Symantec Enterprise Security Manager Checks Reference
Documentation Home
Symantec Enterprise Security Manager Checks Reference
Symantec ESM checks for Windows
Account Information module
About the Account Information module
Supported operating systems: Account Information
Directly assigned user rights (Windows)
Disabled accounts (Windows)
Enumerate groups on Domain Controller (Windows)
Enumerate groups on member server (Windows)
Expired accounts (Windows)
File/folder access for accounts (Windows)
File/folder access for accounts (cont'd) (Windows)
Locked out accounts (Windows)
Maximum number of administrators (Windows)
Security groups and their users (Windows)
Share permissions (Windows)
User information (Windows)
User information (cont'd) (Windows)
User rights for accounts (Windows)
Users and their security groups (Windows)
Users with administrator privilege (Windows)
Account Integrity module
About the Account Integrity module
Supported operating systems: Account Integrity
Access this computer from network (Windows)
Accounts that must be disabled (Windows)
Accounts that never expire (Windows)
Accounts without time restrictions (Windows)
Accounts without workstation restrictions (Windows)
Act as part of the operating system (Windows)
Add workstations to domain (Windows)
Adjust memory quotas for a process (Windows)
Allow log on locally (Windows)
Allow logon through Terminal Services (Windows)
Automatically update snapshots (Windows)
Back up files and directories (Windows)
Bypass traverse checking (Windows)
Change the system time (Windows)
Changed groups (Windows)
Changed users (Windows)
Create a pagefile (Windows)
Create a token object (Windows)
Create global objects (Windows)
Create permanent shared objects (Windows)
Debug programs (Windows)
Deleted groups (Windows)
Deleted users (Windows)
Deny access to this computer from the network (Windows)
Deny logon as a batch job (Windows)
Deny logon as a service (Windows)
Deny logon locally (Windows)
Deny logon through Terminal Services (Windows)
Disabled/expired/locked accounts (Windows)
Enable computer and user accounts to be trusted for delegation (Windows)
Forbidden groups (Windows)
Force shutdown from a remote system (Windows)
Full/Display name and description required (Windows)
Generate security audits (Windows)
Group member watch (Windows)
Groups guest belongs to (Windows)
Impersonate a client after authentication (Windows)
Increase scheduling priority (Windows)
Load and unload device drivers (Windows)
Lock pages in memory (Windows)
Log on as a batch job (Windows)
Log on as a service (Windows)
Manage auditing and security log (Windows)
Maximum reported messages (Windows)
Modify firmware environment values (Windows)
New groups (Windows)
New users (Windows)
Perform volume maintenance tasks (Windows)
Profile single process (Windows)
Profile system performance (Windows)
Remove computer from docking station (Windows)
Rename administrator account (Windows)
Rename guest account (Windows)
Replace a process level token (Windows)
Report excessive number of accounts (Windows)
Restore files and directories (Windows)
ScreenSaver Timeout (Windows)
ScreenSaver password protected (Windows)
Shut down the system (Windows)
Synchronize directory service data (Windows)
Take ownership of files or other objects (Windows)
User rights checks (Windows)
Users to check (Windows)
Active Directory module
About the Active Directory module
Supported operating systems: Active Directory
Computers with applied GPOs (Windows)
Computers without applied GPOs (Windows)
DCOM Machine Restriction (Windows)
Enforce user logon restrictions (Windows)
Maximum lifetime for service ticket (Windows)
Maximum lifetime for user ticket (Windows)
Maximum lifetime for user ticket renewal (Windows)
Maximum tolerance for computer clock synchronization (Windows)
Security groups with applied GPOs (Windows)
Security groups without applied GPOs (Windows)
Security options (Windows)
Users with applied GPOs (Windows)
Users without applied GPOs (Windows)
Agent Information module
About the Agent Information module
Supported operating systems: Agent Information
Agent Version (Windows)
Agent name (Windows)
CPU Information (Windows)
DNS Setting (Windows)
ESM Application Modules (Windows)
OS Information (Windows)
Registered to Manager (Windows)
SU Version (Windows)
Backup Integrity module
About the Backup Integrity module
Supported operating systems: Backup Integrity
Backup Exec backup frequency (Windows)
Backup Exec last backup status (Windows)
Backup Exec version (Windows)
Backups needed (Windows)
Folders excluded (Windows)
Discovery module
About the Discovery module
Supported operating systems: Discovery
Profile candidate devices (Windows and UNIX)
Profile timeout (Windows and UNIX)
Report if found (Windows and UNIX)
Scan non-responding addresses (Windows and UNIX)
Symantec ESM device status (Windows and UNIX)
Symantec Intruder Alert device status (Windows and UNIX)
Targets (Windows and UNIX)
Disk Quota module
About the Disk Quota module
Supported operating systems: Disk Quota
User exceeds quota (Windows)
User exceeds warning (Windows)
User quota not enforced (Windows)
Volume quota disabled (Windows)
Volume quota enforced (Windows)
Volume quota exceeds limit (Windows)
Volume quota not enforced (Windows)
Volume quota not logged (Windows)
Volume quota not supported (Windows)
Volume warning exceeds limit (Windows)
Volume warning not logged (Windows)
Encrypted File System module
About the Encrypted File System module
Supported operating systems: Encrypted File System
EFS not supported (Windows)
File recovery agents not authorized (Windows)
Files can be decrypted by others (Windows)
Percentage of encrypted files (Windows)
File Attributes module
About the File Attributes module
Supported operating systems: File Attributes
Allow any privileged account (Windows)
Auditing ACL (Windows)
Automatically update snapshots (Windows)
Changed file (signature) (Windows)
Changed file (size) (Windows)
Changed file (times) (Windows)
Display fully qualified names in Name field (Windows)
Do not notify if User/Group in ACL is not on system (Windows)
Do not notify if file permissions are increased in security (Windows)
Event Log Info (Windows)
File ACL (Windows)
File and folder attributes (Windows)
File and folder ownership (Windows)
File and folder permissions (Windows)
Files giving all users Full Control (Windows)
Hidden files and folders (Windows)
Keywords list (Windows)
Maximum reported messages (Windows)
Template file list (Windows)
File Find module
About the File Find module
Supported operating systems: File Find
Filefind Keywords list (Windows)
Maximum reported messages (Windows)
Windows file content search (Windows)
File System Entitlement module
About the File System Entitlement module
Supported operating systems: File System Entitlement
Alternate Domain Controllers (Windows)
Entitlement folders and shares (Windows)
Exceptions only (Windows)
List Shares (Windows)
Maximum reported messages (Windows)
Preload User Information (Windows)
Prevent group expansion (Windows)
Report alternate path perms (Windows)
Report alternate share paths (Windows)
System information (Windows)
User and group information (Windows)
Users to report (Windows)
File Watch module
About the File Watch module
Supported operating systems: File Watch
Automatically update snapshots (Windows)
Changed files (ownership) (Windows)
Changed files (signature) (Windows)
Event Log Info (Windows)
Files/folders to watch (Windows)
Ignore Directories (Windows)
Invalid signature (Windows)
Keywords list (Windows)
Malicious files (Windows)
New files (Windows)
Removed files (Windows)
Group Policy module
About the Group Policy module
Supported operating systems: Group Policy
Account Policies - Account Lockout Policy (Windows)
Account Policies - Kerberos Policy (Windows)
Account Policies - Password Policy (Windows)
Event Log (Windows)
File System (Windows)
Local Policies - Audit Policy (Windows)
Local Policies - Security Options (Windows)
Local Policies - User Rights Assignment (Windows)
Registry (Windows)
Restricted Groups (Windows)
System Services (Windows)
Integrated Command Engine module
About the Integrated Command Engine module
Supported operating systems: Integrated Command Engine
Check Return Code (Windows and UNIX)
Command Engine templates (Windows and UNIX)
Copy Scripts (Windows and UNIX)
Display messages in order (Windows and UNIX)
Failed messages (Windows and UNIX)
Information messages (Windows and UNIX)
Not applicable messages (Windows and UNIX)
Not available messages (Windows and UNIX)
Overwrite Scripts (Windows and UNIX)
Passed messages (Windows and UNIX)
Redirect Stderr to Stdout (Windows and UNIX)
Report All Stderr messages (Windows and UNIX)
Script missing messages (Windows and UNIX)
Unmapped messages (Windows and UNIX)
User 1/0 messages (Windows and UNIX)
User 1/1 messages (Windows and UNIX)
User 1/2 messages (Windows and UNIX)
User 1/3 messages (Windows and UNIX)
User 1/4 messages (Windows and UNIX)
User 2/0 messages (Windows and UNIX)
User 2/1 messages (Windows and UNIX)
User 2/2 messages (Windows and UNIX)
User 2/3 messages (Windows and UNIX)
User 2/4 messages (Windows and UNIX)
User 3/0 messages (Windows and UNIX)
User 3/1 messages (Windows and UNIX)
User 3/2 messages (Windows and UNIX)
User 3/3 messages (Windows and UNIX)
User 3/4 messages (Windows and UNIX)
Login Parameters module
About the Login Parameters module
Supported operating systems: Login Parameters
Account lockout duration (Windows)
Account lockout threshold (Windows)
Autologon disabled (Windows)
Bad logon counter reset (Windows)
Display fully qualified names (Windows)
Expired logon hours disconnect (Windows)
Inactive accounts (Windows)
Inactive accounts timeout (Windows)
Inactive accounts with unchanged passwords (Windows)
Last user name hidden (Windows)
Legal notice (Windows)
Maximum reported messages (Windows)
Shutdown without logon (Windows)
Network Integrity module
About the Network Integrity module
Supported operating systems: Network Integrity
Anonymous LanMan access disabled (Windows)
Anonymous SID/name translation (Windows)
Authorized ICF/ICS exposed services (Windows)
Automatically update snapshots (Windows)
Deleted listening TCP ports (Windows)
Deleted listening UDP ports (Windows)
Deleted network shares (Windows)
File security more restrictive than share security (Windows)
Hidden shares (Windows)
ICMP messages (Windows)
IP Security Policies (Windows)
IPv6 Protocol (Windows)
Internet Connection Firewall (Windows)
Internet Connection Sharing (Windows)
Listening TCP ports (Windows)
Listening UDP ports (Windows)
Local groups (Windows)
Modified network shares (Windows)
NetBIOS info via SNMP (Windows)
New listening TCP ports (Windows)
New listening UDP ports (Windows)
New network shares (Windows)
Permitted IP protocols (Windows)
Permitted TCP ports (Windows)
Permitted UDP ports (Windows)
Plain text authentication (Windows)
Prohibited shared folders (Windows)
RRAS NetBIOS gateway disabled (Windows)
RRAS enabled (Windows)
RRAS requires account callbacks (Windows)
RRAS requires preset number for callback (Windows)
Share permissions (Windows)
Shared folders (Windows)
Shared folders granting access to all users (Windows)
Shared printers (Windows)
Trusted domains (Windows)
OS Patches module
About the OS Patches module
Supported operating systems: OS Patches
Comparisons: (Windows)
Disable module (Windows)
File dates (Windows)
File versions (Windows)
Installed patches (Windows)
Patch Keywords templates (Windows)
Patch not installed and process not running (Windows)
Patch results summary (Windows)
Patch templates (Windows)
Registry keys (Windows)
Relaxed (Windows)
Strict (Windows)
Superseded (Windows)
Object Integrity module
About the Object Integrity module
Supported operating systems: Object Integrity
Local accounts (Windows)
Volumes without ACL control (Windows)
Password Strength module
Supported operating systems: Password Strength
Accounts without passwords (Windows)
Display name as distinguished name (Windows)
Double occurrences (Windows)
Hide guessed password details (Windows)
MD4 hashes (Windows)
Maximum password age (Windows)
Maximum reported messages (Windows)
Minimum password age (Windows)
Minimum password length (Windows)
Password = any username (Windows)
Password = username (Windows)
Password = wordlist word (Windows)
Password changes (Windows)
Password must expire (Windows)
Password stored using reversible encryption (Windows)
Password uniqueness (Windows)
Passwords must meet complexity requirements (Windows)
Plural (Windows)
Prefix (Windows)
Reverse order (Windows)
Reversible Encryption - Windows Policy Only (Windows)
Suffix (Windows)
Syskey encryption (Windows)
Users to check (Windows)
Registry module
About the Registry module
Supported operating systems: Registry
Allow any privileged account (Windows)
Auditing permissions (Windows)
Automatically update snapshots (Windows)
Changed key (time) (Windows)
Changed value (signature) (Windows)
Changed value (size) (Windows)
Do not notify if key permissions are increased in security (Windows)
Key and value existence (Windows)
Key ownership (Windows)
Key permissions (Windows)
Template file list (Windows)
Startup Files module
About the Startup Files module
Supported operating systems: Startup Files
Automatically update snapshots (Windows)
Changed services (Windows)
Contents of Run keys (Windows)
Data Execution Prevention (Hardware) (Windows)
Data Execution Prevention (Software) (Windows)
Deleted services (Windows)
Disallowed services (Windows)
Disallowed services cont. (Windows)
Filter disallowed services not running (Windows)
Installed services (Windows)
Maximum reported messages (Windows)
New services (Windows)
Remote Procedure Call (RPC) Disabled (Windows)
Remote registry access (Windows)
Remote registry access (non-Administrators) (Windows)
Required services (Windows)
Services Security Options (Windows)
Services using specified user accounts to run (Windows)
Services using system account to run (Windows)
Unknown services (Windows)
Symantec Product Info module
About the Symantec Product Info module
Supported operating systems: Symantec Product Info
Abnormal termination (Windows)
Blank screen after connection (Windows)
Block failed IP (Windows)
Callers (Windows)
Case Sensitive Passwords (Windows)
Disconnect if inactive (Windows)
Disconnect on timeout (Windows)
Either Symantec AntiVirus CE or Norton AntiVirus (Windows)
Encryption algorithm (Windows)
Encryption level (Windows)
Event log enabled (Windows)
Events to log (Windows)
File System Auto-Protected (Windows)
Hosts to check (Windows)
Keyboard/Mouse on host (Windows)
Keyboard/Mouse on remote (Windows)
LiveUpdate frequency (Windows)
LiveUpdate frequency (Windows)
Log generation enabled (Windows)
Login timeout (Windows)
Maximum Virus Definition File age (Windows)
Maximum Virus Definition File age (Windows)
Maximum login attempts (Windows)
Minimum version (Windows)
Minimum version (Windows)
Minimum version (Windows)
Normal termination (Windows)
Norton AntiVirus (Windows)
Password required to execute (Windows)
Password required to modify (Windows)
Password required to view (Windows)
Prompt to confirm connection (Windows)
Record event log locally (Windows)
Record event log on server (Windows)
Record log locally (Windows)
Record log on server (Windows)
Remotes w/ different algorithm (Windows)
Remotes with lower encryption (Windows)
SNMP traps enabled (Windows)
Scan frequency (Windows)
Scan frequency (Windows)
Secure abnormal termination (Windows)
Secure after connection (Windows)
Secure normal termination (Windows)
Symantec AntiVirus Corporate Edition (Windows)
Symantec pcAnywhere (Windows)
System Auditing module
About the System Auditing module
Supported operating systems: System Auditing
Application event log size (Windows)
Application events do not overwrite Application log (Windows)
Archive Application events log when full (Windows)
Archive Security event log when full (Windows)
Archive System event log when full (Windows)
Days until Application events are overwritten (Windows)
Days until security events are overwritten (Windows)
Days until system events are overwritten (Windows)
Guest access to event logs (Windows)
Security event log size (Windows)
Security events do not overwrite security log (Windows)
Security events failure auditing (Windows)
Security events success auditing (Windows)
System event log size (Windows)
System events do not overwrite system log (Windows)
System halts when security log full (Windows)
Symantec ESM checks for UNIX
Account Integrity module
About the Account Integrity module
Accounts can be locked (UNIX)
Accounts should be disabled (UNIX)
Automatically update snapshots (UNIX)
Changed accounts (UNIX)
Changed groups (UNIX)
Deleted accounts (UNIX)
Deleted groups (UNIX)
Disabled accounts (UNIX)
Disallowed home directory (UNIX)
Disallowed home directory (cont'd) (UNIX)
Duplicate IDs (UNIX)
Excessive number of accounts (UNIX)
General information field required (UNIX)
Group IDs (UNIX)
Home directories (UNIX)
Home directory permissions (UNIX)
Illegal login shells (UNIX)
List of users (UNIX)
Local accounts/groups only (UNIX)
Local disks only (UNIX)
Login shell owners (UNIX)
Login shell permissions (UNIX)
Maximum reported messages (UNIX)
New accounts (UNIX)
New groups (UNIX)
Non-executable login shells (UNIX)
Nonexistent login shells (UNIX)
Options always checked for all accounts and groups: (UNIX)
Password in /etc/passwd (UNIX)
Remote-only accounts (UNIX)
Report RBAC attributes not in template (UNIX)
Reserved GID ranges (UNIX)
Reserved UID/GID (UNIX)
Reserved UID ranges (UNIX)
Role based access (UNIX)
Role based access (cont'd) (UNIX)
Setgid login shells (UNIX)
Setuid login shells (UNIX)
User shell compliance (UNIX)
Users to check (UNIX)
/etc/passwd syntax (UNIX)
Agent Information module
About the Agent Information module
Agent Version (UNIX)
Agent name (UNIX)
CPU Information (UNIX)
DNS Setting (UNIX)
ESM Application Modules (UNIX)
OS Information (UNIX)
Registered to Manager (UNIX)
SU Version (UNIX)
Discovery module
About the Discovery module
Profile candidate devices (Windows and UNIX)
Profile timeout (Windows and UNIX)
Report if found (Windows and UNIX)
Scan non-responding addresses (Windows and UNIX)
Symantec ESM device status (Windows and UNIX)
Symantec Intruder Alert device status (Windows and UNIX)
Targets (Windows and UNIX)
File Access module
About the File Access module
Execute permission (UNIX)
Files to check (UNIX)
Read permission (UNIX)
Users to check (UNIX)
Write permission (UNIX)
File Attributes module
About the File Attributes module
Running CRC and MD5 signature checks on UNIX directories
Allow any privileged group (UNIX)
Allow any privileged user (UNIX)
Audit Log Info (UNIX)
Automatically update snapshots (UNIX)
Changed files (change time) (UNIX)
Changed files (modification time) (UNIX)
Changed files (signature) (UNIX)
Changed files (size) (UNIX)
Detect Extended attributes (UNIX)
Exclude decreased permissions (UNIX)
Files not listed in template (UNIX)
Group ownership (UNIX)
Ignore symbolic links (UNIX)
Keywords list (UNIX)
Local disks only (UNIX)
Maximum reported messages (UNIX)
NFS exported files (UNIX)
Permissions (UNIX)
Template files (UNIX)
User ownership (UNIX)
File Find module
About the File Find module
Automatically update snapshots (UNIX)
Device files not in /dev (UNIX)
Directories/files/types excluded (UNIX)
File content search (UNIX)
Global zone only (UNIX)
Group owners disallowed (UNIX)
Group writable files (UNIX)
Ignore symbolic links (UNIX)
Local disks only (UNIX)
Maximum reported messages (UNIX)
New setgid files (UNIX)
New setuid files (UNIX)
Owners disallowed (UNIX)
SUID/GUID shell escape files (UNIX)
Setgid executable files (UNIX)
Setgid files (UNIX)
Setuid executable files (UNIX)
Setuid files (UNIX)
Starting directories (UNIX)
Sticky files (UNIX)
Symbolic links with bad targets (UNIX)
Uneven file permissions (UNIX)
Unowned directories/files (UNIX)
Unprintable characters in file names (UNIX)
World writable directories without sticky bit (UNIX)
World writable files (UNIX)
File Watch module
About the File Watch module
Audit Log Info (UNIX)
Automatically update snapshots (UNIX)
Changed files (ownership) (UNIX)
Changed files (permissions) (UNIX)
Changed files (signature) (UNIX)
Files/directories to watch (UNIX)
Filter changed device ownership/permissions (UNIX)
Ignore Directories (UNIX)
Invalid signature (UNIX)
Keywords list (UNIX)
Local disks only (UNIX)
Malicious files (UNIX)
New files (UNIX)
Removed files (UNIX)
Integrated Command Engine module
About the Integrated Command Engine module
Check Return Code (Windows and UNIX)
Command Engine templates (Windows and UNIX)
Copy Scripts (Windows and UNIX)
Display messages in order (Windows and UNIX)
Failed messages (Windows and UNIX)
Information messages (Windows and UNIX)
Not applicable messages (Windows and UNIX)
Not available messages (Windows and UNIX)
Overwrite Scripts (Windows and UNIX)
Passed messages (Windows and UNIX)
Redirect Stderr to Stdout (Windows and UNIX)
Report All Stderr messages (Windows and UNIX)
Script missing messages (Windows and UNIX)
Unmapped messages (Windows and UNIX)
User 1/0 messages (Windows and UNIX)
User 1/1 messages (Windows and UNIX)
User 1/2 messages (Windows and UNIX)
User 1/3 messages (Windows and UNIX)
User 1/4 messages (Windows and UNIX)
User 2/0 messages (Windows and UNIX)
User 2/1 messages (Windows and UNIX)
User 2/2 messages (Windows and UNIX)
User 2/3 messages (Windows and UNIX)
User 2/4 messages (Windows and UNIX)
User 3/0 messages (Windows and UNIX)
User 3/1 messages (Windows and UNIX)
User 3/2 messages (Windows and UNIX)
User 3/3 messages (Windows and UNIX)
User 3/4 messages (Windows and UNIX)
Login Parameters module
About the Login Parameters module
Devices with failed logins (UNIX)
Devices with no user restrictions (UNIX)
Excessive failed logins for users (UNIX)
Excessive failed logins on agent (UNIX)
Excessive failed su attempts for users (UNIX)
Excessive successful su attempts for users (UNIX)
Inactive accounts (UNIX)
Inactive accounts with unchanged passwords (UNIX)
Local accounts/groups only (UNIX)
Local disks only (UNIX)
Locked accounts (UNIX)
Login failures (UNIX)
Login retries (UNIX)
Maximum reported messages (UNIX)
Password changes failed (UNIX)
Password expired (UNIX)
Remote root logins (UNIX)
Report all inactive account instances (UNIX)
Successful login attempts not logged (UNIX)
Successful su attempts not logged (UNIX)
Trusted mode only: (UNIX)
Unsuccessful login attempts not logged (UNIX)
Unsuccessful su attempts not logged (UNIX)
Users to check (UNIX)
Warning banners (UNIX)
Warning banners (/etc/issue) (UNIX)
Network Integrity module
About the Network Integrity module
Access control (xhost) (UNIX)
Anonymous FTP enabled (UNIX)
Anonymous FTP owner (UNIX)
Anonymous FTP permissions (UNIX)
Anonymous FTP shell (UNIX)
Automatically update snapshots (UNIX)
Daemon logging (UNIX)
Deleted listening TCP ports (UNIX)
Deleted listening UDP ports (UNIX)
Exported non-secure exclude list (UNIX)
FTP allowed system accounts (UNIX)
FTP allowed users (UNIX)
FTP debug logging disabled (UNIX)
FTP denied users (UNIX)
FTP disabled (UNIX)
FTP enabled (UNIX)
FTP session logging disabled (UNIX)
Forbidden listening TCP ports (UNIX)
Forbidden listening UDP ports (UNIX)
Hosts.lpd allows all hosts and users (UNIX)
Hosts.lpd invalid comment characters (UNIX)
Hosts.lpd invalid dash character (UNIX)
Listening TCP ports (UNIX)
Listening UDP ports (UNIX)
Modified listening TCP ports (UNIX)
Modified listening UDP ports (UNIX)
NFS exported directory (UNIX)
NFS exported directory access (UNIX)
NFS exported directory anonymous UIDs (UNIX)
NFS exported directory anonymous access (UNIX)
NFS exported directory no access lists (UNIX)
NFS exported directory non-secure (UNIX)
NFS exported directory root access (UNIX)
NFS exported directory root access by any host (UNIX)
NFS exported directory writable by any host (UNIX)
NFS exported directory write permissions (UNIX)
NFS mounted directory (UNIX)
NIS/NIS+ enabled (UNIX)
NIS netgroups (UNIX)
Netgroup information (UNIX)
New listening TCP ports (UNIX)
New listening UDP ports (UNIX)
Print servers (UNIX)
Print service without printers (UNIX)
Promiscuous mode (UNIX)
SNMP config file path (UNIX)
SNMP default community strings (UNIX)
SNMP v3 encryption (UNIX)
SNMP version (UNIX)
SNMP write access (UNIX)
TFTP (UNIX)
Trusted hosts/users (UNIX)
OS Patches module
About the OS Patches module
Disable patch module (UNIX)
Installed patches (UNIX)
Patch not installed and process not running (UNIX)
Patch results summary (UNIX)
Patch templates (UNIX)
Superseded (UNIX)
Object Integrity module
About the Object Integrity module
Automatically update snapshots (UNIX)
Changed devices (UNIX)
Deleted devices (UNIX)
Device directories (UNIX)
Disk and memory access (UNIX)
Exclude devices (UNIX)
List Solaris zones (UNIX)
List Solaris zones without ESM (UNIX)
New devices (UNIX)
Solaris user stack protection (UNIX)
Password Strength module
About the Password Strength module
Using and editing word files
Accounts can be used without a password (UNIX)
Accounts without passwords (UNIX)
Add prefix (UNIX)
Add suffix (UNIX)
Double occurrences (UNIX)
Exclude shell (UNIX)
Guessed password (UNIX)
Local accounts/groups only (UNIX)
Local disks only (UNIX)
Login requires password (UNIX)
Lowercase (UNIX)
Maximum password age (UNIX)
Maximum repeated characters (UNIX)
Maximum reported messages (UNIX)
Minimum alphabetic characters (UNIX)
Minimum different characters (UNIX)
Minimum digits (UNIX)
Minimum lower case characters (UNIX)
Minimum non-alphabetic characters (UNIX)
Minimum password age (UNIX)
Minimum password history (UNIX)
Minimum special characters (UNIX)
Minimum upper case characters (UNIX)
NAMECHECK allows username=password (UNIX)
Password Requirements (UNIX)
Password = any username (UNIX)
Password = username (UNIX)
Password = wordlist word (UNIX)
Password age (UNIX)
Password age lockout (UNIX)
Password age warning (UNIX)
Password length restrictions (UNIX)
Password within GECOS field (UNIX)
Plural forms (UNIX)
Repeating Characters (UNIX)
Reverse order (UNIX)
System generated passwords (UNIX)
Trusted mode only (UNIX)
Uppercase (UNIX)
Users can choose their passwords (UNIX)
Users to check (UNIX)
Users without system password strength (UNIX)
Verify DICTIONDBDIR entry (UNIX)
Verify DICTIONLIST entry (UNIX)
Whitespace characters (UNIX)
Startup Files module
About the Startup Files module
Approved wrappers (UNIX)
Automatically update snapshots (UNIX)
Changed services (UNIX)
Check critical processes (UNIX)
Connection logging is not enabled (UNIX)
Current directory in startup PATH (UNIX)
Deleted services (UNIX)
Duplicate services (UNIX)
Enhanced security enabled (UNIX)
File system setuid protection (UNIX)
Grub password (UNIX)
Installed services (UNIX)
Login/tty file contents (UNIX)
Maximum reported messages (UNIX)
New services (UNIX)
Non-wrapped services (UNIX)
Service wrappers (UNIX)
Services (UNIX)
Services not in template (UNIX)
Services which are enabled (UNIX)
Solaris EEPROM auto-boot? (UNIX)
Solaris EEPROM security-mode (UNIX)
Syslog (UNIX)
System startup file contents (UNIX)
Unconfined services (UNIX)
Verify Network parameter Values (UNIX)
System Auditing module
About the System Auditing module
Accounting enabled (UNIX)
Auditing enabled (UNIX)
Authentication database internal consistency (UNIX)
Event auditing (UNIX)
File read auditing (UNIX)
File write auditing (UNIX)
System call mapping (UNIX)
System Mail module
About the System Mail module
Command aliases (UNIX)
Decode aliases (UNIX)
FX/path directives (UNIX)
Log level setting (UNIX)
Mail boxes (UNIX)
Postmaster (UNIX)
Sendmail Restricted Shell (UNIX)
Sendmail configuration file (UNIX)
Sendmail log (UNIX)
Wizard passwords (UNIX)
System Queues module
About the System Queues module
AT subsystem access (UNIX)
CRONTAB file contents (UNIX)
CRON subsystem access (UNIX)
Only Root access to AT subsystem (UNIX)
Only Root access to CRON subsystem (UNIX)
Users to check (UNIX)
User Files module
About the User Files module
Current directory not allowed in PATH (UNIX)
Current directory only at end of PATH (UNIX)
Device files (UNIX)
File ownership (UNIX)
Forbidden files (UNIX)
Group writable directories in PATH (UNIX)
Group writable files (UNIX)
Hidden directories (UNIX)
Hide wwritable in ww dir (UNIX)
Ignore symbolic links (UNIX)
Local accounts/groups only (UNIX)
Local disks only (UNIX)
Maximum reported messages (UNIX)
Mount points (UNIX)
PATH (modifying startup script) (UNIX)
PATH (using su) (UNIX)
Required files (UNIX)
SETUID or SETGID (UNIX)
Startup file contents (UNIX)
Startup file protection (UNIX)
Suspicious file names (UNIX)
Umask (UNIX)
Umask (modifying startup script) (UNIX)
Umask (parsing startup scripts) (UNIX)
Umask (using su) (UNIX)
User defined shells (UNIX)
User directories follow system directories in PATH (UNIX)
Users to check (UNIX)
Users to check for Forbidden files (UNIX)
Users to check for Required files (UNIX)
Users to skip for Startup file protection (UNIX)
World writable directories in PATH (UNIX)
World writable files (UNIX)
Working with Symantec ESM policies
About the Symantec ESM policies
Implementing best practice policies
Creating and editing your own policies
Copying and moving the policies
Running the policies
Demonstrating security checks
Sample policies
Working with Symantec ESM modules
About the Symantec ESM modules
Enabling and disabling security checks
Specifying options
Working with Symantec ESM messages
About the Symantec ESM messages
Types of Symantec ESM messages
Common Symantec ESM messages
Correcting agents in messages
Updating template and snapshot files in messages
Editing the messages
Documentation Home