref="oval:ssg-var_password_pam_cracklib_ocredit:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_password_pam_cracklib_ucredit:ste:1" version="1">
      <ind:instance datatype="int">1</ind:instance>
      <ind:subexpression datatype="int" operation="less than or equal" var_ref="oval:ssg-var_password_pam_cracklib_ucredit:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_password_pam_tally2_deny_system-auth:ste:1" version="1">
      <ind:subexpression datatype="int" operation="equals" var_ref="oval:ssg-var_accounts_password_pam_tally_deny:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_password_pam_unix_remember:ste:1" version="1">
      <ind:subexpression datatype="int" operation="greater than or equal" var_ref="oval:ssg-password_history_retain_number:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_password_pam_unix_remember_systemauthac:ste:1" version="1">
      <ind:subexpression datatype="int" operation="greater than or equal" var_ref="oval:ssg-password_history_retain_number:var:1"/>
    </ind:textfilecontent54_state>
    <unix:file_state id="oval:ssg-state_accounts_root_path_dirs_no_write:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_invalid_umask_system:ste:1" version="1">
      <ind:subexpression operation="not equal" var_check="all" var_ref="oval:ssg-var_accounts_user_umask:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_invalid_umask_user_home:ste:1" version="1">
      <ind:subexpression operation="not equal" var_check="all" var_ref="oval:ssg-var_accounts_user_umask:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_invalid_umask_user_root:ste:1" version="1">
      <ind:subexpression operation="not equal" var_check="all" var_ref="oval:ssg-var_accounts_user_umask:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_valid_umask_system:ste:1" version="1">
      <ind:subexpression operation="equals" var_check="all" var_ref="oval:ssg-var_accounts_user_umask:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_valid_umask_user_home:ste:1" version="1">
      <ind:subexpression operation="equals" var_check="all" var_ref="oval:ssg-var_accounts_user_umask:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_valid_umask_user_root:ste:1" version="1">
      <ind:subexpression operation="equals" var_check="all" var_ref="oval:ssg-var_accounts_user_umask:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_unique_name:ste:1" version="1">
      <ind:subexpression operation="equals" var_ref="oval:ssg-var_accounts_unique_name:var:1" var_check="only one" datatype="string"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_unique_id:ste:1" version="1">
      <ind:subexpression operation="equals" var_ref="oval:ssg-var_accounts_unique_id:var:1" var_check="only one" datatype="string"/>
    </ind:textfilecontent54_state>
    <unix:password_state id="oval:ssg-state_at_system_accounts_at_allow_root:ste:1" version="1">
      <unix:username operation="not equal">root</unix:username>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_at_system_accounts_at_allow_uid:ste:1" version="1">
      <unix:user_id datatype="int" operation="less than">500</unix:user_id>
    </unix:password_state>
    <ind:xmlfilecontent_state id="oval:ssg-state_banner_gui_enabled:ste:1" version="1">
      <ind:value_of datatype="string">true</ind:value_of>
    </ind:xmlfilecontent_state>
    <ind:xmlfilecontent_state id="oval:ssg-state_set_gdm_login_banner_text:ste:1" version="1">
      <ind:value_of datatype="string" operation="pattern match" var_check="all" var_ref="oval:ssg-gui_login_banner_text:var:1"/>
    </ind:xmlfilecontent_state>
    <ind:textfilecontent54_state id="oval:ssg-state_bootloader_password_hash:ste:1" version="1">
      <ind:subexpression operation="pattern match">^(md5|sha1|sha-256|sha-512)$</ind:subexpression>
    </ind:textfilecontent54_state>
    <unix:password_state id="oval:ssg-state_cron_system_accounts_cron_allow_root:ste:1" version="1">
      <unix:username operation="not equal">root</unix:username>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_cron_system_accounts_cron_allow_uid:ste:1" version="1">
      <unix:user_id datatype="int" operation="less than">500</unix:user_id>
    </unix:password_state>
    <ind:textfilecontent54_state id="oval:ssg-state_dhcp_client_disable_ddns:ste:1" version="1">
      <ind:subexpression operation="equals">false</ind:subexpression>
    </ind:textfilecontent54_state>
    <unix:file_state id="oval:ssg-state_world_writable_and_not_sticky:ste:1" version="1">
      <unix:sticky datatype="boolean">false</unix:sticky>
      <unix:owrite datatype="boolean">true</unix:owrite>
    </unix:file_state>
    <unix:file_state comment="uid greater than or equal to 500 and world writable" id="oval:ssg-state_gid_is_user_and_world_writable:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
      <unix:owrite datatype="boolean">true</unix:owrite>
    </unix:file_state>
    <ind:textfilecontent54_state id="oval:ssg-state_core_dumps_limitsconf:ste:1" version="1">
      <ind:subexpression operation="equals">0</ind:subexpression>
    </ind:textfilecontent54_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_aliases:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_aliases_files:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_audio_devices:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_audit_log:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_audit_tools:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_bin_traceroute:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state comment="uid greater than or equal to 500" id="oval:ssg-state_groupowner_usr_sbin_files_owner_is_user:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_core_dump_dir:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_crontab_dir:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_crontab_files:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_at_allow:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_at_deny:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_cron_allow:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_cron_deny:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_cups_printers_conf:ste:1" version="1">
      <unix:group_id operation="equals" var_ref="oval:ssg-var_file_groupowner_etc_cups_printers_conf_list:var:1" var_check="at least one" datatype="int" entity_check="at least one"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_exports:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_group:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_gshadow:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_hosts:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_ldap_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_nsswitch_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_ntp_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_passwd:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_resolv_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_samba_smb_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_samba_tdb:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_securetty:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_security_access_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_services:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_skel:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_sysctl_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_syslog_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_etc_xinetd_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_exports_dirs:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_ftpusers:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_global_initialization_files:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_grub_conf:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:password_state id="oval:ssg-state_file_groupowner_home_dirs_path_group:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_file_groupowner_home_dirs_path_nfs_group:ste:1" version="1">
      <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
    </unix:password_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_home_dirs:ste:1" version="1">
      <unix:group_id operation="equals" var_ref="oval:ssg-var_file_groupowner_home_dirs_group_list:var:1" var_check="only one" datatype="int"/>
    </unix:file_state>
    <unix:password_state id="oval:ssg-state_file_groupowner_home_files_path_group:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_file_groupowner_home_files_path_nfs_group:ste:1" version="1">
      <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
    </unix:password_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_home_files:ste:1" version="1">
      <unix:group_id operation="equals" var_ref="oval:ssg-var_file_groupowner_home_files_group_list:var:1" var_check="only one" datatype="int"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_ldap_cacerts:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_ldap_certs:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_ldap_keys:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:password_state id="oval:ssg-state_file_groupowner_local_initialization_files_path_group_home:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_file_groupowner_local_initialization_files_path_nfs_group_home:ste:1" version="1">
      <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
    </unix:password_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_local_initialization_files_home:ste:1" version="1">
      <unix:group_id operation="equals" var_ref="oval:ssg-var_file_groupowner_local_initialization_files_group_list_home:var:1" var_check="only one" datatype="int"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_local_initialization_files_root:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_local_initialization_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_run_control_scripts:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_shell_files:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_snmpd_conf_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_snmpd_conf:ste:1" version="1">
      <unix:group_id operation="equals" var_ref="oval:ssg-var_file_groupowner_snmpd_conf_list:var:1" var_check="at least one" datatype="int" entity_check="at least one"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_var_spool_at:ste:1" version="1">
      <unix:group_id operation="equals" var_ref="oval:ssg-var_file_groupowner_var_spool_at_list:var:1" var_check="at least one" datatype="int" entity_check="at least one"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_groupowner_var_yp:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_aliases:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_aliases_files:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_audio_devices:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_audit_log:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_audit_tools:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_bin_traceroute:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_core_dump_dir:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_crontab_dir:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_crontab_files:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_at_allow:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_at_deny:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_cron_allow:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_cron_deny:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_cups_printers_conf:ste:1" version="1">
      <unix:user_id operation="equals" var_ref="oval:ssg-var_file_owner_etc_cups_printers_conf_list:var:1" var_check="at least one" datatype="int" entity_check="at least one"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_exports:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_group:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_gshadow:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_hosts:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_ldap_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_nsswitch_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_ntp_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_passwd:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_resolv_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_samba_smb_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_samba_tdb:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_securetty:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_security_access_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_services:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_etc_shadow_uid_root:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_skel:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_sysctl_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_syslog_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_etc_xinetd_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_exports_dirs:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_ftpusers:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_global_initialization_files:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_grub_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:password_state id="oval:ssg-state_file_owner_home_dirs_path_user:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_file_owner_home_dirs_path_nfs_user:ste:1" version="1">
      <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
    </unix:password_state>
    <unix:file_state id="oval:ssg-state_file_owner_home_dirs:ste:1" version="1">
      <unix:user_id operation="equals" var_ref="oval:ssg-var_file_owner_home_dirs_user_list:var:1" var_check="only one" datatype="int"/>
    </unix:file_state>
    <unix:password_state id="oval:ssg-state_file_owner_home_files_path_group:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_file_owner_home_files_path_nfs_group:ste:1" version="1">
      <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
    </unix:password_state>
    <unix:file_state id="oval:ssg-state_file_owner_home_files:ste:1" version="1">
      <unix:user_id operation="equals" var_ref="oval:ssg-var_file_owner_home_files_group_list:var:1" var_check="only one" datatype="int"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_ldap_cacerts:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_ldap_certs:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_ldap_keys:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:password_state id="oval:ssg-state_file_owner_local_initialization_files_path_group_home:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_file_owner_local_initialization_files_path_nfs_group_home:ste:1" version="1">
      <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
    </unix:password_state>
    <unix:file_state id="oval:ssg-state_file_owner_local_initialization_files_home:ste:1" version="1">
      <unix:user_id operation="equals" var_ref="oval:ssg-var_file_owner_local_initialization_files_group_list_home:var:1" var_check="only one" datatype="int"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_local_initialization_files_root:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_local_initialization_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_run_control_scripts:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_shell_files:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_smtp_logs:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_snmpd_conf_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_snmpd_conf:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_var_spool_at:ste:1" version="1">
      <unix:user_id operation="equals" var_ref="oval:ssg-var_file_owner_var_spool_at_list:var:1" var_check="at least one" datatype="int" entity_check="at least one"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_owner_var_yp:ste:1" version="1">
      <unix:user_id datatype="int">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_aliases:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_aliases_files:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_audio_devices:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_audit_log:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_audit_tools:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_bin_traceroute:ste:1" version="1">
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_core_dump_dir:ste:1" version="1">
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_cron_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_cron_files:ste:1" version="1">
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_cron_log_files:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_crontab_dir:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_crontab_files:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_at_allow:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_at_deny:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_cron_allow:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_cron_deny:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_cups_printers_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_exports:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_group:ste:1" version="1">
      <unix:uread datatype="boolean">true</unix:uread>
      <unix:uwrite datatype="boolean">true</unix:uwrite>
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">true</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">true</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-_etc_gshadow_state_mode_0400:ste:1" version="1">
      <unix:suid datatype="boolean">false</unix:suid>
      <unix:sgid datatype="boolean">false</unix:sgid>
      <unix:sticky datatype="boolean">false</unix:sticky>
      <unix:uwrite datatype="boolean">false</unix:uwrite>
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_hosts:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_ldap_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_news_incoming_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_news_infeed_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_news_passwd_nntp:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_nsswitch_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_ntp_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-_etc_passwd_state_mode_0644:ste:1" version="1">
      <unix:suid datatype="boolean">false</unix:suid>
      <unix:sgid datatype="boolean">false</unix:sgid>
      <unix:sticky datatype="boolean">false</unix:sticky>
      <unix:uread datatype="boolean">true</unix:uread>
      <unix:uwrite datatype="boolean">true</unix:uwrite>
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">true</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">true</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_resolv_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_samba_smb_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_samba_tdb:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_securetty:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_security_access_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_services:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-_etc_shadow_state_mode_0400:ste:1" version="1">
      <unix:suid datatype="boolean">false</unix:suid>
      <unix:sgid datatype="boolean">false</unix:sgid>
      <unix:sticky datatype="boolean">false</unix:sticky>
      <unix:uwrite datatype="boolean">false</unix:uwrite>
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_skel:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_sysctl_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_syslog_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_xinetd:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_etc_xinetd_dir:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_aliases:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_aliases_files:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_audio_devices:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_audit_log:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_audit_tools:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_bin_traceroute:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_binary_dirs_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_binary_dirs:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_core_dump_dir:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_cron_log_files:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_crontab_dirs:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_crontab_files:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_at_allow:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_at_deny:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_cron_allow:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_cron_deny:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_cups_printers_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_exports:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_group:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_gshadow:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_hosts:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_ldap_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_news_incoming_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_news_infeed_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_news_nnrp_access:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_news_passwd_nntp:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_nsswitch_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_ntp_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_passwd:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_resolv_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_samba_smb_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_samba_tdb:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_security_access_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_services:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_shadow:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_skel:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_sysctl_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_syslog_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_xinetd_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_etc_xinetd_dir:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_ftpusers:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_global_initialization_files:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_grub_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_home_dirs_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_home_dirs:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_home_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_home_files:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_ldap_cacerts:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_ldap_certs:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_ldap_keys:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_library_dirs_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_library_dirs:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_local_initialization_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_local_initialization_files:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_man_pages:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_mib_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_mib_files:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_root_dir:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_run_control_scripts:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_shell_files:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_smtp_logs:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_snmpd_conf_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_snmpd_conf:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_usr_sbin_dir:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_var_log:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_var_spool_at:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_var_yp:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_extended_xauthority_files:ste:1" version="1">
      <unix:has_extended_acl datatype="boolean">false</unix:has_extended_acl>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_ftpusers:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_global_initialization_files:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_grub_conf:ste:1" version="1">
      <unix:uread datatype="boolean">true</unix:uread>
      <unix:uwrite datatype="boolean">true</unix:uwrite>
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:password_state id="oval:ssg-state_file_permissions_home_dirs_path_user:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_file_permissions_home_dirs_path_nfs_user:ste:1" version="1">
      <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
    </unix:password_state>
    <unix:file_state id="oval:ssg-state_home_dirs_wrong_perm:ste:1" version="1" operator="OR">
      <unix:suid datatype="boolean">true</unix:suid>
      <unix:sgid datatype="boolean">true</unix:sgid>
      <unix:sticky datatype="boolean">true</unix:sticky>
      <unix:gwrite datatype="boolean">true</unix:gwrite>
      <unix:oread datatype="boolean">true</unix:oread>
      <unix:owrite datatype="boolean">true</unix:owrite>
      <unix:oexec datatype="boolean">true</unix:oexec>
    </unix:file_state>
    <unix:password_state id="oval:ssg-state_file_permissions_home_files_path_user:ste:1" version="1">
      <unix:user_id datatype="int" operation="greater than or equal">500</unix:user_id>
    </unix:password_state>
    <unix:password_state id="oval:ssg-state_file_permissions_home_files_path_nfs_user:ste:1" version="1">
      <unix:username datatype="string" operation="equals">nfsnobody</unix:username>
    </unix:password_state>
    <unix:file_state id="oval:ssg-state_file_permissions_home_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_home_files:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_ldap_cacerts:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_ldap_certs:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_ldap_keys:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_permissions_library_dirs_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_perms_nogroupwrite_noworldwrite:ste:1" version="1" operator="OR">
      <unix:gwrite datatype="boolean">true</unix:gwrite>
      <unix:owrite datatype="boolean">true</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_local_initialization_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_local_initialization_files:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_man_pages:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_mib_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_mib_files:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_root_dir:ste:1" version="1">
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_run_control_scripts_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_run_control_scripts:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_shell_files:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_shell_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_smtp_logs:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_snmpd_conf_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_snmpd_conf:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_ssh_private_host_keys:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_ssh_public_host_keys:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_tftp_binary:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_unauthorized_world_write:ste:1" version="1">
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_unauthorized_world_write_proc:ste:1" version="1">
      <unix:path operation="pattern match">^(/proc|/tmp).*</unix:path>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_unauthorized_world_write_symlink:ste:1" version="1">
      <unix:type operation="equals">regular</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_usr_bin_ldd:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_usr_sbin_dir:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_usr_sbin_dir_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state comment="/var/log/wtmp" id="oval:ssg-state_file_permissions_var_log_wtmp:ste:1" version="1">
      <unix:filepath operation="pattern match">/var/log/wtmp*</unix:filepath>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_var_log:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_var_spool_at:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_var_yp:ste:1" version="1">
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:owrite datatype="boolean">false</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_file_permissions_xauthority_files:ste:1" version="1">
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:password_state id="oval:ssg-state_ftp_anonymous_shell:ste:1" version="3">
      <unix:login_shell datatype="string" operation="pattern match">^(/bin/false|/dev/null|/usr/bin/false|/bin/true|/sbin/nologin)$</unix:login_shell>
    </unix:password_state>
    <ind:xmlfilecontent_state id="oval:ssg-state_activated_on_idle:ste:1" version="1">
      <ind:value_of datatype="string">true</ind:value_of>
    </ind:xmlfilecontent_state>
    <ind:xmlfilecontent_state comment="idle timeout" id="oval:ssg-state_gnome_screensaver_idle_delay:ste:1" version="1">
      <ind:value_of datatype="int" operation="less than or equal" var_check="all" var_ref="oval:ssg-inactivity_timeout_value:var:1"/>
    </ind:xmlfilecontent_state>
    <ind:xmlfilecontent_state id="oval:ssg-state_screensaver_lock_enabled:ste:1" version="1">
      <ind:value_of datatype="string">true</ind:value_of>
    </ind:xmlfilecontent_state>
    <ind:family_state id="oval:ssg-state_centos4_unix_family:ste:1" version="1">
      <ind:family>unix</ind:family>
    </ind:family_state>
    <linux:rpminfo_state id="oval:ssg-state_centos_4:ste:1" version="1">
      <linux:version operation="pattern match">^4</linux:version>
    </linux:rpminfo_state>
    <ind:family_state id="oval:ssg-state_centos5_unix_family:ste:1" version="1">
      <ind:family>unix</ind:family>
    </ind:family_state>
    <linux:rpminfo_state id="oval:ssg-state_centos_5:ste:1" version="1">
      <linux:version operation="pattern match">^5</linux:version>
    </linux:rpminfo_state>
    <ind:family_state id="oval:ssg-state_rhel4_unix_family:ste:1" version="1">
      <ind:family>unix</ind:family>
    </ind:family_state>
    <linux:rpminfo_state id="oval:ssg-state_rhel_4:ste:1" version="1">
      <linux:version operation="pattern match">^4</linux:version>
    </linux:rpminfo_state>
    <ind:family_state id="oval:ssg-state_rhel5_unix_family:ste:1" version="1">
      <ind:family>unix</ind:family>
    </ind:family_state>
    <linux:rpminfo_state id="oval:ssg-state_rhel5_workstation:ste:1" version="1">
      <linux:version operation="pattern match">^5Client$</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_rhel5_server:ste:1" version="1">
      <linux:version operation="pattern match">^5Server$</linux:version>
    </linux:rpminfo_state>
    <unix:interface_state id="oval:ssg-state_ip_6to4_tunnels:ste:1" version="1">
      <unix:flag operation="not equal">POINTOPOINT</unix:flag>
    </unix:interface_state>
    <unix:interface_state id="oval:ssg-state_ip_tunnels:ste:1" version="1">
      <unix:flag operation="not equal">POINTOPOINT</unix:flag>
    </unix:interface_state>
    <linux:rpminfo_state id="oval:ssg-state_mail_debug_enabled:ste:1" version="1">
      <linux:evr operation="greater than or equal" datatype="evr_string">0:8.13.8-8</linux:evr>
    </linux:rpminfo_state>
    <unix:file_state id="oval:ssg-state_mail_forward_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <linux:rpminfo_state id="oval:ssg-state_mail_up_to_date_sendmail:ste:1" version="1">
      <linux:evr operation="greater than or equal" datatype="evr_string">0:8.13.8-8</linux:evr>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_mail_up_to_date_postfix:ste:1" version="1">
      <linux:evr operation="greater than or equal" datatype="evr_string">0:2.3.3-6</linux:evr>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_mail_wiz_active:ste:1" version="1">
      <linux:evr operation="greater than or equal" datatype="evr_string">0:8.13.8-8</linux:evr>
    </linux:rpminfo_state>
    <ind:textfilecontent54_state id="oval:ssg-state_remote_filesystem_nodev:ste:1" version="1">
      <ind:subexpression operation="pattern match">^.*nodev.*$</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_remote_filesystem_nosuid:ste:1" version="1">
      <ind:subexpression operation="pattern match">^.*nosuid.*$</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_network_ipv6_default_gateway_ipv6_disabled:ste:1" version="1">
      <ind:subexpression datatype="string" operation="equals">no</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_network_ipv6_disable_interfaces_conf:ste:1" version="1">
      <ind:subexpression datatype="string" operation="equals">no</ind:subexpression>
    </ind:textfilecontent54_state>
    <unix:file_state id="oval:ssg-file_permissions_unowned_userid_list_match:ste:1" version="1">
      <unix:user_id var_check="at least one" var_ref="oval:ssg-file_permissions_unowned_userid_list:var:1" datatype="int"/>
    </unix:file_state>
    <linux:rpmverifyfile_state id="oval:ssg-state_files_fail_md5_hash:ste:1" version="1" operator="AND">
      <linux:md5_differs>fail</linux:md5_differs>
      <!-- <linux:configuration_file datatype="boolean">false</linux:configuration_file> -->
      <!-- <linux:documentation_file datatype="boolean">false</linux:documentation_file> -->
      <!-- <linux:ghost_file datatype="boolean">false</linux:ghost_file> -->
      <!-- <linux:license_file datatype="boolean">false</linux:license_file> -->
      <!-- <linux:readme_file datatype="boolean">false</linux:readme_file> -->
    </linux:rpmverifyfile_state>
    <ind:textfilecontent54_state id="oval:ssg-state_selinux_enforcing:ste:1" version="1">
      <ind:subexpression datatype="string" operation="equals">enforcing</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_selinuxtype_targeted:ste:1" version="1">
      <ind:subexpression datatype="string" operation="equals">targeted</ind:subexpression>
      <!-- <ind:subexpression datatype="string" operation="equals" var_check="at least one" var_ref="var_selinux_policy_name" /> -->
    </ind:textfilecontent54_state>
    <unix:runlevel_state comment="configured to start" id="oval:ssg-state_service_auditd_on:ste:1" version="1">
      <unix:start datatype="boolean">true</unix:start>
      <unix:kill datatype="boolean">false</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_autofs_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_dovecot_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="configured to start" id="oval:ssg-state_service_iptables_on:ste:1" version="1">
      <unix:start datatype="boolean">true</unix:start>
      <unix:kill datatype="boolean">false</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_kdump_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="configured to start" id="oval:ssg-state_service_ntpd_on:ste:1" version="1">
      <unix:start datatype="boolean">true</unix:start>
      <unix:kill datatype="boolean">false</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="configured to start" id="oval:ssg-state_service_postfix_on:ste:1" version="1">
      <unix:start datatype="boolean">true</unix:start>
      <unix:kill datatype="boolean">false</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_portmap_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_rpcbind_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_sshd_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_tftp_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_gssftp_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_vsftpd_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_xinetd_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_ypbind_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <unix:runlevel_state comment="not configured to start" id="oval:ssg-state_service_yum-updatesd_off:ste:1" version="1">
      <unix:start datatype="boolean">false</unix:start>
      <unix:kill datatype="boolean">true</unix:kill>
    </unix:runlevel_state>
    <ind:textfilecontent54_state id="oval:ssg-state_shells_file_references:ste:1" version="1">
      <ind:subexpression operation="equals" var_ref="oval:ssg-var_shells_file_references:var:1" var_check="at least one" datatype="string"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_shells_file_references_nologin:ste:1" version="1">
      <ind:subexpression datatype="string" operation="pattern match">^(?!/usr/bin/false|/bin/false|/dev/null|/sbin/nologin|/bin/sync|/sbin/halt|/sbin/shutdown).*$</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_ssh_use_approved_macs:ste:1" version="1">
      <ind:subexpression operation="equals">hmac-sha1</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_sshd_use_approved_macs:ste:1" version="1">
      <ind:subexpression operation="equals">hmac-sha1</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_sysconfig_networking_bootproto_ifcfg:ste:1" version="1">
      <ind:subexpression operation="not equal">dhcp</ind:subexpression>
    </ind:textfilecontent54_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_kernel_execshield:ste:1" version="1">
      <unix:value datatype="int" operation="equals">1</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_kernel_exec_shield:ste:1" version="1">
      <unix:value datatype="int" operation="equals">1</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_kernel_randomize_va_space:ste:1" version="1">
      <unix:value datatype="int" operation="equals">1</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_conf_all_accept_redirects:ste:1" version="1">
      <unix:value datatype="int" operation="equals">0</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_conf_default_accept_redirects:ste:1" version="1">
      <unix:value datatype="int" operation="equals">0</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_conf_all_accept_source_route:ste:1" version="1">
      <unix:value datatype="int" operation="equals">0</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_conf_default_accept_source_route:ste:1" version="1">
      <unix:value datatype="int" operation="equals">0</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_conf_all_log_martians:ste:1" version="1">
      <unix:value datatype="int" operation="equals">1</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_conf_default_log_martians:ste:1" version="1">
      <unix:value datatype="int" operation="equals">1</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_conf_all_send_redirects:ste:1" version="1">
      <unix:value datatype="int" operation="equals">0</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_conf_default_send_redirects:ste:1" version="1">
      <unix:value datatype="int" operation="equals">0</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_icmp_echo_ignore_broadcasts:ste:1" version="1">
      <unix:value datatype="int" operation="equals">1</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_ip_forward:ste:1" version="1">
      <unix:value datatype="int" operation="equals">0</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_tcp_max_syn_backlog:ste:1" version="1">
      <unix:value datatype="int" operation="equals">1280</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv4_tcp_syncookies:ste:1" version="1">
      <unix:value datatype="int" operation="equals">1</unix:value>
    </unix:sysctl_state>
    <unix:sysctl_state id="oval:ssg-state_sysctl_net_ipv6_conf_all_accept_redirects:ste:1" version="1">
      <unix:value datatype="int" operation="equals">0</unix:value>
    </unix:sysctl_state>
    <unix:uname_state comment="32 bit architecture" id="oval:ssg-state_system_info_architecture_x86:ste:1" version="1">
      <unix:processor_type operation="equals">i686</unix:processor_type>
    </unix:uname_state>
    <unix:uname_state comment="64 bit architecture" id="oval:ssg-state_system_info_architecture_x86_64:ste:1" version="1">
      <unix:processor_type operation="equals">x86_64</unix:processor_type>
    </unix:uname_state>
    <unix:password_state id="oval:ssg-state_tftpd_user_shell:ste:1" version="3">
      <unix:login_shell datatype="string" operation="pattern match">^(/bin/false|/dev/null|/usr/bin/false|/bin/true|/sbin/nologin)$</unix:login_shell>
    </unix:password_state>
    <ind:variable_state id="oval:ssg-state_etc_passwd_no_duplicate_user_names:ste:1" version="1">
      <ind:value var_ref="oval:ssg-variable_count_of_unique_usernames_from_etc_passwd:var:1" datatype="int" operation="equals" var_check="at least one"/>
    </ind:variable_state>
    <ind:variable_state id="oval:ssg-state_last_pass_min_len_instance_value:ste:1" version="1">
      <ind:value operation="greater than or equal" var_ref="oval:ssg-var_accounts_password_minlen_login_defs:var:1" datatype="int" var_check="at least one"/>
    </ind:variable_state>
    <ind:textfilecontent54_state id="oval:ssg-state_password_pam_retry:ste:1" version="1">
      <ind:subexpression datatype="int" operation="less than or equal" var_ref="oval:ssg-var_password_pam_retry:var:1"/>
    </ind:textfilecontent54_state>
    <ind:variable_state id="oval:ssg-state_last_pass_warn_age_instance_value:ste:1" version="1">
      <ind:value operation="greater than or equal" var_ref="oval:ssg-var_accounts_password_warn_age_login_defs:var:1" datatype="int" var_check="at least one"/>
    </ind:variable_state>
    <ind:textfilecontent54_state id="oval:ssg-state_var_accounts_passwords_pam_faillock_deny_value:ste:1" version="1">
      <ind:subexpression datatype="int" operation="less than or equal" var_ref="oval:ssg-var_accounts_passwords_pam_faillock_deny:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_passwords_pam_faillock_fail_interval_system-auth:ste:1" version="2">
      <ind:subexpression datatype="int" operation="greater than or equal" var_ref="oval:ssg-var_accounts_passwords_pam_faillock_fail_interval:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_passwords_pam_faillock_fail_interval_password-auth:ste:1" version="2">
      <ind:subexpression datatype="int" operation="greater than or equal" var_ref="oval:ssg-var_accounts_passwords_pam_faillock_fail_interval:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_passwords_pam_faillock_unlock_time_system-auth:ste:1" version="2">
      <ind:subexpression datatype="int" operation="equals" var_ref="oval:ssg-var_accounts_passwords_pam_faillock_unlock_time:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_accounts_passwords_pam_faillock_unlock_time_password-auth:ste:1" version="2">
      <ind:subexpression datatype="int" operation="equals" var_ref="oval:ssg-var_accounts_passwords_pam_faillock_unlock_time:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_etc_profile_tmout:ste:1" version="1">
      <ind:subexpression datatype="int" operation="greater than or equal" var_check="all" var_ref="oval:ssg-var_accounts_tmout:var:1"/>
    </ind:textfilecontent54_state>
    <ind:variable_state id="oval:ssg-ste_accounts_umask_etc_bashrc:ste:1" version="1">
      <ind:value datatype="int" operation="bitwise and" var_ref="oval:ssg-var_accounts_user_umask_umask_as_number:var:1"/>
    </ind:variable_state>
    <ind:variable_state id="oval:ssg-ste_accounts_umask_etc_csh_cshrc:ste:1" version="1">
      <ind:value datatype="int" operation="bitwise and" var_ref="oval:ssg-var_accounts_user_umask_umask_as_number:var:1"/>
    </ind:variable_state>
    <ind:variable_state id="oval:ssg-ste_accounts_umask_etc_login_defs:ste:1" version="1">
      <ind:value datatype="int" operation="bitwise and" var_ref="oval:ssg-var_accounts_user_umask_umask_as_number:var:1"/>
    </ind:variable_state>
    <ind:variable_state id="oval:ssg-ste_accounts_umask_etc_profile:ste:1" version="1">
      <ind:value datatype="int" operation="bitwise and" var_ref="oval:ssg-var_accounts_user_umask_umask_as_number:var:1"/>
    </ind:variable_state>
    <ind:textfilecontent54_state id="oval:ssg-state_aide_use_fips_hashes:ste:1" version="1">
      <ind:subexpression operation="pattern match">^.*sha512.*$</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_aide_verify_acls:ste:1" version="1">
      <ind:subexpression operation="pattern match">^.*acl.*$</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_aide_verify_ext_attributes:ste:1" version="1">
      <ind:subexpression operation="pattern match">^.*xattrs.*$</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_auditd_data_retention_action_mail_acct:ste:1" version="1">
      <ind:subexpression operation="equals" var_ref="oval:ssg-var_auditd_action_mail_acct:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_auditd_data_retention_admin_space_left_action:ste:1" version="1">
      <ind:subexpression operation="case insensitive equals" var_ref="oval:ssg-var_auditd_admin_space_left_action:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_auditd_data_retention_flush:ste:1" version="1">
      <ind:subexpression operation="case insensitive equals" var_ref="oval:ssg-var_auditd_flush:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_auditd_data_retention_max_log_file:ste:1" version="1">
      <ind:subexpression operation="greater than or equal" var_ref="oval:ssg-var_auditd_max_log_file:var:1" datatype="int"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_auditd_data_retention_max_log_file_action:ste:1" version="1">
      <ind:subexpression operation="case insensitive equals" var_ref="oval:ssg-var_auditd_max_log_file_action:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_auditd_data_retention_num_logs:ste:1" version="1">
      <ind:subexpression operation="greater than or equal" var_ref="oval:ssg-var_auditd_num_logs:var:1" datatype="int"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_auditd_data_retention_space_left_action:ste:1" version="2">
      <ind:subexpression operation="case insensitive equals" var_ref="oval:ssg-var_auditd_space_left_action:var:1"/>
    </ind:textfilecontent54_state>
    <unix:file_state id="oval:ssg-state_dir_perms_etc_httpd_conf:ste:1" operator="AND" version="2">
      <unix:suid datatype="boolean">false</unix:suid>
      <unix:sgid datatype="boolean">false</unix:sgid>
      <unix:sticky datatype="boolean">false</unix:sticky>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_dir_perms_var_log_httpd:ste:1" version="2">
      <unix:suid datatype="boolean">false</unix:suid>
      <unix:sgid datatype="boolean">false</unix:sgid>
      <unix:sticky datatype="boolean">false</unix:sticky>
      <unix:gread datatype="boolean">false</unix:gread>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <ind:textfilecontent54_state id="oval:ssg-state_another_rotate_interval_after_daily:ste:1" version="1">
      <!-- if some of (weekly / monthly / yearly) uncommented setting is found
         (in the previously selected chunk of text) in one of the following
         parts:
         * before the first '{' character,
         * somewhere after '}' character and before another '{' character,
         * after final '}' character and before end of the chunk
         exclude such object from the found ones (since in that case earlier
         daily setting would be replaced with the found setting) -->
      <ind:subexpression datatype="string" operation="pattern match">}[^{]+[\n][\s]*(weekly|monthly|yearly)|[\n][\s]*(weekly|monthly|yearly)[^}]+{</ind:subexpression>
    </ind:textfilecontent54_state>
    <linux:rpminfo_state id="oval:ssg-state_package_gpg-pubkey-fd431d51-4ae0493b:ste:1" version="1">
      <linux:release>4ae0493b</linux:release>
      <linux:version>fd431d51</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_package_gpg-pubkey-2fa658e0-45700c69:ste:1" version="1">
      <linux:release>45700c69</linux:release>
      <linux:version>2fa658e0</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_package_gpg-pubkey-f4a80eb5-53a7ff4b:ste:1" version="1">
      <linux:release>53a7ff4b</linux:release>
      <linux:version>f4a80eb5</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_package_gpg-pubkey-c105b9de-4e0fd3a3:ste:1" version="1">
      <linux:release>4e0fd3a3</linux:release>
      <linux:version>c105b9de</linux:version>
    </linux:rpminfo_state>
    <unix:file_state id="oval:ssg-state_owner_binaries_not_root:ste:1" version="1" operator="OR">
      <unix:user_id datatype="int" operation="not equal">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_owner_libraries_not_root:ste:1" version="1">
      <unix:user_id datatype="int" operation="not equal">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_owner_not_root_root_var_log_audit:ste:1" version="1" operator="OR">
      <unix:group_id datatype="int" operation="not equal">0</unix:group_id>
      <unix:user_id datatype="int" operation="not equal">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_owner_not_root_var_log_audit-non_root:ste:1" version="1" operator="OR">
      <unix:group_id datatype="int" operation="not equal">0</unix:group_id>
      <unix:user_id datatype="int" operation="equals">0</unix:user_id>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_perms_binary_files_nogroupwrite_noworldwrite:ste:1" version="1" operator="OR">
      <unix:gwrite datatype="boolean">true</unix:gwrite>
      <unix:owrite datatype="boolean">true</unix:owrite>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_perms_binary_files_symlink:ste:1" version="1">
      <unix:type operation="equals">symbolic link</unix:type>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_wrong_file_permissions_httpd_server_conf_files:ste:1" version="2" operator="AND">
      <unix:suid datatype="boolean">false</unix:suid>
      <unix:sgid datatype="boolean">false</unix:sgid>
      <unix:sticky datatype="boolean">false</unix:sticky>
      <unix:uexec datatype="boolean">false</unix:uexec>
      <unix:gwrite datatype="boolean">false</unix:gwrite>
      <unix:gexec datatype="boolean">false</unix:gexec>
      <unix:oread datatype="boolean">false</unix:oread>
      <unix:owrite datatype="boolean">false</unix:owrite>
      <unix:oexec datatype="boolean">false</unix:oexec>
    </unix:file_state>
    <unix:file_state comment="Files that are owned by a group." id="oval:ssg-state_file_permissions_ungroupowned:ste:1" version="1">
      <unix:group_id datatype="int" var_ref="oval:ssg-variable_file_permissions_ungroupowned:var:1" var_check="at least one"/>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_not_mode_0600:ste:1" version="1" operator="OR">
      <!-- if any one of these is true then mode is NOT 0640 (hence the OR operator) -->
      <unix:suid datatype="boolean">true</unix:suid>
      <unix:sgid datatype="boolean">true</unix:sgid>
      <unix:sticky datatype="boolean">true</unix:sticky>
      <unix:uexec datatype="boolean">true</unix:uexec>
      <unix:gread datatype="boolean">true</unix:gread>
      <unix:gwrite datatype="boolean">true</unix:gwrite>
      <unix:gexec datatype="boolean">true</unix:gexec>
      <unix:oread datatype="boolean">true</unix:oread>
      <unix:owrite datatype="boolean">true</unix:owrite>
      <unix:oexec datatype="boolean">true</unix:oexec>
    </unix:file_state>
    <unix:file_state id="oval:ssg-state_not_mode_0640:ste:1" version="1" operator="OR">
      <!-- if any one of these is true then mode is NOT 0640 (hence the OR operator) -->
      <unix:suid datatype="boolean">true</unix:suid>
      <unix:sgid datatype="boolean">true</unix:sgid>
      <unix:sticky datatype="boolean">true</unix:sticky>
      <unix:uexec datatype="boolean">true</unix:uexec>
      <unix:gwrite datatype="boolean">true</unix:gwrite>
      <unix:gexec datatype="boolean">true</unix:gexec>
      <unix:oread datatype="boolean">true</unix:oread>
      <unix:owrite datatype="boolean">true</unix:owrite>
      <unix:oexec datatype="boolean">true</unix:oexec>
    </unix:file_state>
    <ind:textfilecontent54_state id="oval:ssg-state_gid_passwd_group_same:ste:1" version="1">
      <ind:subexpression operation="equals" var_ref="oval:ssg-var_gid_passwd_group_same:var:1" var_check="at least one" datatype="string"/>
    </ind:textfilecontent54_state>
    <unix:file_state id="oval:ssg-state_groupowner_shadow_file:ste:1" version="1">
      <unix:group_id datatype="int">0</unix:group_id>
    </unix:file_state>
    <linux:rpminfo_state id="oval:ssg-state_centos6:ste:1" version="1">
      <linux:version operation="pattern match">^6.*$</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_centos7:ste:1" version="1">
      <linux:version operation="pattern match">^7.*$</linux:version>
    </linux:rpminfo_state>
    <ind:family_state id="oval:ssg-state_unix_family:ste:1" version="1">
      <ind:family>unix</ind:family>
    </ind:family_state>
    <linux:rpminfo_state id="oval:ssg-state_rhel_workstation:ste:1" version="1">
      <linux:version operation="pattern match">^6.*$</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_rhel_server:ste:1" version="1">
      <linux:version operation="pattern match">^6.*$</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_rhel_computenode:ste:1" version="1">
      <linux:version operation="pattern match">^6.*$</linux:version>
    </linux:rpminfo_state>
    <ind:family_state id="oval:ssg-state_rhel7_unix_family:ste:1" version="1">
      <ind:family>unix</ind:family>
    </ind:family_state>
    <linux:rpminfo_state id="oval:ssg-state_rhel7_workstation:ste:1" version="1">
      <linux:version operation="pattern match">^7.*$</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_rhel7_server:ste:1" version="1">
      <linux:version operation="pattern match">^7.*$</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_rhel7_computenode:ste:1" version="1">
      <linux:version operation="pattern match">^7.*$</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_sl6:ste:1" version="1">
      <linux:version operation="pattern match">^6.*$</linux:version>
    </linux:rpminfo_state>
    <linux:rpminfo_state id="oval:ssg-state_sl7:ste:1" version="1">
      <linux:version operation="pattern match">^7.*$</linux:version>
    </linux:rpminfo_state>
    <ind:family_state id="oval:ssg-state_unix_wrlinux:ste:1" version="1">
      <ind:family>unix</ind:family>
    </ind:family_state>
    <linux:partition_state id="oval:ssg-state_dev_shm_nodev:ste:1" version="1">
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">nodev</linux:mount_options>
    </linux:partition_state>
    <linux:partition_state id="oval:ssg-state_dev_shm_noexec:ste:1" version="1">
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">noexec</linux:mount_options>
    </linux:partition_state>
    <linux:partition_state id="oval:ssg-state_dev_shm_nosuid:ste:1" version="1">
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">nosuid</linux:mount_options>
    </linux:partition_state>
    <linux:partition_state id="oval:ssg-state_local_nodev:ste:1" version="1">
      <!-- this check defines a local partition as one which has a device node in /dev -->
      <linux:device operation="pattern match">^/dev/.*$</linux:device>
      <linux:mount_options datatype="string" entity_check="all" operation="not equal">nodev</linux:mount_options>
    </linux:partition_state>
    <ind:textfilecontent54_state id="oval:ssg-state_nodev_etc_fstab_cd_dvd_drive:ste:1" version="1">
      <ind:subexpression operation="pattern match" datatype="string">^.*,?nodev,?.*$</ind:subexpression>
    </ind:textfilecontent54_state>
    <linux:partition_state id="oval:ssg-state_nodev_runtime_cd_dvd_drive:ste:1" version="1">
      <linux:device datatype="string" operation="equals" var_ref="oval:ssg-variable_cd_dvd_drive_alternative_names:var:1" var_check="at least one"/>
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">nodev</linux:mount_options>
    </linux:partition_state>
    <ind:textfilecontent54_state id="oval:ssg-state_nodev_etc_fstab_not_cd_dvd_drive:ste:1" version="1">
      <ind:subexpression operation="pattern match" datatype="string">^.*,?nodev,?.*</ind:subexpression>
    </ind:textfilecontent54_state>
    <linux:partition_state id="oval:ssg-state_nodev_runtime_not_cd_dvd_drive:ste:1" version="1">
      <linux:device datatype="string" operation="equals" var_ref="oval:ssg-var_removable_partition:var:1" var_check="at least one"/>
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">nodev</linux:mount_options>
    </linux:partition_state>
    <ind:textfilecontent54_state id="oval:ssg-state_noexec_etc_fstab_cd_dvd_drive:ste:1" version="1">
      <ind:subexpression operation="pattern match" datatype="string">^.*,?noexec,?.*$</ind:subexpression>
    </ind:textfilecontent54_state>
    <linux:partition_state id="oval:ssg-state_noexec_runtime_cd_dvd_drive:ste:1" version="1">
      <linux:device datatype="string" operation="equals" var_ref="oval:ssg-variable_cd_dvd_drive_alternative_names:var:1" var_check="at least one"/>
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">noexec</linux:mount_options>
    </linux:partition_state>
    <ind:textfilecontent54_state id="oval:ssg-state_noexec_etc_fstab_not_cd_dvd_drive:ste:1" version="1">
      <ind:subexpression operation="pattern match" datatype="string">^.*,?noexec,?.*</ind:subexpression>
    </ind:textfilecontent54_state>
    <linux:partition_state id="oval:ssg-state_noexec_runtime_not_cd_dvd_drive:ste:1" version="1">
      <linux:device datatype="string" operation="equals" var_ref="oval:ssg-var_removable_partition:var:1" var_check="at least one"/>
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">noexec</linux:mount_options>
    </linux:partition_state>
    <ind:textfilecontent54_state id="oval:ssg-state_nosuid_etc_fstab_cd_dvd_drive:ste:1" version="1">
      <ind:subexpression operation="pattern match" datatype="string">^.*,?nosuid,?.*$</ind:subexpression>
    </ind:textfilecontent54_state>
    <linux:partition_state id="oval:ssg-state_nosuid_runtime_cd_dvd_drive:ste:1" version="1">
      <linux:device datatype="string" operation="equals" var_ref="oval:ssg-variable_cd_dvd_drive_alternative_names:var:1" var_check="at least one"/>
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">nosuid</linux:mount_options>
    </linux:partition_state>
    <ind:textfilecontent54_state id="oval:ssg-state_nosuid_etc_fstab_not_cd_dvd_drive:ste:1" version="1">
      <ind:subexpression operation="pattern match" datatype="string">^.*,?nosuid,?.*</ind:subexpression>
    </ind:textfilecontent54_state>
    <linux:partition_state id="oval:ssg-state_nosuid_runtime_not_cd_dvd_drive:ste:1" version="1">
      <linux:device datatype="string" operation="equals" var_ref="oval:ssg-var_removable_partition:var:1" var_check="at least one"/>
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">nosuid</linux:mount_options>
    </linux:partition_state>
    <ind:textfilecontent54_state id="oval:ssg-state_20340112:ste:1" version="1">
      <ind:instance datatype="int">2</ind:instance>
      <ind:subexpression operation="pattern match">sec=(krb5i|ntlmv2i)</ind:subexpression>
    </ind:textfilecontent54_state>
    <linux:partition_state id="oval:ssg-state_tmp_nodev:ste:1" version="1">
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">nodev</linux:mount_options>
    </linux:partition_state>
    <linux:partition_state id="oval:ssg-state_tmp_noexec:ste:1" version="1">
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">noexec</linux:mount_options>
    </linux:partition_state>
    <linux:partition_state id="oval:ssg-state_tmp_nosuid:ste:1" version="1">
      <linux:mount_options datatype="string" entity_check="at least one" operation="equals">nosuid</linux:mount_options>
    </linux:partition_state>
    <unix:interface_state id="oval:ssg-state_promisc:ste:1" version="1">
      <unix:flag datatype="string" entity_check="at least one" operation="equals">PROMISC</unix:flag>
    </unix:interface_state>
    <ind:variable_state id="oval:ssg-state_shell_defined_default_uid_range:ste:1" version="1">
      <ind:value datatype="int" operation="greater than">0</ind:value>
    </ind:variable_state>
    <ind:variable_state id="oval:ssg-state_shell_defined_reserved_uid_range:ste:1" version="1">
      <ind:value datatype="int" operation="greater than">0</ind:value>
    </ind:variable_state>
    <ind:variable_state id="oval:ssg-state_shell_defined_dynalloc_uid_range:ste:1" version="1">
      <ind:value datatype="int" operation="greater than">0</ind:value>
    </ind:variable_state>
    <ind:environmentvariable58_state comment="starts with colon or period" id="oval:ssg-state_begins_colon_period:ste:1" version="1">
      <ind:value operation="pattern match">^[:\.]</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="colon twice in a row" id="oval:ssg-state_contains_double_colon:ste:1" version="1">
      <ind:value operation="pattern match">::</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="period twice in a row" id="oval:ssg-state_contains_double_period:ste:1" version="1">
      <ind:value operation="pattern match">\.\.</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="ends with colon or period" id="oval:ssg-state_ends_colon_period:ste:1" version="1">
      <ind:value operation="pattern match">[:\.]$</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="begins with a slash" id="oval:ssg-state_begins_slash:ste:1" version="1">
      <ind:value operation="pattern match">^[^/]</ind:value>
    </ind:environmentvariable58_state>
    <ind:environmentvariable58_state comment="elements begin with a slash" id="oval:ssg-state_contains_relative_path:ste:1" version="1">
      <ind:value operation="pattern match">[^\\]:[^/]</ind:value>
    </ind:environmentvariable58_state>
    <linux:rpmverifyfile_state id="oval:ssg-state_files_fail_user_ownership:ste:1" version="1">
      <linux:ownership_differs>fail</linux:ownership_differs>
    </linux:rpmverifyfile_state>
    <linux:rpmverifyfile_state id="oval:ssg-state_files_fail_group_ownership:ste:1" version="1">
      <linux:group_differs>fail</linux:group_differs>
    </linux:rpmverifyfile_state>
    <linux:rpmverifyfile_state id="oval:ssg-state_files_fail_mode:ste:1" version="1">
      <linux:mode_differs>fail</linux:mode_differs>
    </linux:rpmverifyfile_state>
    <ind:textfilecontent54_state id="oval:ssg-state_selinux_policy:ste:1" version="1">
      <ind:subexpression operation="equals" var_check="all" var_ref="oval:ssg-var_selinux_policy_name:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_etc_selinux_config:ste:1" version="1">
      <ind:subexpression datatype="string" operation="equals" var_check="all" var_ref="oval:ssg-var_selinux_state:var:1"/>
    </ind:textfilecontent54_state>
    <ind:variable_state id="oval:ssg-state_last_encrypt_method_instance_value:ste:1" version="1">
      <ind:value operation="equals" datatype="string">SHA512</ind:value>
    </ind:variable_state>
    <ind:textfilecontent54_state comment="upper bound of ClientAliveInterval in seconds" id="oval:ssg-state_timeout_value_upper_bound:ste:1" version="1">
      <ind:subexpression datatype="int" operation="less than or equal" var_check="all" var_ref="oval:ssg-sshd_idle_timeout_value:var:1"/>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state comment="lower bound of ClientAliveInterval in seconds" id="oval:ssg-state_timeout_value_lower_bound:ste:1" version="1">
      <ind:subexpression datatype="int" operation="greater than">0</ind:subexpression>
    </ind:textfilecontent54_state>
    <ind:textfilecontent54_state id="oval:ssg-state_sshd_clientalivecountmax:ste:1" version="1">
      <ind:subexpression datatype="int" operation="equals">0</ind:subexpression>
    </ind:textfilecontent54_state>
    <unix:sysctl_state id="oval:ssg-state_runtime_kernel_dmesg_restrict:ste:1" version="1">
      <unix:value datatype="int" operation="equals">1</unix:value>
    </unix:sysctl_state>
    <ind:textfilecontent54_state id="oval:ssg-state_static_sysctld_kernel_dmesg_restrict:ste:1" version="1">
      <ind:subexpression operation="equals" datatype="int">1</ind:subexpression>
    </ind:textfilecontent54_state>
    <unix:uname_state comment="64 bit architecture" id="oval:ssg-state_system_info_architecture_ppc_64:ste:1" version="1">
      <unix:processor_type operation="equals">ppc64</unix:processor_type>
    </unix:uname_state>
    <unix:uname_state comment="64 bit architecture" id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1" version="1">
      <unix:processor_type operation="equals">ppc64le</unix:processor_type>
    </unix:uname_state>
    <ind:variable_state id="oval:ssg-ste_umask_for_daemons:ste:1" version="1">
      <ind:value datatype="int" operation="bitwise and" var_ref="oval:ssg-var_umask_for_daemons_umask_as_number:var:1"/>
    </ind:variable_state>
    <ind:variable_state id="oval:ssg-state_var_removable_partition_is_cd_dvd_drive:ste:1" version="1">
      <ind:value operation="equals">/dev/cdrom</ind:value>
    </ind:variable_state>
  </states>
  <variables>
    <external_variable comment="inactive days expiration" datatype="int" id="oval:ssg-var_account_disable_post_pw_expiration:var:1" version="1"/>
    <external_variable comment="maximum number of concurrent logins per user" datatype="int" id="oval:ssg-max_concurrent_login_sessions_value:var:1" version="1"/>
    <local_variable id="oval:ssg-var_accounts_maximum_age_login_defs_users:var:1" comment="User Accounts" datatype="string" version="1">
      <object_component item_field="username" object_ref="oval:ssg-object_accounts_maximum_age_login_defs_var:obj:1"/>
    </local_variable>
    <external_variable comment="maximum password age" datatype="int" id="oval:ssg-var_accounts_maximum_age_login_defs:var:1" version="1"/>
    <local_variable id="oval:ssg-var_accounts_minimum_age_login_defs_users:var:1" comment="User Accounts" datatype="string" version="1">
      <object_component item_field="username" object_ref="oval:ssg-object_accounts_minimum_age_login_defs_var:obj:1"/>
    </local_variable>
    <external_variable comment="minimum password age in days" datatype="int" id="oval:ssg-var_accounts_minimum_age_login_defs:var:1" version="1"/>
    <external_variable comment="External variable for pam_cracklib dcredit" datatype="int" id="oval:ssg-var_password_pam_cracklib_dcredit:var:1" version="1"/>
    <external_variable comment="External variable for pam_cracklib difok" datatype="int" id="oval:ssg-var_password_pam_cracklib_difok:var:1" version="1"/>
    <external_variable comment="External variable for pam_cracklib lcredit" datatype="int" id="oval:ssg-var_password_pam_cracklib_lcredit:var:1" version="1"/>
    <external_variable comment="External variable for pam_cracklib maxrepeat" datatype="int" id="oval:ssg-var_password_pam_cracklib_maxrepeat:var:1" version="1"/>
    <external_variable comment="External variable for pam_cracklib minlen" datatype="int" id="oval:ssg-var_password_pam_cracklib_minlen:var:1" version="1"/>
    <external_variable comment="External variable for pam_cracklib ocredit" datatype="int" id="oval:ssg-var_password_pam_cracklib_ocredit:var:1" version="1"/>
    <external_variable comment="External variable for pam_cracklib ucredit" datatype="int" id="oval:ssg-var_password_pam_cracklib_ucredit:var:1" version="1"/>
    <external_variable comment="number of failed login attempts allowed" datatype="int" id="oval:ssg-var_accounts_password_pam_tally_deny:var:1" version="1"/>
    <external_variable comment="number of passwords that should be remembered" datatype="int" id="oval:ssg-password_history_retain_number:var:1" version="1"/>
    <local_variable id="oval:ssg-var_accounts_root_path_dirs_no_write:var:1" comment="List of root paths" datatype="string" version="1">
      <split delimiter=":">
        <object_component item_field="value" object_ref="oval:ssg-var_env_accounts_root_path_dirs_no_write:obj:1"/>
      </split>
    </local_variable>
    <external_variable comment="umask for user shell" datatype="string" id="oval:ssg-var_accounts_user_umask:var:1" version="1"/>
    <local_variable id="oval:ssg-var_accounts_unique_name:var:1" comment="account names" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_accounts_unique_name_var:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_accounts_unique_id:var:1" comment="account names" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_accounts_unique_id_var:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_at_system_accounts_allow_list:var:1" comment="Accounts Allowed" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_at_system_accounts_allow_list:obj:1"/>
    </local_variable>
    <external_variable comment="warning banner text variable" datatype="string" id="oval:ssg-system_login_banner_text:var:1" version="1"/>
    <external_variable comment="warning banner text variable" datatype="string" id="oval:ssg-gui_login_banner_text:var:1" version="1"/>
    <local_variable id="oval:ssg-var_cron_system_accounts_allow_list:var:1" comment="Accounts Allowed" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_cron_system_accounts_allow_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_aliases_files_list:var:1" comment="List of files referenced in /etc/aliases" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_aliases_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_audit_log_list_el4:var:1" comment="List of audit log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_audit_log_list_el4:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_audit_log_list_el5:var:1" comment="List of audit log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_audit_log_list_el5:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_core_dump_dir_list:var:1" comment="Core dump directory" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_core_dump_dir_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_etc_cups_printers_conf_list:var:1" comment="group Accounts" datatype="int" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_etc_cups_printers_conf_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_exports_dirs_list:var:1" comment="List of files referenced in /etc/exports" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_exports_dirs_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_home_dirs_group_list:var:1" comment="group Accounts" datatype="int" version="1">
      <object_component item_field="group_id" object_ref="oval:ssg-object_file_groupowner_home_dirs_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_home_dirs_path_list:var:1" comment="group Accounts" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_groupowner_home_dirs_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_home_files_group_list:var:1" comment="Group Accounts" datatype="int" version="1">
      <object_component item_field="group_id" object_ref="oval:ssg-object_file_groupowner_home_files_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_home_files_path_list:var:1" comment="User Home Directories" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_groupowner_home_files_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_ldap_cacerts_list:var:1" comment="LDAP TLS CA cert" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_ldap_cacerts_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_ldap_certs_list:var:1" comment="LDAP TLS cert" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_ldap_certs_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_ldap_keys_list:var:1" comment="LDAP TLS key" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_ldap_keys_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_local_initialization_files_group_list_home:var:1" comment="Group Accounts" datatype="int" version="1">
      <object_component item_field="group_id" object_ref="oval:ssg-object_file_groupowner_local_initialization_files_path_list_home:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_local_initialization_files_path_list_home:var:1" comment="User Home Directories" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_groupowner_local_initialization_files_path_list_home:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_local_initialization_files_path_list_root:var:1" comment="group Accounts" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_groupowner_local_initialization_files_path_list_root:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_shell_files_list:var:1" comment="List of files referenced in /etc/shells" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_shell_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_snmpd_conf_list:var:1" comment="group Accounts" datatype="int" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_groupowner_snmpd_conf_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_groupowner_var_spool_at_list:var:1" comment="group Accounts" datatype="int" version="1">
      <object_component item_field="user_id" object_ref="oval:ssg-object_file_groupowner_var_spool_at_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_aliases_files_list:var:1" comment="List of files referenced in /etc/aliases" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_aliases_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_audit_log_list_el4:var:1" comment="List of audit log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_audit_log_list_el4:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_audit_log_list_el5:var:1" comment="List of audit log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_audit_log_list_el5:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_core_dump_dir_list:var:1" comment="Core dump directory" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_core_dump_dir_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_etc_cups_printers_conf_list:var:1" comment="group Accounts" datatype="int" version="1">
      <object_component item_field="user_id" object_ref="oval:ssg-object_file_owner_etc_cups_printers_conf_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_exports_dirs_list:var:1" comment="List of files referenced in /etc/exports" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_exports_dirs_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_home_dirs_user_list:var:1" comment="User Accounts" datatype="int" version="1">
      <object_component item_field="user_id" object_ref="oval:ssg-object_file_owner_home_dirs_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_home_dirs_path_list:var:1" comment="User Accounts" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_owner_home_dirs_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_home_files_group_list:var:1" comment="User Accounts" datatype="int" version="1">
      <object_component item_field="user_id" object_ref="oval:ssg-object_file_owner_home_files_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_home_files_path_list:var:1" comment="User Home Directories" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_owner_home_files_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_ldap_cacerts_list:var:1" comment="LDAP TLS CA cert" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_ldap_cacerts_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_ldap_certs_list:var:1" comment="LDAP TLS cert" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_ldap_certs_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_ldap_keys_list:var:1" comment="LDAP TLS key" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_ldap_keys_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_local_initialization_files_group_list_home:var:1" comment="User Accounts" datatype="int" version="1">
      <object_component item_field="user_id" object_ref="oval:ssg-object_file_owner_local_initialization_files_path_list_home:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_local_initialization_files_path_list_home:var:1" comment="User Home Directories" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_owner_local_initialization_files_path_list_home:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_local_initialization_files_path_list_root:var:1" comment="group Accounts" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_owner_local_initialization_files_path_list_root:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_shell_files_list:var:1" comment="List of files referenced in /etc/shells" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_shell_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_smtp_logs_list:var:1" comment="List of SMTP log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_owner_smtp_logs_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_owner_var_spool_at_list:var:1" comment="group Accounts" datatype="int" version="1">
      <object_component item_field="user_id" object_ref="oval:ssg-object_file_owner_var_spool_at_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_aliases_files_list:var:1" comment="List of files referenced in /etc/aliases" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_aliases_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_audit_log_list_el4:var:1" comment="List of audit log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_audit_log_list_el4:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_audit_log_list_el5:var:1" comment="List of audit log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_audit_log_list_el5:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_core_dump_dir_list:var:1" comment="Core dump directory" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_core_dump_dir_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_cron_log_files_list:var:1" comment="List of cron log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_cron_log_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_aliases_files_list:var:1" comment="List of files referenced in /etc/aliases" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_aliases_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_audit_log_list:var:1" comment="List of audit log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_audit_log_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_core_dump_dir_list:var:1" comment="Core dump directory" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_core_dump_dir_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_cron_log_files_list:var:1" comment="List of cron log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_cron_log_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_ldap_cacerts_list:var:1" comment="LDAP TLS CA cert" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_ldap_cacerts_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_ldap_certs_list:var:1" comment="LDAP TLS cert" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_ldap_certs_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_ldap_keys_list:var:1" comment="LDAP TLS key" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_ldap_keys_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_root_dir:var:1" comment="root directory" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_root_dir_var:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_shell_files_list:var:1" comment="List of files referenced in /etc/shells" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_shell_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_extended_smtp_logs_list:var:1" comment="List of SMTP log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_extended_smtp_logs_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_home_dirs_path_list:var:1" comment="User Accounts" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_permissions_home_dirs_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_home_files_path_list:var:1" comment="User Accounts" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_permissions_home_files_path_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_ldap_cacerts_list:var:1" comment="LDAP TLS CA cert" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_ldap_cacerts_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_ldap_certs_list:var:1" comment="LDAP TLS cert" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_ldap_certs_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_ldap_keys_list:var:1" comment="LDAP TLS key" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_ldap_keys_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_root_dir:var:1" comment="User Accounts" datatype="string" version="1">
      <object_component item_field="home_dir" object_ref="oval:ssg-object_file_permissions_root_dir_var:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_shell_files_list:var:1" comment="List of files referenced in /etc/shells" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_shell_files_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_smtp_logs_list:var:1" comment="List of SMTP log files" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_smtp_logs_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_file_permissions_tftp_binary_list:var:1" comment="tftpd binary" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_file_permissions_tftp_binary_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_ftp_enable_warning_banner_gssftp:var:1" comment="gssftp banner file" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_ftp_enable_warning_banner_gssftp_list:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-var_ftp_enable_warning_banner_vsftpd:var:1" comment="vsftpd banner file" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_ftp_enable_warning_banner_vsftpd_list:obj:1"/>
    </local_variable>
    <external_variable comment="warning banner text variable" datatype="string" id="oval:ssg-ftp_login_banner_text:var:1" version="1"/>
    <external_variable comment="inactivity timeout variable" datatype="int" id="oval:ssg-inactivity_timeout_value:var:1" version="1"/>
    <local_variable id="oval:ssg-file_permissions_unowned_userid_list:var:1" comment="List of valid user ids" datatype="int" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-file_permissions_unowned_userid_list_object:obj:1"/>
    </local_variable>
    <external_variable comment="External variable: name of selinux policy in /etc/selinux/config" datatype="string" id="oval:ssg-var_selinux_policy_name:var:1" version="1"/>
    <local_variable id="oval:ssg-var_shells_file_references:var:1" comment="login shells" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_shells_file_references_var:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-variable_count_of_all_usernames_from_etc_passwd:var:1" datatype="int" version="1" comment="Count of all username rows retrieved from /etc/passwd (including duplicates if any)">
      <count>
        <object_component item_field="subexpression" object_ref="oval:ssg-object_etc_passwd_content:obj:1"/>
      </count>
    </local_variable>
    <local_variable id="oval:ssg-variable_count_of_unique_usernames_from_etc_passwd:var:1" datatype="int" version="1" comment="Count of unique username rows retrieved from /etc/passwd">
      <count>
        <unique>
          <object_component item_field="subexpression" object_ref="oval:ssg-object_etc_passwd_content:obj:1"/>
        </unique>
      </count>
    </local_variable>
    <local_variable id="oval:ssg-variable_last_pass_min_len_instance_value:var:1" datatype="int" comment="The value of last PASS_MIN_LEN directive in /etc/login.defs" version="1">
      <regex_capture pattern="PASS_MIN_LEN\s+(\d+)">
        <object_component item_field="subexpression" object_ref="oval:ssg-object_last_pass_min_len_from_etc_login_defs:obj:1"/>
      </regex_capture>
    </local_variable>
    <external_variable comment="Password minimum length" datatype="int" id="oval:ssg-var_accounts_password_minlen_login_defs:var:1" version="1"/>
    <external_variable comment="External variable for pam_pwquality retry" datatype="int" id="oval:ssg-var_password_pam_retry:var:1" version="1"/>
    <local_variable id="oval:ssg-variable_last_pass_warn_age_instance_value:var:1" datatype="int" comment="The value of last PASS_WARN_AGE directive in /etc/login.defs" version="1">
      <regex_capture pattern="PASS_WARN_AGE\s+(\d+)">
        <object_component item_field="subexpression" object_ref="oval:ssg-object_last_pass_warn_age_from_etc_login_defs:obj:1"/>
      </regex_capture>
    </local_variable>
    <external_variable comment="password expiration warning age in days" datatype="int" id="oval:ssg-var_accounts_password_warn_age_login_defs:var:1" version="1"/>
    <external_variable id="oval:ssg-var_accounts_passwords_pam_faillock_deny:var:1" datatype="int" comment="number of failed login attempts allowed" version="1"/>
    <external_variable comment="number of failed login attempts allowed" datatype="int" id="oval:ssg-var_accounts_passwords_pam_faillock_fail_interval:var:1" version="2"/>
    <external_variable comment="number of failed login attempts allowed" datatype="int" id="oval:ssg-var_accounts_passwords_pam_faillock_unlock_time:var:1" version="2"/>
    <external_variable comment="external variable for TMOUT" datatype="int" id="oval:ssg-var_accounts_tmout:var:1" version="1"/>
    <local_variable id="oval:ssg-var_first_digit_of_umask_from_etc_bashrc:var:1" comment="First octal digit of umask from /etc/bashrc" datatype="int" version="1">
      <substring substring_start="1" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_bashrc:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_second_digit_of_umask_from_etc_bashrc:var:1" comment="Second octal digit of umask from /etc/bashrc" datatype="int" version="1">
      <substring substring_start="2" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_bashrc:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_third_digit_of_umask_from_etc_bashrc:var:1" comment="Third octal digit of umask from /etc/bashrc" datatype="int" version="1">
      <substring substring_start="3" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_bashrc:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_etc_bashrc_umask_as_number:var:1" comment="/etc/bashrc umask converted from string to a number" datatype="int" version="1">
      <arithmetic arithmetic_operation="add">
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">64</literal_component>
          <variable_component var_ref="oval:ssg-var_first_digit_of_umask_from_etc_bashrc:var:1"/>
        </arithmetic>
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">8</literal_component>
          <variable_component var_ref="oval:ssg-var_second_digit_of_umask_from_etc_bashrc:var:1"/>
        </arithmetic>
        <variable_component var_ref="oval:ssg-var_third_digit_of_umask_from_etc_bashrc:var:1"/>
      </arithmetic>
    </local_variable>
    <external_variable id="oval:ssg-var_accounts_user_umask_umask_as_number:var:1" comment="Required umask converted from string to octal number" datatype="int" version="1"/>
    <local_variable id="oval:ssg-var_first_digit_of_umask_from_etc_csh_cshrc:var:1" comment="First octal digit of umask from /etc/csh.cshrc" datatype="int" version="1">
      <substring substring_start="1" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_csh_cshrc:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_second_digit_of_umask_from_etc_csh_cshrc:var:1" comment="Second octal digit of umask from /etc/csh.cshrc" datatype="int" version="1">
      <substring substring_start="2" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_csh_cshrc:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_third_digit_of_umask_from_etc_csh_cshrc:var:1" comment="Third octal digit of umask from /etc/csh.cshrc" datatype="int" version="1">
      <substring substring_start="3" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_csh_cshrc:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_etc_csh_cshrc_umask_as_number:var:1" comment="/etc/csh.cshrc umask converted from string to a number" datatype="int" version="1">
      <arithmetic arithmetic_operation="add">
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">64</literal_component>
          <variable_component var_ref="oval:ssg-var_first_digit_of_umask_from_etc_csh_cshrc:var:1"/>
        </arithmetic>
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">8</literal_component>
          <variable_component var_ref="oval:ssg-var_second_digit_of_umask_from_etc_csh_cshrc:var:1"/>
        </arithmetic>
        <variable_component var_ref="oval:ssg-var_third_digit_of_umask_from_etc_csh_cshrc:var:1"/>
      </arithmetic>
    </local_variable>
    <local_variable id="oval:ssg-var_first_digit_of_umask_from_etc_login_defs:var:1" comment="First octal digit of umask from /etc/login.defs" datatype="int" version="1">
      <substring substring_start="1" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_login_defs:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_second_digit_of_umask_from_etc_login_defs:var:1" comment="Second octal digit of umask from /etc/login.defs" datatype="int" version="1">
      <substring substring_start="2" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_login_defs:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_third_digit_of_umask_from_etc_login_defs:var:1" comment="Third octal digit of umask from /etc/login.defs" datatype="int" version="1">
      <substring substring_start="3" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_login_defs:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_etc_login_defs_umask_as_number:var:1" comment="/etc/login.defs umask converted from string to a number" datatype="int" version="1">
      <arithmetic arithmetic_operation="add">
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">64</literal_component>
          <variable_component var_ref="oval:ssg-var_first_digit_of_umask_from_etc_login_defs:var:1"/>
        </arithmetic>
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">8</literal_component>
          <variable_component var_ref="oval:ssg-var_second_digit_of_umask_from_etc_login_defs:var:1"/>
        </arithmetic>
        <variable_component var_ref="oval:ssg-var_third_digit_of_umask_from_etc_login_defs:var:1"/>
      </arithmetic>
    </local_variable>
    <local_variable id="oval:ssg-var_first_digit_of_umask_from_etc_profile:var:1" comment="First octal digit of umask from /etc/profile" datatype="int" version="1">
      <substring substring_start="1" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_profile:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_second_digit_of_umask_from_etc_profile:var:1" comment="Second octal digit of umask from /etc/profile" datatype="int" version="1">
      <substring substring_start="2" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_profile:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_third_digit_of_umask_from_etc_profile:var:1" comment="Third octal digit of umask from /etc/profile" datatype="int" version="1">
      <substring substring_start="3" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_profile:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_etc_profile_umask_as_number:var:1" comment="/etc/profile umask converted from string to a number" datatype="int" version="1">
      <arithmetic arithmetic_operation="add">
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">64</literal_component>
          <variable_component var_ref="oval:ssg-var_first_digit_of_umask_from_etc_profile:var:1"/>
        </arithmetic>
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">8</literal_component>
          <variable_component var_ref="oval:ssg-var_second_digit_of_umask_from_etc_profile:var:1"/>
        </arithmetic>
        <variable_component var_ref="oval:ssg-var_third_digit_of_umask_from_etc_profile:var:1"/>
      </arithmetic>
    </local_variable>
    <local_variable id="oval:ssg-variable_aide_build_new_database_absolute_path:var:1" datatype="string" comment="Absolute path of Aide build database file" version="1">
      <concat>
        <object_component object_ref="oval:ssg-object_aide_build_database_dirpath:obj:1" item_field="subexpression"/>
        <literal_component>/</literal_component>
        <object_component object_ref="oval:ssg-object_aide_build_new_database_filename:obj:1" item_field="subexpression"/>
      </concat>
    </local_variable>
    <local_variable id="oval:ssg-variable_aide_operational_database_absolute_path:var:1" datatype="string" comment="Absolute path of Aide build database file" version="1">
      <concat>
        <object_component object_ref="oval:ssg-object_aide_build_database_dirpath:obj:1" item_field="subexpression"/>
        <literal_component>/</literal_component>
        <object_component object_ref="oval:ssg-object_aide_operational_database_filename:obj:1" item_field="subexpression"/>
      </concat>
    </local_variable>
    <external_variable comment="audit action_mail_acct setting" datatype="string" id="oval:ssg-var_auditd_action_mail_acct:var:1" version="1"/>
    <external_variable comment="audit admin_space_left_action setting" datatype="string" id="oval:ssg-var_auditd_admin_space_left_action:var:1" version="1"/>
    <external_variable comment="audit flush setting" datatype="string" id="oval:ssg-var_auditd_flush:var:1" version="1"/>
    <external_variable comment="audit max_log_file settting" datatype="int" id="oval:ssg-var_auditd_max_log_file:var:1" version="1"/>
    <external_variable comment="audit max_log_file_action setting" datatype="string" id="oval:ssg-var_auditd_max_log_file_action:var:1" version="1"/>
    <external_variable comment="audit num_logs settting" datatype="int" id="oval:ssg-var_auditd_num_logs:var:1" version="1"/>
    <external_variable comment="audit space_left_action setting" datatype="string" id="oval:ssg-var_auditd_space_left_action:var:1" version="2"/>
    <local_variable id="oval:ssg-variable_file_permissions_ungroupowned:var:1" datatype="int" version="1" comment="all GIDs on the target system">
      <object_component object_ref="oval:ssg-etc_group_object:obj:1" item_field="subexpression"/>
    </local_variable>
    <local_variable id="oval:ssg-var_gid_passwd_group_same:var:1" comment="GIDs from /etc/group" datatype="string" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_gid_passwd_group_same_var:obj:1"/>
    </local_variable>
    <constant_variable id="oval:ssg-variable_cd_dvd_drive_alternative_names:var:1" datatype="string" comment="CD/DVD drive alternative names whitelist" version="1">
      <value>/dev/cdrom</value>
      <value>/dev/dvd</value>
      <value>/dev/scd0</value>
      <value>/dev/sr0</value>
    </constant_variable>
    <local_variable id="oval:ssg-variable_cd_dvd_drive_regex_pattern:var:1" datatype="string" comment="Regular expression pattern for CD / DVD drive alternative names" version="1">
      <concat>
        <literal_component>^[\s]*</literal_component>
        <variable_component var_ref="oval:ssg-variable_cd_dvd_drive_alternative_names:var:1"/>
        <!-- Capture the mount options field (4-th column of /etc/fstab) -->
        <literal_component>[\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$</literal_component>
      </concat>
    </local_variable>
    <local_variable id="oval:ssg-variable_not_cd_dvd_drive_regex_pattern:var:1" datatype="string" comment="Regular expression pattern for removable block special device other than CD / DVD drive" version="1">
      <concat>
        <literal_component>^[\s]*</literal_component>
        <variable_component var_ref="oval:ssg-var_removable_partition:var:1"/>
        <!-- Capture the mount options field (4-th column of /etc/fstab) -->
        <literal_component>[\s]+[/\w]+[\s]+[\w]+[\s]+([^\s]+)(?:[\s]+[\d]+){2}$</literal_component>
      </concat>
    </local_variable>
    <external_variable comment="removable partition" datatype="string" id="oval:ssg-var_removable_partition:var:1" version="1"/>
    <local_variable id="oval:ssg-variable_sys_uids_etc_passwd:var:1" datatype="int" comment="UIDs retrieved from /etc/passwd" version="1">
      <object_component item_field="subexpression" object_ref="oval:ssg-object_etc_passwd_entries:obj:1"/>
    </local_variable>
    <local_variable id="oval:ssg-variable_uid_min_value:var:1" datatype="int" comment="Value of last UID_MIN from /etc/login.defs" version="1">
      <regex_capture pattern="UID_MIN[\s]+(\d+)">
        <object_component item_field="subexpression" object_ref="oval:ssg-object_last_uid_min_from_etc_login_defs:obj:1"/>
      </regex_capture>
    </local_variable>
    <local_variable id="oval:ssg-variable_default_range_quad_expr:var:1" datatype="int" comment="Construct (x - 0) * (x - (UID_MIN - 1)) expression" version="1">
      <!-- Construct the final multiplication -->
      <arithmetic arithmetic_operation="multiply">
        <!-- Get "x", thus retrieved /etc/passwd UIDs as int -->
        <!-- (x - 0) = x => use just "x" value -->
        <variable_component var_ref="oval:ssg-variable_sys_uids_etc_passwd:var:1"/>
        <!-- Get (x - (UID_MIN -1)) result -->
        <arithmetic arithmetic_operation="add">
          <variable_component var_ref="oval:ssg-variable_sys_uids_etc_passwd:var:1"/>
          <!-- Get -1 * (UID_MIN - 1) result -->
          <arithmetic arithmetic_operation="multiply">
            <literal_component datatype="int">-1</literal_component>
            <!-- Get (UID_MIN -1) result -->
            <arithmetic arithmetic_operation="add">
              <!-- Get "x", thus retrieved /etc/passwd UIDs as int -->
              <variable_component var_ref="oval:ssg-variable_uid_min_value:var:1"/>
              <literal_component datatype="int">-1</literal_component>
            </arithmetic>
          </arithmetic>
        </arithmetic>
      </arithmetic>
    </local_variable>
    <local_variable id="oval:ssg-variable_sys_uid_min_value:var:1" datatype="int" comment="Value of last SYS_UID_MIN from /etc/login.defs" version="1">
      <regex_capture pattern="SYS_UID_MIN[\s]+(\d+)">
        <object_component item_field="subexpression" object_ref="oval:ssg-object_last_sys_uid_min_from_etc_login_defs:obj:1"/>
      </regex_capture>
    </local_variable>
    <local_variable id="oval:ssg-variable_sys_uid_max_value:var:1" datatype="int" comment="Value of last SYS_UID_MAX from /etc/login.defs" version="1">
      <regex_capture pattern="SYS_UID_MAX[\s]+(\d+)">
        <object_component item_field="subexpression" object_ref="oval:ssg-object_last_sys_uid_max_from_etc_login_defs:obj:1"/>
      </regex_capture>
    </local_variable>
    <local_variable id="oval:ssg-variable_reserved_range_quad_expr:var:1" datatype="int" comment="Construct (x - 0) * (x - SYS_UID_MIN) expression" version="1">
      <!-- Construct the final multiplication -->
      <arithmetic arithmetic_operation="multiply">
        <!-- Get "x", thus retrieved /etc/passwd UIDs as int -->
        <!-- (x - 0) = x => use just "x" value -->
        <variable_component var_ref="oval:ssg-variable_sys_uids_etc_passwd:var:1"/>
        <!-- Construct (x - SYS_UID_MIN) expression -->
        <arithmetic arithmetic_operation="add">
          <!-- Get "x", thus retrieved /etc/passwd UIDs as int -->
          <variable_component var_ref="oval:ssg-variable_sys_uids_etc_passwd:var:1"/>
          <!-- Get negative value of SYS_UID_MIN -->
          <arithmetic arithmetic_operation="multiply">
            <literal_component datatype="int">-1</literal_component>
            <variable_component var_ref="oval:ssg-variable_sys_uid_min_value:var:1"/>
          </arithmetic>
        </arithmetic>
      </arithmetic>
    </local_variable>
    <local_variable id="oval:ssg-variable_dynalloc_range_quad_expr:var:1" datatype="int" comment="Construct (x - SYS_UID_MIN) * (x - SYS_UID_MAX) expression" version="1">
      <!-- Construct the final multiplication -->
      <arithmetic arithmetic_operation="multiply">
        <!-- Construct (x - SYS_UID_MIN) expression -->
        <arithmetic arithmetic_operation="add">
          <!-- Get "x", thus retrieved /etc/passwd UIDs as int -->
          <variable_component var_ref="oval:ssg-variable_sys_uids_etc_passwd:var:1"/>
          <!-- Get negative value of SYS_UID_MIN -->
          <arithmetic arithmetic_operation="multiply">
            <literal_component datatype="int">-1</literal_component>
            <variable_component var_ref="oval:ssg-variable_sys_uid_min_value:var:1"/>
          </arithmetic>
        </arithmetic>
        <!-- Construct (x - SYS_UID_MAX) expression -->
        <arithmetic arithmetic_operation="add">
          <!-- Get "x", thus retrieved /etc/passwd UIDs as int -->
          <variable_component var_ref="oval:ssg-variable_sys_uids_etc_passwd:var:1"/>
          <!-- Get negative value of SYS_UID_MAX -->
          <arithmetic arithmetic_operation="multiply">
            <literal_component datatype="int">-1</literal_component>
            <variable_component var_ref="oval:ssg-variable_sys_uid_max_value:var:1"/>
          </arithmetic>
        </arithmetic>
      </arithmetic>
    </local_variable>
    <external_variable comment="external variable for selinux state" datatype="string" id="oval:ssg-var_selinux_state:var:1" version="1"/>
    <local_variable id="oval:ssg-variable_last_encrypt_method_instance_value:var:1" datatype="string" comment="The value of last ENCRYPT_METHOD directive in /etc/login.defs" version="1">
      <regex_capture pattern="ENCRYPT_METHOD\s+(\w+)">
        <object_component item_field="subexpression" object_ref="oval:ssg-object_last_encrypt_method_from_etc_login_defs:obj:1"/>
      </regex_capture>
    </local_variable>
    <external_variable comment="timeout value" datatype="int" id="oval:ssg-sshd_idle_timeout_value:var:1" version="1"/>
    <local_variable id="oval:ssg-var_first_digit_of_umask_from_etc_init_d_functions:var:1" comment="First octal digit of umask from /etc/init.d/functions" datatype="int" version="1">
      <substring substring_start="1" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_init_d_functions:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_second_digit_of_umask_from_etc_init_d_functions:var:1" comment="Second octal digit of umask from /etc/init.d/functions" datatype="int" version="1">
      <substring substring_start="2" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_init_d_functions:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_third_digit_of_umask_from_etc_init_d_functions:var:1" comment="Third octal digit of umask from /etc/init.d/functions" datatype="int" version="1">
      <substring substring_start="3" substring_length="1">
        <object_component item_field="subexpression" object_ref="oval:ssg-obj_umask_from_etc_init_d_functions:obj:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_etc_init_d_functions_umask_as_number:var:1" comment="/etc/init.d/functions umask converted from string to a number" datatype="int" version="1">
      <arithmetic arithmetic_operation="add">
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">64</literal_component>
          <variable_component var_ref="oval:ssg-var_first_digit_of_umask_from_etc_init_d_functions:var:1"/>
        </arithmetic>
        <arithmetic arithmetic_operation="multiply">
          <literal_component datatype="int">8</literal_component>
          <variable_component var_ref="oval:ssg-var_second_digit_of_umask_from_etc_init_d_functions:var:1"/>
        </arithmetic>
        <variable_component var_ref="oval:ssg-var_third_digit_of_umask_from_etc_init_d_functions:var:1"/>
      </arithmetic>
    </local_variable>
    <external_variable id="oval:ssg-var_umask_for_daemons_umask_as_number:var:1" comment="Required umask converted from string to octal number" datatype="int" version="1"/>
    <local_variable id="oval:ssg-var_first_digit_of_umask_from_var_accounts_user_umask:var:1" comment="First octal digit of umask from var_accounts_user_umask" datatype="int" version="1">
      <substring substring_start="1" substring_length="1">
        <variable_component var_ref="oval:ssg-var_accounts_user_umask:var:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_second_digit_of_umask_from_var_accounts_user_umask:var:1" comment="Second octal digit of umask from var_accounts_user_umask" datatype="int" version="1">
      <substring substring_start="2" substring_length="1">
        <variable_component var_ref="oval:ssg-var_accounts_user_umask:var:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_third_digit_of_umask_from_var_accounts_user_umask:var:1" comment="Third octal digit of umask from var_accounts_user_umask" datatype="int" version="1">
      <substring substring_start="3" substring_length="1">
        <variable_component var_ref="oval:ssg-var_accounts_user_umask:var:1"/>
      </substring>
    </local_variable>
    <external_variable id="oval:ssg-var_umask_for_daemons:var:1" datatype="string" version="1" comment="Value of var_umask_for_daemons (the required umask) as string"/>
    <local_variable id="oval:ssg-var_first_digit_of_umask_from_var_umask_for_daemons:var:1" comment="First octal digit of umask from var_umask_for_daemons" datatype="int" version="1">
      <substring substring_start="1" substring_length="1">
        <variable_component var_ref="oval:ssg-var_umask_for_daemons:var:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_second_digit_of_umask_from_var_umask_for_daemons:var:1" comment="Second octal digit of umask from var_umask_for_daemons" datatype="int" version="1">
      <substring substring_start="2" substring_length="1">
        <variable_component var_ref="oval:ssg-var_umask_for_daemons:var:1"/>
      </substring>
    </local_variable>
    <local_variable id="oval:ssg-var_third_digit_of_umask_from_var_umask_for_daemons:var:1" comment="Third octal digit of umask from var_umask_for_daemons" datatype="int" version="1">
      <substring substring_start="3" substring_length="1">
        <variable_component var_ref="oval:ssg-var_umask_for_daemons:var:1"/>
      </substring>
    </local_variable>
  </variables>
</oval_definitions>
ssg-nondebian 0.1.31-5 / usr / share / scap-security-guide / ssg-rhel5-oval.xml
