added 'webserver' policy

1 files changed, 67 insertions, 0 deletions

diff --git a/conf/level.webserver b/conf/level.webserver
new file mode 100644
index 0000000..11c8df9
--- /dev/null
+++ b/conf/level.webserver
@@ -0,0 +1,67 @@
+BASE_LEVEL=webserver
+ALLOW_X_CONNECTIONS=no
+CHECK_WRITABLE=daily
+ENABLE_IP_SPOOFING_PROTECTION=yes
+MAIL_EMPTY_CONTENT=no
+ACCEPT_BROADCASTED_ICMP_ECHO=yes
+CHECK_PERMS=daily
+CHECK_PERMS_ENFORCE=yes
+CHECK_SECTOOL=weekly
+CHECK_SECTOOL_LEVEL=3
+CHECK_USER_FILES=daily
+ENABLE_SUDO=wheel
+ALLOW_XSERVER_TO_LISTEN=no
+CHECK_CHKROOTKIT=daily
+SHELL_HISTORY_SIZE=-1
+ALLOW_REBOOT=yes
+CHECK_SUID_ROOT=daily
+SYSLOG_WARN=yes
+ENABLE_AT_CRONTAB=yes
+ACCEPT_BOGUS_ERROR_RESPONSES=no
+CHECK_PASSWD=daily
+PASSWORD_HISTORY=0
+CHECK_SUID_MD5=daily
+CHECK_SHOSTS=daily
+MAIL_USER=root
+ALLOW_AUTOLOGIN=no
+ENABLE_PAM_WHEEL_FOR_SU=no
+CHECK_SHADOW=daily
+ALLOW_ROOT_LOGIN=yes
+CHECK_UNOWNED=daily
+FIX_UNOWNED=yes
+CHECK_USERS=daily
+CHECK_GROUPS=daily
+ENABLE_CONSOLE_LOG=yes
+ALLOW_USER_LIST=yes
+ENABLE_DNS_SPOOFING_PROTECTION=yes
+CREATE_SERVER_LINK=remote
+ENABLE_PASSWORD=yes
+NOTIFY_WARN=no
+WIN_PARTS_UMASK=000
+CHECK_OPEN_PORT=daily
+CHECK_FIREWALL=daily
+SHELL_TIMEOUT=0
+ALLOW_REMOTE_ROOT_LOGIN=without-password
+ENABLE_LOG_STRANGE_PACKETS=yes
+USER_UMASK=022
+CHECK_RPM_PACKAGES=daily
+CHECK_RPM_INTEGRITY=monthly
+SECURE_TMP=yes
+ENABLE_SULOGIN=yes
+ENABLE_PAM_ROOT_FROM_WHEEL=no
+MAIL_WARN=yes
+ALLOW_XAUTH_FROM_ROOT=no
+CHECK_SECURITY=yes
+ACCEPT_ICMP_ECHO=yes
+PASSWORD_LENGTH=6,0,0
+AUTHORIZE_SERVICES=yes
+ROOT_UMASK=022
+ENABLE_MSEC_CRON=yes
+TTY_WARN=no
+CHECK_SGID=daily
+CHECK_PROMISC=daily
+ENABLE_STARTUP_MSEC=yes
+ENABLE_STARTUP_PERMS=yes
+ALLOW_CURDIR_IN_PATH=no
+CHECK_ON_BATTERY=no
+LOG_RETENTION=24