stig_report_post_remediation.html

<!DOCTYPE html><html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_stig_high_only | OpenSCAP Evaluation Report</title><style>
/*!
 * Bootstrap v3.3.7 (http://getbootstrap.com)
 * Copyright 2011-2016 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 */

/*!
 * Generated using the Bootstrap Customizer (https://getbootstrap.com/customize/?id=8160adef040364fa8f688f6065765caf)
 * Config saved to config.json and https://gist.github.com/8160adef040364fa8f688f6065765caf
 *//*!
 * Bootstrap v3.3.7 (http://getbootstrap.com)
 * Copyright 2011-2016 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{background:transparent !important;color:#000 !important;-webkit-box-shadow:none !important;box-shadow:none !important;text-shadow:none !important}a,a:visited{text-decoration:underline}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role="button"]{cursor:pointer}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:normal;line-height:1;color:#777}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{background-color:#fcf8e3;padding:.2em}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#428bca}a.text-primary:hover,a.text-primary:focus{color:#3071a9}.text-success{color:#3c763d}a.text-success:hover,a.text-success:focus{color:#2b542c}.text-info{color:#31708f}a.text-info:hover,a.text-info:focus{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover,a.text-warning:focus{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover,a.text-danger:focus{color:#843534}.bg-primary{color:#fff;background-color:#428bca}a.bg-primary:hover,a.bg-primary:focus{background-color:#3071a9}.bg-success{background-color:#dff0d8}a.bg-success:hover,a.bg-success:focus{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover,a.bg-info:focus{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover,a.bg-warning:focus{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover,a.bg-danger:focus{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-left:5px;padding-right:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:bold}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #777}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote footer:before,blockquote small:before,blockquote .small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0;text-align:right}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:''}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:'\00A0 \2014'}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:bold;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;word-break:break-all;word-wrap:break-word;color:#333;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position:relative;min-height:1px;padding-left:15px;padding-right:15px}.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}table col[class*="col-"]{position:static;float:none;display:table-column}table td[class*="col-"],table th[class*="col-"]{position:static;float:none;display:table-cell}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{overflow-x:auto;min-height:0.01%}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:bold}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(102, 175, 233, 0.6)}.form-control::-moz-placeholder{color:#777;opacity:1}.form-control:-ms-input-placeholder{color:#777}.form-control::-webkit-input-placeholder{color:#777}.form-control::-ms-expand{border:0;background-color:transparent}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}input[type="search"]{-webkit-appearance:none}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"].form-control,input[type="time"].form-control,input[type="datetime-local"].form-control,input[type="month"].form-control{line-height:34px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:46px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:normal;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-left:-20px;margin-top:4px \9}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:normal;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.form-control-static{padding-top:7px;padding-bottom:7px;margin-bottom:0;min-height:34px}.form-control-static.input-lg,.form-control-static.input-sm{padding-left:0;padding-right:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm textarea.form-control,.form-group-sm select[multiple].form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg textarea.form-control,.form-group-lg select[multiple].form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.33}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback,.input-group-lg+.form-control-feedback,.form-group-lg .form-control+.form-control-feedback{width:46px;height:46px;line-height:46px}.input-sm+.form-control-feedback,.input-group-sm+.form-control-feedback,.form-group-sm .form-control+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;border-color:#3c763d;background-color:#dff0d8}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;border-color:#8a6d3b;background-color:#fcf8e3}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;border-color:#a94442;background-color:#f2dede}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{margin-top:0;margin-bottom:0;padding-top:7px}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}@media (min-width:768px){.form-horizontal .control-label{text-align:right;margin-bottom:0;padding-top:7px}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;white-space:nowrap;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#333;text-decoration:none}.btn:active,.btn.active{outline:0;background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:focus,.btn-default.focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active:hover,.btn-default.active:hover,.open>.dropdown-toggle.btn-default:hover,.btn-default:active:focus,.btn-default.active:focus,.open>.dropdown-toggle.btn-default:focus,.btn-default:active.focus,.btn-default.active.focus,.open>.dropdown-toggle.btn-default.focus{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{background-image:none}.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#3071a9;border-color:#193c5a}.btn-primary:hover{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#3071a9;border-color:#285e8e}.btn-primary:active:hover,.btn-primary.active:hover,.open>.dropdown-toggle.btn-primary:hover,.btn-primary:active:focus,.btn-primary.active:focus,.open>.dropdown-toggle.btn-primary:focus,.btn-primary:active.focus,.btn-primary.active.focus,.open>.dropdown-toggle.btn-primary.focus{color:#fff;background-color:#285e8e;border-color:#193c5a}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus{background-color:#428bca;border-color:#357ebd}.btn-primary .badge{color:#428bca;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active:hover,.btn-success.active:hover,.open>.dropdown-toggle.btn-success:hover,.btn-success:active:focus,.btn-success.active:focus,.open>.dropdown-toggle.btn-success:focus,.btn-success:active.focus,.btn-success.active.focus,.open>.dropdown-toggle.btn-success.focus{color:#fff;background-color:#398439;border-color:#255625}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{background-image:none}.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active:hover,.btn-info.active:hover,.open>.dropdown-toggle.btn-info:hover,.btn-info:active:focus,.btn-info.active:focus,.open>.dropdown-toggle.btn-info:focus,.btn-info:active.focus,.btn-info.active.focus,.open>.dropdown-toggle.btn-info.focus{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{background-image:none}.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active:hover,.btn-warning.active:hover,.open>.dropdown-toggle.btn-warning:hover,.btn-warning:active:focus,.btn-warning.active:focus,.open>.dropdown-toggle.btn-warning:focus,.btn-warning:active.focus,.btn-warning.active.focus,.open>.dropdown-toggle.btn-warning.focus{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active:hover,.btn-danger.active:hover,.open>.dropdown-toggle.btn-danger:hover,.btn-danger:active:focus,.btn-danger.active:focus,.open>.dropdown-toggle.btn-danger:focus,.btn-danger:active.focus,.btn-danger.active.focus,.open>.dropdown-toggle.btn-danger.focus{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{color:#428bca;font-weight:normal;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#777;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-left:12px;padding-right:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-right-radius:0;border-top-left-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{float:none;display:table-cell;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-left:0;padding-right:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:normal;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{margin-bottom:0;padding-left:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#777;text-decoration:none;background-color:transparent;cursor:not-allowed}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{overflow-x:visible;padding-right:15px;padding-left:15px;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-left:0;padding-right:0}}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;padding:15px 15px;font-size:18px;line-height:20px;height:50px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;margin-right:15px;padding:9px 10px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{margin-left:-15px;margin-right:-15px;padding:10px 15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;border:0;margin-left:0;margin-right:0;padding-top:0;padding-bottom:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-right-radius:4px;border-top-left-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-left:15px;margin-right:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{background-color:#e7e7e7;color:#555}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#333}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#777}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#777}.navbar-inverse .navbar-nav>li>a{color:#777}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{background-color:#080808;color:#fff}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#777}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#777}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#fff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#444}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:hover,.label-default[href]:focus{background-color:#5e5e5e}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;color:#fff;line-height:1;vertical-align:middle;white-space:nowrap;text-align:center;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge,.btn-group-xs>.btn .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#3c763d}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#31708f}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{background-color:#fcf8e3;border-color:#faebcc;color:#8a6d3b}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{background-color:#f2dede;border-color:#ebccd1;color:#a94442}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-right-radius:3px;border-top-left-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-right-radius:0;border-top-left-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-left:15px;padding-right:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-right-radius:3px;border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-left-radius:3px;border-bottom-right-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#428bca}.panel-primary>.panel-heading .badge{color:#428bca;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.modal-open{overflow:hidden}.modal{display:none;overflow:hidden;position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform 0.3s ease-out;-o-transition:-o-transform 0.3s ease-out;transition:transform 0.3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);-webkit-background-clip:padding-box;background-clip:padding-box;outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.panel-body:before,.panel-body:after,.modal-header:before,.modal-header:after,.modal-footer:before,.modal-footer:after{content:" ";display:table}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.panel-body:after,.modal-header:after,.modal-footer:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}}
table.treetable span.indenter{display:inline-block;margin:0;padding:0;text-align:right;user-select:none;-khtml-user-select:none;-moz-user-select:none;-o-user-select:none;-webkit-user-select:none;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;width:19px}table.treetable span.indenter a{background-position:left center;background-repeat:no-repeat;display:inline-block;text-decoration:none;width:19px}table.treetable tr.collapsed span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHlJREFUeNrcU1sNgDAQ6wgmcAM2MICGGlg1gJnNzWQcvwQGy1j4oUl/7tH0mpwzM7SgQyO+EZAUWh2MkkzSWhJwuRAlHYsJwEwyvs1gABDuzqoJcTw5qxaIJN0bgQRgIjnlmn1heSO5PE6Y2YXe+5Cr5+h++gs12AcAS6FS+7YOsj4AAAAASUVORK5CYII=)}table.treetable tr.expanded span.indenter a{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHFJREFUeNpi/P//PwMlgImBQsA44C6gvhfa29v3MzAwOODRc6CystIRbxi0t7fjDJjKykpGYrwwi1hxnLHQ3t7+jIGBQRJJ6HllZaUUKYEYRYBPOB0gBShKwKGA////48VtbW3/8clTnBIH3gCKkzJgAGvBX0dDm0sCAAAAAElFTkSuQmCC)}table.treetable tr.branch{background-color:#f9f9f9}table.treetable tr.selected{background-color:#3875d7;color:#fff}table.treetable tr span.indenter a{outline:0}tr.rule-overview-needs-attention td a{color:#d9534f}td.rule-result div,span.rule-result{text-align:center;font-weight:bold;color:#fff;background:gray}td.rule-result-fail div,span.rule-result-fail{background:#d9534f}td.rule-result-error div,span.rule-result-error{background:#d9534f}td.rule-result-unknown div,span.rule-result-unknown{background:#f0ad4e}td.rule-result-pass div,span.rule-result-pass{background:#5cb85c}td.rule-result-fixed div,span.rule-result-fixed{background:#5cb85c}.js-only{display:none}.rule-result-filtered,.rule-result-filtered>*{display:none !important}.search-no-match,.search-no-match>*{display:none !important}.rule-detail-fail,.rule-detail-error,.rule-detail-unknown{border:2px solid #d9534f}#footer{text-align:center;margin-top:50px}pre{overflow:auto !important;word-wrap:normal !important;white-space:pre-wrap}div.check-system-details,div.remediation,div.description{width:0;min-width:100%;overflow-x:auto}div.profile-description{white-space:pre-wrap}div.modal-body{margin:50px;padding:0}div.horizontal-scroll{overflow-x:auto}div.top-spacer-10{margin-top:10px}@media print{.noprint{display:none}.label{border:0;padding:0}.container{width:100%}abbr[title]{border:0;text-decoration:none}div.progress{overflow:visible;height:auto}div.progress-bar{width:auto;float:none;width:auto !important;text-align:left}div.panel-body{padding:4px}}</style><script>
/*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */
!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(e.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor()},push:g,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(e=arguments[h]))for(d in e)a=g[d],c=e[d],g!==c&&(j&&c&&(n.isPlainObject(c)||(b=n.isArray(c)))?(b?(b=!1,f=a&&n.isArray(a)?a:[]):f=a&&n.isPlainObject(a)?a:{},g[d]=n.extend(j,f,c)):void 0!==c&&(g[d]=c));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray||function(a){return"array"===n.type(a)},isWindow:function(a){return null!=a&&a==a.window},isNumeric:function(a){var b=a&&a.toString();return!n.isArray(a)&&b-parseFloat(b)+1>=0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},isPlainObject:function(a){var b;if(!a||"object"!==n.type(a)||a.nodeType||n.isWindow(a))return!1;try{if(a.constructor&&!k.call(a,"constructor")&&!k.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}if(!l.ownFirst)for(b in a)return k.call(a,b);for(b in a);return void 0===b||k.call(a,b)},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?i[j.call(a)]||"object":typeof a},globalEval:function(b){b&&n.trim(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):g.call(c,a)),c},inArray:function(a,b,c){var d;if(b){if(h)return h.call(b,a,c);for(d=b.length,c=c?0>c?Math.max(0,d+c):c:0;d>c;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,b){var c=+b.length,d=0,e=a.length;while(c>d)a[e++]=b[d++];if(c!==c)while(void 0!==b[d])a[e++]=b[d++];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,e,g=0,h=[];if(s(a))for(d=a.length;d>g;g++)e=b(a[g],g,c),null!=e&&h.push(e);else for(g in a)e=b(a[g],g,c),null!=e&&h.push(e);return f.apply([],h)},guid:1,proxy:function(a,b){var c,d,f;return"string"==typeof b&&(f=a[b],b=a,a=f),n.isFunction(a)?(c=e.call(arguments,2),d=function(){return a.apply(b||this,c.concat(e.call(arguments)))},d.guid=a.guid=a.guid||n.guid++,d):void 0},now:function(){return+new Date},support:l}),"function"==typeof Symbol&&(n.fn[Symbol.iterator]=c[Symbol.iterator]),n.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(a,b){i["[object "+b+"]"]=b.toLowerCase()});function s(a){var b=!!a&&"length"in a&&a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===b&&(l=!0),0},C=1<<31,D={}.hasOwnProperty,E=[],F=E.pop,G=E.push,H=E.push,I=E.slice,J=function(a,b){for(var c=0,d=a.length;d>c;c++)if(a[c]===b)return c;return-1},K="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",L="[\\x20\\t\\r\\n\\f]",M="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",N="\\["+L+"*("+M+")(?:"+L+"*([*^$|!~]?=)"+L+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+M+"))|)"+L+"*\\]",O=":("+M+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+N+")*)|.*)\\)|)",P=new RegExp(L+"+","g"),Q=new RegExp("^"+L+"+|((?:^|[^\\\\])(?:\\\\.)*)"+L+"+$","g"),R=new RegExp("^"+L+"*,"+L+"*"),S=new RegExp("^"+L+"*([>+~]|"+L+")"+L+"*"),T=new RegExp("="+L+"*([^\\]'\"]*?)"+L+"*\\]","g"),U=new RegExp(O),V=new RegExp("^"+M+"$"),W={ID:new RegExp("^#("+M+")"),CLASS:new RegExp("^\\.("+M+")"),TAG:new RegExp("^("+M+"|[*])"),ATTR:new RegExp("^"+N),PSEUDO:new RegExp("^"+O),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+L+"*(even|odd|(([+-]|)(\\d*)n|)"+L+"*(?:([+-]|)"+L+"*(\\d+)|))"+L+"*\\)|)","i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+L+"*((?:-\\d)?\\d*)"+L+"*\\)|)(?=[^-]|$)","i")},X=/^(?:input|select|textarea|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,_=/[+~]/,aa=/'|\\/g,ba=new RegExp("\\\\([\\da-f]{1,6}"+L+"?|("+L+")|.)","ig"),ca=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)},da=function(){m()};try{H.apply(E=I.call(v.childNodes),v.childNodes),E[v.childNodes.length].nodeType}catch(ea){H={apply:E.length?function(a,b){G.apply(a,I.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function fa(a,b,d,e){var f,h,j,k,l,o,r,s,w=b&&b.ownerDocument,x=b?b.nodeType:9;if(d=d||[],"string"!=typeof a||!a||1!==x&&9!==x&&11!==x)return d;if(!e&&((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,p)){if(11!==x&&(o=$.exec(a)))if(f=o[1]){if(9===x){if(!(j=b.getElementById(f)))return d;if(j.id===f)return d.push(j),d}else if(w&&(j=w.getElementById(f))&&t(b,j)&&j.id===f)return d.push(j),d}else{if(o[2])return H.apply(d,b.getElementsByTagName(a)),d;if((f=o[3])&&c.getElementsByClassName&&b.getElementsByClassName)return H.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q||!q.test(a))){if(1!==x)w=b,s=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)||b}if(s)try{return H.apply(d,w.querySelectorAll(s)),d}catch(y){}finally{k===u&&b.removeAttribute("id")}}}return i(a.replace(Q,"$1"),b,d,e)}function ga(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function ha(a){return a[u]=!0,a}function ia(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function ja(a,b){var c=a.split("|"),e=c.length;while(e--)d.attrHandle[c[e]]=b}function ka(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||C)-(~a.sourceIndex||C);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function la(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function ma(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function na(a){return ha(function(b){return b=+b,ha(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function oa(a){return a&&"undefined"!=typeof a.getElementsByTagName&&a}c=fa.support={},f=fa.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument||a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventListener("unload",da,!1):e.attachEvent&&e.attachEvent("onunload",da)),c.attributes=ia(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ia(function(a){return a.appendChild(n.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=Z.test(n.getElementsByClassName),c.getById=ia(function(a){return o.appendChild(a).id=u,!n.getElementsByName||!n.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c=b.getElementById(a);return c?[c]:[]}},d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(ba,ca);return function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return"undefined"!=typeof b.getElementsByTagName?b.getElementsByTagName(a):c.qsa?b.querySelectorAll(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a><select id='"+u+"-\r\\' msallowcapture=''><option selected=''></option></select>",a.querySelectorAll("[msallowcapture^='']").length&&q.push("[*^$]="+L+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+L+"*(?:value|"+K+")"),a.querySelectorAll("[id~="+u+"-]").length||q.push("~="),a.querySelectorAll(":checked").length||q.push(":checked"),a.querySelectorAll("a#"+u+"+*").length||q.push(".#.+[+~]")}),ia(function(a){var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+L+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=Z.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ia(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",O)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=Z.test(o.compareDocumentPosition),t=b||Z.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===n||a.ownerDocument===v&&t(v,a)?-1:b===n||b.ownerDocument===v&&t(v,b)?1:k?J(k,a)-J(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e||!f)return a===n?-1:b===n?1:e?-1:f?1:k?J(k,a)-J(k,b):0;if(e===f)return ka(a,b);c=a;while(c=c.parentNode)g.unshift(c);c=b;while(c=c.parentNode)h.unshift(c);while(g[d]===h[d])d++;return d?ka(g[d],h[d]):g[d]===v?-1:h[d]===v?1:0},n):n},fa.matches=function(a,b){return fa(a,null,null,b)},fa.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(T,"='$1']"),c.matchesSelector&&p&&!A[b+" "]&&(!r||!r.test(b))&&(!q||!q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return fa(b,n,null,[a]).length>0},fa.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},fa.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},fa.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=fa.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=fa.selectors={cacheLength:50,createPseudo:ha,match:W,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(ba,ca),a[3]=(a[3]||a[4]||a[5]||"").replace(ba,ca),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||fa.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&fa.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return W.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&U.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(ba,ca).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+L+")"+a+"("+L+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||"undefined"!=typeof a.getAttribute&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=fa.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e.replace(P," ")+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h,t=!1;if(q){if(f){while(p){m=b;while(m=m[p])if(h?m.nodeName.toLowerCase()===r:1===m.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){m=q,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n&&j[2],m=n&&q.childNodes[n];while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if(1===m.nodeType&&++t&&m===b){k[a]=[w,n,t];break}}else if(s&&(m=b,l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),j=k[a]||[],n=j[0]===w&&j[1],t=n),t===!1)while(m=++n&&m&&m[p]||(t=n=0)||o.pop())if((h?m.nodeName.toLowerCase()===r:1===m.nodeType)&&++t&&(s&&(l=m[u]||(m[u]={}),k=l[m.uniqueID]||(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d||t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||fa.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?ha(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=J(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:ha(function(a){var b=[],c=[],d=h(a.replace(Q,"$1"));return d[u]?ha(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),b[0]=null,!c.pop()}}),has:ha(function(a){return function(b){return fa(a,b).length>0}}),contains:ha(function(a){return a=a.replace(ba,ca),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ha(function(a){return V.test(a||"")||fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Y.test(a.nodeName)},input:function(a){return X.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:na(function(){return[0]}),last:na(function(a,b){return[b-1]}),eq:na(function(a,b,c){return[0>c?c+b:c]}),even:na(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:na(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:na(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:na(function(a,b,c){for(var d=0>c?c+b:c;++d<b;)a.push(d);return a})}},d.pseudos.nth=d.pseudos.eq;for(b in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})d.pseudos[b]=la(b);for(b in{submit:!0,reset:!0})d.pseudos[b]=ma(b);function pa(){}pa.prototype=d.filters=d.pseudos,d.setFilters=new pa,g=fa.tokenize=function(a,b){var c,e,f,g,h,i,j,k=z[a+" "];if(k)return b?0:k.slice(0);h=a,i=[],j=d.preFilter;while(h){c&&!(e=R.exec(h))||(e&&(h=h.slice(e[0].length)||h),i.push(f=[])),c=!1,(e=S.exec(h))&&(c=e.shift(),f.push({value:c,type:e[0].replace(Q," ")}),h=h.slice(c.length));for(g in d.filter)!(e=W[g].exec(h))||j[g]&&!(e=j[g](e))||(c=e.shift(),f.push({value:c,type:g,matches:e}),h=h.slice(c.length));if(!c)break}return b?h.length:h?fa.error(a):z(a,i).slice(0)};function qa(a){for(var b=0,c=a.length,d="";c>b;b++)d+=a[b].value;return d}function ra(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j,k=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(j=b[u]||(b[u]={}),i=j[b.uniqueID]||(j[b.uniqueID]={}),(h=i[d])&&h[0]===w&&h[1]===f)return k[2]=h[2];if(i[d]=k,k[2]=a(b,c,g))return!0}}}function sa(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function ta(a,b,c){for(var d=0,e=b.length;e>d;d++)fa(a,b[d],c);return c}function ua(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(c&&!c(f,d,e)||(g.push(f),j&&b.push(h)));return g}function va(a,b,c,d,e,f){return d&&!d[u]&&(d=va(d)),e&&!e[u]&&(e=va(e,f)),ha(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||ta(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:ua(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=ua(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?J(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=ua(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):H.apply(g,r)})}function wa(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=ra(function(a){return a===b},h,!0),l=ra(function(a){return J(b,a)>-1},h,!0),m=[function(a,c,d){var e=!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d));return b=null,e}];f>i;i++)if(c=d.relative[a[i].type])m=[ra(sa(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return va(i>1&&sa(m),i>1&&qa(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(Q,"$1"),c,e>i&&wa(a.slice(i,e)),f>e&&wa(a=a.slice(e)),f>e&&qa(a))}m.push(c)}return sa(m)}function xa(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,o,q,r=0,s="0",t=f&&[],u=[],v=j,x=f||e&&d.find.TAG("*",k),y=w+=null==v?1:Math.random()||.1,z=x.length;for(k&&(j=g===n||g||k);s!==z&&null!=(l=x[s]);s++){if(e&&l){o=0,g||l.ownerDocument===n||(m(l),h=!p);while(q=a[o++])if(q(l,g||n,h)){i.push(l);break}k&&(w=y)}c&&((l=!q&&l)&&r--,f&&t.push(l))}if(r+=s,c&&s!==r){o=0;while(q=b[o++])q(t,u,g,h);if(f){if(r>0)while(s--)t[s]||u[s]||(u[s]=F.call(i));u=ua(u)}H.apply(i,u),k&&!f&&u.length>0&&r+b.length>1&&fa.uniqueSort(i)}return k&&(w=y,j=v),t};return c?ha(f):f}return h=fa.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=wa(b[c]),f[u]?d.push(f):e.push(f);f=A(a,xa(e,d)),f.selector=a}return f},i=fa.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(ba,ca),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=W.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(ba,ca),_.test(j[0].type)&&oa(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&qa(j),!a)return H.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,!b||_.test(a)&&oa(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ia(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),ia(function(a){return a.innerHTML="<a href='#'></a>","#"===a.firstChild.getAttribute("href")})||ja("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ia(function(a){return a.innerHTML="<input/>",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||ja("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),ia(function(a){return null==a.getAttribute("disabled")})||ja(K,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),fa}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.uniqueSort=n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&n(a).is(c))break;d.push(a)}return d},v=function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c},w=n.expr.match.needsContext,x=/^<([\w-]+)\s*\/?>(?:<\/\1>|)$/,y=/^.[^:#\[\.,]*$/;function z(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(y.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return n.inArray(a,b)>-1!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=[],d=this,e=d.length;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;e>b;b++)if(n.contains(d[b],this))return!0}));for(b=0;e>b;b++)n.find(a,d[b],c);return c=this.pushStack(e>1?n.unique(c):c),c.selector=this.selector?this.selector+" "+a:a,c},filter:function(a){return this.pushStack(z(this,a||[],!1))},not:function(a){return this.pushStack(z(this,a||[],!0))},is:function(a){return!!z(this,"string"==typeof a&&w.test(a)?n(a):a||[],!1).length}});var A,B=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=n.fn.init=function(a,b,c){var e,f;if(!a)return this;if(c=c||A,"string"==typeof a){if(e="<"===a.charAt(0)&&">"===a.charAt(a.length-1)&&a.length>=3?[null,a,null]:B.exec(a),!e||!e[1]&&b)return!b||b.jquery?(b||c).find(a):this.constructor(b).find(a);if(e[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(e[1],b&&b.nodeType?b.ownerDocument||b:d,!0)),x.test(e[1])&&n.isPlainObject(b))for(e in b)n.isFunction(this[e])?this[e](b[e]):this.attr(e,b[e]);return this}if(f=d.getElementById(e[2]),f&&f.parentNode){if(f.id!==e[2])return A.find(a);this.length=1,this[0]=f}return this.context=d,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof c.ready?c.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};C.prototype=n.fn,A=n(d);var D=/^(?:parents|prev(?:Until|All))/,E={children:!0,contents:!0,next:!0,prev:!0};n.fn.extend({has:function(a){var b,c=n(a,this),d=c.length;return this.filter(function(){for(b=0;d>b;b++)if(n.contains(this,c[b]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=w.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.uniqueSort(f):f)},index:function(a){return a?"string"==typeof a?n.inArray(this[0],n(a)):n.inArray(a.jquery?a[0]:a,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.uniqueSort(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function F(a,b){do a=a[b];while(a&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return u(a,"parentNode")},parentsUntil:function(a,b,c){return u(a,"parentNode",c)},next:function(a){return F(a,"nextSibling")},prev:function(a){return F(a,"previousSibling")},nextAll:function(a){return u(a,"nextSibling")},prevAll:function(a){return u(a,"previousSibling")},nextUntil:function(a,b,c){return u(a,"nextSibling",c)},prevUntil:function(a,b,c){return u(a,"previousSibling",c)},siblings:function(a){return v((a.parentNode||{}).firstChild,a)},children:function(a){return v(a.firstChild)},contents:function(a){return n.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(E[a]||(e=n.uniqueSort(e)),D.test(a)&&(e=e.reverse())),this.pushStack(e)}});var G=/\S+/g;function H(a){var b={};return n.each(a.match(G)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?H(a):n.extend({},a);var b,c,d,e,f=[],g=[],h=-1,i=function(){for(e=a.once,d=b=!0;g.length;h=-1){c=g.shift();while(++h<f.length)f[h].apply(c[0],c[1])===!1&&a.stopOnFalse&&(h=f.length,c=!1)}a.memory||(c=!1),b=!1,e&&(f=c?[]:"")},j={add:function(){return f&&(c&&!b&&(h=f.length-1,g.push(c)),function d(b){n.each(b,function(b,c){n.isFunction(c)?a.unique&&j.has(c)||f.push(c):c&&c.length&&"string"!==n.type(c)&&d(c)})}(arguments),c&&!b&&i()),this},remove:function(){return n.each(arguments,function(a,b){var c;while((c=n.inArray(b,f,c))>-1)f.splice(c,1),h>=c&&h--}),this},has:function(a){return a?n.inArray(a,f)>-1:f.length>0},empty:function(){return f&&(f=[]),this},disable:function(){return e=g=[],f=c="",this},disabled:function(){return!f},lock:function(){return e=!0,c||j.disable(),this},locked:function(){return!!e},fireWith:function(a,c){return e||(c=c||[],c=[a,c.slice?c.slice():c],g.push(c),b||i()),this},fire:function(){return j.fireWith(this,arguments),this},fired:function(){return!!d}};return j},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().progress(c.notify).done(c.resolve).fail(c.reject):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=e.call(arguments),d=c.length,f=1!==d||a&&n.isFunction(a.promise)?d:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(d){b[a]=this,c[a]=arguments.length>1?e.call(arguments):d,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(d>1)for(i=new Array(d),j=new Array(d),k=new Array(d);d>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().progress(h(b,j,i)).done(h(b,k,c)).fail(g.reject):--f;return f||g.resolveWith(k,c),g.promise()}});var I;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){(a===!0?--n.readyWait:n.isReady)||(n.isReady=!0,a!==!0&&--n.readyWait>0||(I.resolveWith(d,[n]),n.fn.triggerHandler&&(n(d).triggerHandler("ready"),n(d).off("ready"))))}});function J(){d.addEventListener?(d.removeEventListener("DOMContentLoaded",K),a.removeEventListener("load",K)):(d.detachEvent("onreadystatechange",K),a.detachEvent("onload",K))}function K(){(d.addEventListener||"load"===a.event.type||"complete"===d.readyState)&&(J(),n.ready())}n.ready.promise=function(b){if(!I)if(I=n.Deferred(),"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll)a.setTimeout(n.ready);else if(d.addEventListener)d.addEventListener("DOMContentLoaded",K),a.addEventListener("load",K);else{d.attachEvent("onreadystatechange",K),a.attachEvent("onload",K);var c=!1;try{c=null==a.frameElement&&d.documentElement}catch(e){}c&&c.doScroll&&!function f(){if(!n.isReady){try{c.doScroll("left")}catch(b){return a.setTimeout(f,50)}J(),n.ready()}}()}return I.promise(b)},n.ready.promise();var L;for(L in n(l))break;l.ownFirst="0"===L,l.inlineBlockNeedsLayout=!1,n(function(){var a,b,c,e;c=d.getElementsByTagName("body")[0],c&&c.style&&(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="display:inline;margin:0;border:0;padding:1px;width:1px;zoom:1",l.inlineBlockNeedsLayout=a=3===b.offsetWidth,a&&(c.style.zoom=1)),c.removeChild(e))}),function(){var a=d.createElement("div");l.deleteExpando=!0;try{delete a.test}catch(b){l.deleteExpando=!1}a=null}();var M=function(a){var b=n.noData[(a.nodeName+" ").toLowerCase()],c=+a.nodeType||1;return 1!==c&&9!==c?!1:!b||b!==!0&&a.getAttribute("classid")===b},N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){if(void 0===c&&1===a.nodeType){var d="data-"+b.replace(O,"-$1").toLowerCase();if(c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}n.data(a,b,c)}else c=void 0;
}return c}function Q(a){var b;for(b in a)if(("data"!==b||!n.isEmptyObject(a[b]))&&"toJSON"!==b)return!1;return!0}function R(a,b,d,e){if(M(a)){var f,g,h=n.expando,i=a.nodeType,j=i?n.cache:a,k=i?a[h]:a[h]&&h;if(k&&j[k]&&(e||j[k].data)||void 0!==d||"string"!=typeof b)return k||(k=i?a[h]=c.pop()||n.guid++:h),j[k]||(j[k]=i?{}:{toJSON:n.noop}),"object"!=typeof b&&"function"!=typeof b||(e?j[k]=n.extend(j[k],b):j[k].data=n.extend(j[k].data,b)),g=j[k],e||(g.data||(g.data={}),g=g.data),void 0!==d&&(g[n.camelCase(b)]=d),"string"==typeof b?(f=g[b],null==f&&(f=g[n.camelCase(b)])):f=g,f}}function S(a,b,c){if(M(a)){var d,e,f=a.nodeType,g=f?n.cache:a,h=f?a[n.expando]:n.expando;if(g[h]){if(b&&(d=c?g[h]:g[h].data)){n.isArray(b)?b=b.concat(n.map(b,n.camelCase)):b in d?b=[b]:(b=n.camelCase(b),b=b in d?[b]:b.split(" ")),e=b.length;while(e--)delete d[b[e]];if(c?!Q(d):!n.isEmptyObject(d))return}(c||(delete g[h].data,Q(g[h])))&&(f?n.cleanData([a],!0):l.deleteExpando||g!=g.window?delete g[h]:g[h]=void 0)}}}n.extend({cache:{},noData:{"applet ":!0,"embed ":!0,"object ":"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"},hasData:function(a){return a=a.nodeType?n.cache[a[n.expando]]:a[n.expando],!!a&&!Q(a)},data:function(a,b,c){return R(a,b,c)},removeData:function(a,b){return S(a,b)},_data:function(a,b,c){return R(a,b,c,!0)},_removeData:function(a,b){return S(a,b,!0)}}),n.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=n.data(f),1===f.nodeType&&!n._data(f,"parsedAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),P(f,d,e[d])));n._data(f,"parsedAttrs",!0)}return e}return"object"==typeof a?this.each(function(){n.data(this,a)}):arguments.length>1?this.each(function(){n.data(this,a,b)}):f?P(f,a,n.data(f,a)):void 0},removeData:function(a){return this.each(function(){n.removeData(this,a)})}}),n.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=n._data(a,b),c&&(!d||n.isArray(c)?d=n._data(a,b,n.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=n.queue(a,b),d=c.length,e=c.shift(),f=n._queueHooks(a,b),g=function(){n.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return n._data(a,c)||n._data(a,c,{empty:n.Callbacks("once memory").add(function(){n._removeData(a,b+"queue"),n._removeData(a,c)})})}}),n.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.length<c?n.queue(this[0],a):void 0===b?this:this.each(function(){var c=n.queue(this,a,b);n._queueHooks(this,a),"fx"===a&&"inprogress"!==c[0]&&n.dequeue(this,a)})},dequeue:function(a){return this.each(function(){n.dequeue(this,a)})},clearQueue:function(a){return this.queue(a||"fx",[])},promise:function(a,b){var c,d=1,e=n.Deferred(),f=this,g=this.length,h=function(){--d||e.resolveWith(f,[f])};"string"!=typeof a&&(b=a,a=void 0),a=a||"fx";while(g--)c=n._data(f[g],a+"queueHooks"),c&&c.empty&&(d++,c.empty.add(h));return h(),e.promise(b)}}),function(){var a;l.shrinkWrapBlocks=function(){if(null!=a)return a;a=!1;var b,c,e;return c=d.getElementsByTagName("body")[0],c&&c.style?(b=d.createElement("div"),e=d.createElement("div"),e.style.cssText="position:absolute;border:0;width:0;height:0;top:0;left:-9999px",c.appendChild(e).appendChild(b),"undefined"!=typeof b.style.zoom&&(b.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:1px;width:1px;zoom:1",b.appendChild(d.createElement("div")).style.width="5px",a=3!==b.offsetWidth),c.removeChild(e),a):void 0}}();var T=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,U=new RegExp("^(?:([+-])=|)("+T+")([a-z%]*)$","i"),V=["Top","Right","Bottom","Left"],W=function(a,b){return a=b||a,"none"===n.css(a,"display")||!n.contains(a.ownerDocument,a)};function X(a,b,c,d){var e,f=1,g=20,h=d?function(){return d.cur()}:function(){return n.css(a,b,"")},i=h(),j=c&&c[3]||(n.cssNumber[b]?"":"px"),k=(n.cssNumber[b]||"px"!==j&&+i)&&U.exec(n.css(a,b));if(k&&k[3]!==j){j=j||k[3],c=c||[],k=+i||1;do f=f||".5",k/=f,n.style(a,b,k+j);while(f!==(f=h()/i)&&1!==f&&--g)}return c&&(k=+k||+i||0,e=c[1]?k+(c[1]+1)*c[2]:+c[2],d&&(d.unit=j,d.start=k,d.end=e)),e}var Y=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===n.type(c)){e=!0;for(h in c)Y(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,n.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(n(a),c)})),b))for(;i>h;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f},Z=/^(?:checkbox|radio)$/i,$=/<([\w:-]+)/,_=/^$|\/(?:java|ecma)script/i,aa=/^\s+/,ba="abbr|article|aside|audio|bdi|canvas|data|datalist|details|dialog|figcaption|figure|footer|header|hgroup|main|mark|meter|nav|output|picture|progress|section|summary|template|time|video";function ca(a){var b=ba.split("|"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}!function(){var a=d.createElement("div"),b=d.createDocumentFragment(),c=d.createElement("input");a.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",l.leadingWhitespace=3===a.firstChild.nodeType,l.tbody=!a.getElementsByTagName("tbody").length,l.htmlSerialize=!!a.getElementsByTagName("link").length,l.html5Clone="<:nav></:nav>"!==d.createElement("nav").cloneNode(!0).outerHTML,c.type="checkbox",c.checked=!0,b.appendChild(c),l.appendChecked=c.checked,a.innerHTML="<textarea>x</textarea>",l.noCloneChecked=!!a.cloneNode(!0).lastChild.defaultValue,b.appendChild(a),c=d.createElement("input"),c.setAttribute("type","radio"),c.setAttribute("checked","checked"),c.setAttribute("name","t"),a.appendChild(c),l.checkClone=a.cloneNode(!0).cloneNode(!0).lastChild.checked,l.noCloneEvent=!!a.addEventListener,a[n.expando]=1,l.attributes=!a.getAttribute(n.expando)}();var da={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],area:[1,"<map>","</map>"],param:[1,"<object>","</object>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:l.htmlSerialize?[0,"",""]:[1,"X<div>","</div>"]};da.optgroup=da.option,da.tbody=da.tfoot=da.colgroup=da.caption=da.thead,da.th=da.td;function ea(a,b){var c,d,e=0,f="undefined"!=typeof a.getElementsByTagName?a.getElementsByTagName(b||"*"):"undefined"!=typeof a.querySelectorAll?a.querySelectorAll(b||"*"):void 0;if(!f)for(f=[],c=a.childNodes||a;null!=(d=c[e]);e++)!b||n.nodeName(d,b)?f.push(d):n.merge(f,ea(d,b));return void 0===b||b&&n.nodeName(a,b)?n.merge([a],f):f}function fa(a,b){for(var c,d=0;null!=(c=a[d]);d++)n._data(c,"globalEval",!b||n._data(b[d],"globalEval"))}var ga=/<|&#?\w+;/,ha=/<tbody/i;function ia(a){Z.test(a.type)&&(a.defaultChecked=a.checked)}function ja(a,b,c,d,e){for(var f,g,h,i,j,k,m,o=a.length,p=ca(b),q=[],r=0;o>r;r++)if(g=a[r],g||0===g)if("object"===n.type(g))n.merge(q,g.nodeType?[g]:g);else if(ga.test(g)){i=i||p.appendChild(b.createElement("div")),j=($.exec(g)||["",""])[1].toLowerCase(),m=da[j]||da._default,i.innerHTML=m[1]+n.htmlPrefilter(g)+m[2],f=m[0];while(f--)i=i.lastChild;if(!l.leadingWhitespace&&aa.test(g)&&q.push(b.createTextNode(aa.exec(g)[0])),!l.tbody){g="table"!==j||ha.test(g)?"<table>"!==m[1]||ha.test(g)?0:i:i.firstChild,f=g&&g.childNodes.length;while(f--)n.nodeName(k=g.childNodes[f],"tbody")&&!k.childNodes.length&&g.removeChild(k)}n.merge(q,i.childNodes),i.textContent="";while(i.firstChild)i.removeChild(i.firstChild);i=p.lastChild}else q.push(b.createTextNode(g));i&&p.removeChild(i),l.appendChecked||n.grep(ea(q,"input"),ia),r=0;while(g=q[r++])if(d&&n.inArray(g,d)>-1)e&&e.push(g);else if(h=n.contains(g.ownerDocument,g),i=ea(p.appendChild(g),"script"),h&&fa(i),c){f=0;while(g=i[f++])_.test(g.type||"")&&c.push(g)}return i=null,p}!function(){var b,c,e=d.createElement("div");for(b in{submit:!0,change:!0,focusin:!0})c="on"+b,(l[b]=c in a)||(e.setAttribute(c,"t"),l[b]=e.attributes[c].expando===!1);e=null}();var ka=/^(?:input|select|textarea)$/i,la=/^key/,ma=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,na=/^(?:focusinfocus|focusoutblur)$/,oa=/^([^.]*)(?:\.(.+)|)/;function pa(){return!0}function qa(){return!1}function ra(){try{return d.activeElement}catch(a){}}function sa(a,b,c,d,e,f){var g,h;if("object"==typeof b){"string"!=typeof c&&(d=d||c,c=void 0);for(h in b)sa(a,h,c,d,b[h],f);return a}if(null==d&&null==e?(e=c,d=c=void 0):null==e&&("string"==typeof c?(e=d,d=void 0):(e=d,d=c,c=void 0)),e===!1)e=qa;else if(!e)return a;return 1===f&&(g=e,e=function(a){return n().off(a),g.apply(this,arguments)},e.guid=g.guid||(g.guid=n.guid++)),a.each(function(){n.event.add(this,b,e,d,c)})}n.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n._data(a);if(r){c.handler&&(i=c,c=i.handler,e=i.selector),c.guid||(c.guid=n.guid++),(g=r.events)||(g=r.events={}),(k=r.handle)||(k=r.handle=function(a){return"undefined"==typeof n||a&&n.event.triggered===a.type?void 0:n.event.dispatch.apply(k.elem,arguments)},k.elem=a),b=(b||"").match(G)||[""],h=b.length;while(h--)f=oa.exec(b[h])||[],o=q=f[1],p=(f[2]||"").split(".").sort(),o&&(j=n.event.special[o]||{},o=(e?j.delegateType:j.bindType)||o,j=n.event.special[o]||{},l=n.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},i),(m=g[o])||(m=g[o]=[],m.delegateCount=0,j.setup&&j.setup.call(a,d,p,k)!==!1||(a.addEventListener?a.addEventListener(o,k,!1):a.attachEvent&&a.attachEvent("on"+o,k))),j.add&&(j.add.call(a,l),l.handler.guid||(l.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,l):m.push(l),n.event.global[o]=!0);a=null}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=n.hasData(a)&&n._data(a);if(r&&(k=r.events)){b=(b||"").match(G)||[""],j=b.length;while(j--)if(h=oa.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=n.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,m=k[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),i=f=m.length;while(f--)g=m[f],!e&&q!==g.origType||c&&c.guid!==g.guid||h&&!h.test(g.namespace)||d&&d!==g.selector&&("**"!==d||!g.selector)||(m.splice(f,1),g.selector&&m.delegateCount--,l.remove&&l.remove.call(a,g));i&&!m.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||n.removeEvent(a,o,r.handle),delete k[o])}else for(o in k)n.event.remove(a,o+b[j],c,d,!0);n.isEmptyObject(k)&&(delete r.handle,n._removeData(a,"events"))}},trigger:function(b,c,e,f){var g,h,i,j,l,m,o,p=[e||d],q=k.call(b,"type")?b.type:b,r=k.call(b,"namespace")?b.namespace.split("."):[];if(i=m=e=e||d,3!==e.nodeType&&8!==e.nodeType&&!na.test(q+n.event.triggered)&&(q.indexOf(".")>-1&&(r=q.split("."),q=r.shift(),r.sort()),h=q.indexOf(":")<0&&"on"+q,b=b[n.expando]?b:new n.Event(q,"object"==typeof b&&b),b.isTrigger=f?2:3,b.namespace=r.join("."),b.rnamespace=b.namespace?new RegExp("(^|\\.)"+r.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=e),c=null==c?[b]:n.makeArray(c,[b]),l=n.event.special[q]||{},f||!l.trigger||l.trigger.apply(e,c)!==!1)){if(!f&&!l.noBubble&&!n.isWindow(e)){for(j=l.delegateType||q,na.test(j+q)||(i=i.parentNode);i;i=i.parentNode)p.push(i),m=i;m===(e.ownerDocument||d)&&p.push(m.defaultView||m.parentWindow||a)}o=0;while((i=p[o++])&&!b.isPropagationStopped())b.type=o>1?j:l.bindType||q,g=(n._data(i,"events")||{})[b.type]&&n._data(i,"handle"),g&&g.apply(i,c),g=h&&i[h],g&&g.apply&&M(i)&&(b.result=g.apply(i,c),b.result===!1&&b.preventDefault());if(b.type=q,!f&&!b.isDefaultPrevented()&&(!l._default||l._default.apply(p.pop(),c)===!1)&&M(e)&&h&&e[q]&&!n.isWindow(e)){m=e[h],m&&(e[h]=null),n.event.triggered=q;try{e[q]()}catch(s){}n.event.triggered=void 0,m&&(e[h]=m)}return b.result}},dispatch:function(a){a=n.event.fix(a);var b,c,d,f,g,h=[],i=e.call(arguments),j=(n._data(this,"events")||{})[a.type]||[],k=n.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=n.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,c=0;while((g=f.handlers[c++])&&!a.isImmediatePropagationStopped())a.rnamespace&&!a.rnamespace.test(g.namespace)||(a.handleObj=g,a.data=g.data,d=((n.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==d&&(a.result=d)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&("click"!==a.type||isNaN(a.button)||a.button<1))for(;i!=this;i=i.parentNode||this)if(1===i.nodeType&&(i.disabled!==!0||"click"!==a.type)){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index(i)>-1:n.find(e,this,null,[i]).length),d[e]&&d.push(f);d.length&&g.push({elem:i,handlers:d})}return h<b.length&&g.push({elem:this,handlers:b.slice(h)}),g},fix:function(a){if(a[n.expando])return a;var b,c,e,f=a.type,g=a,h=this.fixHooks[f];h||(this.fixHooks[f]=h=ma.test(f)?this.mouseHooks:la.test(f)?this.keyHooks:{}),e=h.props?this.props.concat(h.props):this.props,a=new n.Event(g),b=e.length;while(b--)c=e[b],a[c]=g[c];return a.target||(a.target=g.srcElement||d),3===a.target.nodeType&&(a.target=a.target.parentNode),a.metaKey=!!a.metaKey,h.filter?h.filter(a,g):a},props:"altKey bubbles cancelable ctrlKey currentTarget detail eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(a,b){return null==a.which&&(a.which=null!=b.charCode?b.charCode:b.keyCode),a}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(a,b){var c,e,f,g=b.button,h=b.fromElement;return null==a.pageX&&null!=b.clientX&&(e=a.target.ownerDocument||d,f=e.documentElement,c=e.body,a.pageX=b.clientX+(f&&f.scrollLeft||c&&c.scrollLeft||0)-(f&&f.clientLeft||c&&c.clientLeft||0),a.pageY=b.clientY+(f&&f.scrollTop||c&&c.scrollTop||0)-(f&&f.clientTop||c&&c.clientTop||0)),!a.relatedTarget&&h&&(a.relatedTarget=h===a.target?b.toElement:h),a.which||void 0===g||(a.which=1&g?1:2&g?3:4&g?2:0),a}},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==ra()&&this.focus)try{return this.focus(),!1}catch(a){}},delegateType:"focusin"},blur:{trigger:function(){return this===ra()&&this.blur?(this.blur(),!1):void 0},delegateType:"focusout"},click:{trigger:function(){return n.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):void 0},_default:function(a){return n.nodeName(a.target,"a")}},beforeunload:{postDispatch:function(a){void 0!==a.result&&a.originalEvent&&(a.originalEvent.returnValue=a.result)}}},simulate:function(a,b,c){var d=n.extend(new n.Event,c,{type:a,isSimulated:!0});n.event.trigger(d,null,b),d.isDefaultPrevented()&&c.preventDefault()}},n.removeEvent=d.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c)}:function(a,b,c){var d="on"+b;a.detachEvent&&("undefined"==typeof a[d]&&(a[d]=null),a.detachEvent(d,c))},n.Event=function(a,b){return this instanceof n.Event?(a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||void 0===a.defaultPrevented&&a.returnValue===!1?pa:qa):this.type=a,b&&n.extend(this,b),this.timeStamp=a&&a.timeStamp||n.now(),void(this[n.expando]=!0)):new n.Event(a,b)},n.Event.prototype={constructor:n.Event,isDefaultPrevented:qa,isPropagationStopped:qa,isImmediatePropagationStopped:qa,preventDefault:function(){var a=this.originalEvent;this.isDefaultPrevented=pa,a&&(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){var a=this.originalEvent;this.isPropagationStopped=pa,a&&!this.isSimulated&&(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){var a=this.originalEvent;this.isImmediatePropagationStopped=pa,a&&a.stopImmediatePropagation&&a.stopImmediatePropagation(),this.stopPropagation()}},n.each({mouseenter:"mouseover",mouseleave:"mouseout",pointerenter:"pointerover",pointerleave:"pointerout"},function(a,b){n.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c,d=this,e=a.relatedTarget,f=a.handleObj;return e&&(e===d||n.contains(d,e))||(a.type=f.origType,c=f.handler.apply(this,arguments),a.type=b),c}}}),l.submit||(n.event.special.submit={setup:function(){return n.nodeName(this,"form")?!1:void n.event.add(this,"click._submit keypress._submit",function(a){var b=a.target,c=n.nodeName(b,"input")||n.nodeName(b,"button")?n.prop(b,"form"):void 0;c&&!n._data(c,"submit")&&(n.event.add(c,"submit._submit",function(a){a._submitBubble=!0}),n._data(c,"submit",!0))})},postDispatch:function(a){a._submitBubble&&(delete a._submitBubble,this.parentNode&&!a.isTrigger&&n.event.simulate("submit",this.parentNode,a))},teardown:function(){return n.nodeName(this,"form")?!1:void n.event.remove(this,"._submit")}}),l.change||(n.event.special.change={setup:function(){return ka.test(this.nodeName)?("checkbox"!==this.type&&"radio"!==this.type||(n.event.add(this,"propertychange._change",function(a){"checked"===a.originalEvent.propertyName&&(this._justChanged=!0)}),n.event.add(this,"click._change",function(a){this._justChanged&&!a.isTrigger&&(this._justChanged=!1),n.event.simulate("change",this,a)})),!1):void n.event.add(this,"beforeactivate._change",function(a){var b=a.target;ka.test(b.nodeName)&&!n._data(b,"change")&&(n.event.add(b,"change._change",function(a){!this.parentNode||a.isSimulated||a.isTrigger||n.event.simulate("change",this.parentNode,a)}),n._data(b,"change",!0))})},handle:function(a){var b=a.target;return this!==b||a.isSimulated||a.isTrigger||"radio"!==b.type&&"checkbox"!==b.type?a.handleObj.handler.apply(this,arguments):void 0},teardown:function(){return n.event.remove(this,"._change"),!ka.test(this.nodeName)}}),l.focusin||n.each({focus:"focusin",blur:"focusout"},function(a,b){var c=function(a){n.event.simulate(b,a.target,n.event.fix(a))};n.event.special[b]={setup:function(){var d=this.ownerDocument||this,e=n._data(d,b);e||d.addEventListener(a,c,!0),n._data(d,b,(e||0)+1)},teardown:function(){var d=this.ownerDocument||this,e=n._data(d,b)-1;e?n._data(d,b,e):(d.removeEventListener(a,c,!0),n._removeData(d,b))}}}),n.fn.extend({on:function(a,b,c,d){return sa(this,a,b,c,d)},one:function(a,b,c,d){return sa(this,a,b,c,d,1)},off:function(a,b,c){var d,e;if(a&&a.preventDefault&&a.handleObj)return d=a.handleObj,n(a.delegateTarget).off(d.namespace?d.origType+"."+d.namespace:d.origType,d.selector,d.handler),this;if("object"==typeof a){for(e in a)this.off(e,b,a[e]);return this}return b!==!1&&"function"!=typeof b||(c=b,b=void 0),c===!1&&(c=qa),this.each(function(){n.event.remove(this,a,c,b)})},trigger:function(a,b){return this.each(function(){n.event.trigger(a,b,this)})},triggerHandler:function(a,b){var c=this[0];return c?n.event.trigger(a,b,c,!0):void 0}});var ta=/ jQuery\d+="(?:null|\d+)"/g,ua=new RegExp("<(?:"+ba+")[\\s/>]","i"),va=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi,wa=/<script|<style|<link/i,xa=/checked\s*(?:[^=]|=\s*.checked.)/i,ya=/^true\/(.*)/,za=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g,Aa=ca(d),Ba=Aa.appendChild(d.createElement("div"));function Ca(a,b){return n.nodeName(a,"table")&&n.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function Da(a){return a.type=(null!==n.find.attr(a,"type"))+"/"+a.type,a}function Ea(a){var b=ya.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function Fa(a,b){if(1===b.nodeType&&n.hasData(a)){var c,d,e,f=n._data(a),g=n._data(b,f),h=f.events;if(h){delete g.handle,g.events={};for(c in h)for(d=0,e=h[c].length;e>d;d++)n.event.add(b,c,h[c][d])}g.data&&(g.data=n.extend({},g.data))}}function Ga(a,b){var c,d,e;if(1===b.nodeType){if(c=b.nodeName.toLowerCase(),!l.noCloneEvent&&b[n.expando]){e=n._data(b);for(d in e.events)n.removeEvent(b,d,e.handle);b.removeAttribute(n.expando)}"script"===c&&b.text!==a.text?(Da(b).text=a.text,Ea(b)):"object"===c?(b.parentNode&&(b.outerHTML=a.outerHTML),l.html5Clone&&a.innerHTML&&!n.trim(b.innerHTML)&&(b.innerHTML=a.innerHTML)):"input"===c&&Z.test(a.type)?(b.defaultChecked=b.checked=a.checked,b.value!==a.value&&(b.value=a.value)):"option"===c?b.defaultSelected=b.selected=a.defaultSelected:"input"!==c&&"textarea"!==c||(b.defaultValue=a.defaultValue)}}function Ha(a,b,c,d){b=f.apply([],b);var e,g,h,i,j,k,m=0,o=a.length,p=o-1,q=b[0],r=n.isFunction(q);if(r||o>1&&"string"==typeof q&&!l.checkClone&&xa.test(q))return a.each(function(e){var f=a.eq(e);r&&(b[0]=q.call(this,e,f.html())),Ha(f,b,c,d)});if(o&&(k=ja(b,a[0].ownerDocument,!1,a,d),e=k.firstChild,1===k.childNodes.length&&(k=e),e||d)){for(i=n.map(ea(k,"script"),Da),h=i.length;o>m;m++)g=k,m!==p&&(g=n.clone(g,!0,!0),h&&n.merge(i,ea(g,"script"))),c.call(a[m],g,m);if(h)for(j=i[i.length-1].ownerDocument,n.map(i,Ea),m=0;h>m;m++)g=i[m],_.test(g.type||"")&&!n._data(g,"globalEval")&&n.contains(j,g)&&(g.src?n._evalUrl&&n._evalUrl(g.src):n.globalEval((g.text||g.textContent||g.innerHTML||"").replace(za,"")));k=e=null}return a}function Ia(a,b,c){for(var d,e=b?n.filter(b,a):a,f=0;null!=(d=e[f]);f++)c||1!==d.nodeType||n.cleanData(ea(d)),d.parentNode&&(c&&n.contains(d.ownerDocument,d)&&fa(ea(d,"script")),d.parentNode.removeChild(d));return a}n.extend({htmlPrefilter:function(a){return a.replace(va,"<$1></$2>")},clone:function(a,b,c){var d,e,f,g,h,i=n.contains(a.ownerDocument,a);if(l.html5Clone||n.isXMLDoc(a)||!ua.test("<"+a.nodeName+">")?f=a.cloneNode(!0):(Ba.innerHTML=a.outerHTML,Ba.removeChild(f=Ba.firstChild)),!(l.noCloneEvent&&l.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||n.isXMLDoc(a)))for(d=ea(f),h=ea(a),g=0;null!=(e=h[g]);++g)d[g]&&Ga(e,d[g]);if(b)if(c)for(h=h||ea(a),d=d||ea(f),g=0;null!=(e=h[g]);g++)Fa(e,d[g]);else Fa(a,f);return d=ea(f,"script"),d.length>0&&fa(d,!i&&ea(a,"script")),d=h=e=null,f},cleanData:function(a,b){for(var d,e,f,g,h=0,i=n.expando,j=n.cache,k=l.attributes,m=n.event.special;null!=(d=a[h]);h++)if((b||M(d))&&(f=d[i],g=f&&j[f])){if(g.events)for(e in g.events)m[e]?n.event.remove(d,e):n.removeEvent(d,e,g.handle);j[f]&&(delete j[f],k||"undefined"==typeof d.removeAttribute?d[i]=void 0:d.removeAttribute(i),c.push(f))}}}),n.fn.extend({domManip:Ha,detach:function(a){return Ia(this,a,!0)},remove:function(a){return Ia(this,a)},text:function(a){return Y(this,function(a){return void 0===a?n.text(this):this.empty().append((this[0]&&this[0].ownerDocument||d).createTextNode(a))},null,a,arguments.length)},append:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.appendChild(a)}})},prepend:function(){return Ha(this,arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=Ca(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return Ha(this,arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},empty:function(){for(var a,b=0;null!=(a=this[b]);b++){1===a.nodeType&&n.cleanData(ea(a,!1));while(a.firstChild)a.removeChild(a.firstChild);a.options&&n.nodeName(a,"select")&&(a.options.length=0)}return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return n.clone(this,a,b)})},html:function(a){return Y(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a)return 1===b.nodeType?b.innerHTML.replace(ta,""):void 0;if("string"==typeof a&&!wa.test(a)&&(l.htmlSerialize||!ua.test(a))&&(l.leadingWhitespace||!aa.test(a))&&!da[($.exec(a)||["",""])[1].toLowerCase()]){a=n.htmlPrefilter(a);try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(n.cleanData(ea(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=[];return Ha(this,arguments,function(b){var c=this.parentNode;n.inArray(this,a)<0&&(n.cleanData(ea(this)),c&&c.replaceChild(b,this))},a)}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=0,e=[],f=n(a),h=f.length-1;h>=d;d++)c=d===h?this:this.clone(!0),n(f[d])[b](c),g.apply(e,c.get());return this.pushStack(e)}});var Ja,Ka={HTML:"block",BODY:"block"};function La(a,b){var c=n(b.createElement(a)).appendTo(b.body),d=n.css(c[0],"display");return c.detach(),d}function Ma(a){var b=d,c=Ka[a];return c||(c=La(a,b),"none"!==c&&c||(Ja=(Ja||n("<iframe frameborder='0' width='0' height='0'/>")).appendTo(b.documentElement),b=(Ja[0].contentWindow||Ja[0].contentDocument).document,b.write(),b.close(),c=La(a,b),Ja.detach()),Ka[a]=c),c}var Na=/^margin/,Oa=new RegExp("^("+T+")(?!px)[a-z%]+$","i"),Pa=function(a,b,c,d){var e,f,g={};for(f in b)g[f]=a.style[f],a.style[f]=b[f];e=c.apply(a,d||[]);for(f in b)a.style[f]=g[f];return e},Qa=d.documentElement;!function(){var b,c,e,f,g,h,i=d.createElement("div"),j=d.createElement("div");if(j.style){j.style.cssText="float:left;opacity:.5",l.opacity="0.5"===j.style.opacity,l.cssFloat=!!j.style.cssFloat,j.style.backgroundClip="content-box",j.cloneNode(!0).style.backgroundClip="",l.clearCloneStyle="content-box"===j.style.backgroundClip,i=d.createElement("div"),i.style.cssText="border:0;width:8px;height:0;top:0;left:-9999px;padding:0;margin-top:1px;position:absolute",j.innerHTML="",i.appendChild(j),l.boxSizing=""===j.style.boxSizing||""===j.style.MozBoxSizing||""===j.style.WebkitBoxSizing,n.extend(l,{reliableHiddenOffsets:function(){return null==b&&k(),f},boxSizingReliable:function(){return null==b&&k(),e},pixelMarginRight:function(){return null==b&&k(),c},pixelPosition:function(){return null==b&&k(),b},reliableMarginRight:function(){return null==b&&k(),g},reliableMarginLeft:function(){return null==b&&k(),h}});function k(){var k,l,m=d.documentElement;m.appendChild(i),j.style.cssText="-webkit-box-sizing:border-box;box-sizing:border-box;position:relative;display:block;margin:auto;border:1px;padding:1px;top:1%;width:50%",b=e=h=!1,c=g=!0,a.getComputedStyle&&(l=a.getComputedStyle(j),b="1%"!==(l||{}).top,h="2px"===(l||{}).marginLeft,e="4px"===(l||{width:"4px"}).width,j.style.marginRight="50%",c="4px"===(l||{marginRight:"4px"}).marginRight,k=j.appendChild(d.createElement("div")),k.style.cssText=j.style.cssText="-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;display:block;margin:0;border:0;padding:0",k.style.marginRight=k.style.width="0",j.style.width="1px",g=!parseFloat((a.getComputedStyle(k)||{}).marginRight),j.removeChild(k)),j.style.display="none",f=0===j.getClientRects().length,f&&(j.style.display="",j.innerHTML="<table><tr><td></td><td>t</td></tr></table>",j.childNodes[0].style.borderCollapse="separate",k=j.getElementsByTagName("td"),k[0].style.cssText="margin:0;border:0;padding:0;display:none",f=0===k[0].offsetHeight,f&&(k[0].style.display="",k[1].style.display="none",f=0===k[0].offsetHeight)),m.removeChild(i)}}}();var Ra,Sa,Ta=/^(top|right|bottom|left)$/;a.getComputedStyle?(Ra=function(b){var c=b.ownerDocument.defaultView;return c&&c.opener||(c=a),c.getComputedStyle(b)},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c.getPropertyValue(b)||c[b]:void 0,""!==g&&void 0!==g||n.contains(a.ownerDocument,a)||(g=n.style(a,b)),c&&!l.pixelMarginRight()&&Oa.test(g)&&Na.test(b)&&(d=h.width,e=h.minWidth,f=h.maxWidth,h.minWidth=h.maxWidth=h.width=g,g=c.width,h.width=d,h.minWidth=e,h.maxWidth=f),void 0===g?g:g+""}):Qa.currentStyle&&(Ra=function(a){return a.currentStyle},Sa=function(a,b,c){var d,e,f,g,h=a.style;return c=c||Ra(a),g=c?c[b]:void 0,null==g&&h&&h[b]&&(g=h[b]),Oa.test(g)&&!Ta.test(b)&&(d=h.left,e=a.runtimeStyle,f=e&&e.left,f&&(e.left=a.currentStyle.left),h.left="fontSize"===b?"1em":g,g=h.pixelLeft+"px",h.left=d,f&&(e.left=f)),void 0===g?g:g+""||"auto"});function Ua(a,b){return{get:function(){return a()?void delete this.get:(this.get=b).apply(this,arguments)}}}var Va=/alpha\([^)]*\)/i,Wa=/opacity\s*=\s*([^)]*)/i,Xa=/^(none|table(?!-c[ea]).+)/,Ya=new RegExp("^("+T+")(.*)$","i"),Za={position:"absolute",visibility:"hidden",display:"block"},$a={letterSpacing:"0",fontWeight:"400"},_a=["Webkit","O","Moz","ms"],ab=d.createElement("div").style;function bb(a){if(a in ab)return a;var b=a.charAt(0).toUpperCase()+a.slice(1),c=_a.length;while(c--)if(a=_a[c]+b,a in ab)return a}function cb(a,b){for(var c,d,e,f=[],g=0,h=a.length;h>g;g++)d=a[g],d.style&&(f[g]=n._data(d,"olddisplay"),c=d.style.display,b?(f[g]||"none"!==c||(d.style.display=""),""===d.style.display&&W(d)&&(f[g]=n._data(d,"olddisplay",Ma(d.nodeName)))):(e=W(d),(c&&"none"!==c||!e)&&n._data(d,"olddisplay",e?c:n.css(d,"display"))));for(g=0;h>g;g++)d=a[g],d.style&&(b&&"none"!==d.style.display&&""!==d.style.display||(d.style.display=b?f[g]||"":"none"));return a}function db(a,b,c){var d=Ya.exec(b);return d?Math.max(0,d[1]-(c||0))+(d[2]||"px"):b}function eb(a,b,c,d,e){for(var f=c===(d?"border":"content")?4:"width"===b?1:0,g=0;4>f;f+=2)"margin"===c&&(g+=n.css(a,c+V[f],!0,e)),d?("content"===c&&(g-=n.css(a,"padding"+V[f],!0,e)),"margin"!==c&&(g-=n.css(a,"border"+V[f]+"Width",!0,e))):(g+=n.css(a,"padding"+V[f],!0,e),"padding"!==c&&(g+=n.css(a,"border"+V[f]+"Width",!0,e)));return g}function fb(a,b,c){var d=!0,e="width"===b?a.offsetWidth:a.offsetHeight,f=Ra(a),g=l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,f);if(0>=e||null==e){if(e=Sa(a,b,f),(0>e||null==e)&&(e=a.style[b]),Oa.test(e))return e;d=g&&(l.boxSizingReliable()||e===a.style[b]),e=parseFloat(e)||0}return e+eb(a,b,c||(g?"border":"content"),d,f)+"px"}n.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=Sa(a,"opacity");return""===c?"1":c}}}},cssNumber:{animationIterationCount:!0,columnCount:!0,fillOpacity:!0,flexGrow:!0,flexShrink:!0,fontWeight:!0,lineHeight:!0,opacity:!0,order:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":l.cssFloat?"cssFloat":"styleFloat"},style:function(a,b,c,d){if(a&&3!==a.nodeType&&8!==a.nodeType&&a.style){var e,f,g,h=n.camelCase(b),i=a.style;if(b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],void 0===c)return g&&"get"in g&&void 0!==(e=g.get(a,!1,d))?e:i[b];if(f=typeof c,"string"===f&&(e=U.exec(c))&&e[1]&&(c=X(a,b,e),f="number"),null!=c&&c===c&&("number"===f&&(c+=e&&e[3]||(n.cssNumber[h]?"":"px")),l.clearCloneStyle||""!==c||0!==b.indexOf("background")||(i[b]="inherit"),!(g&&"set"in g&&void 0===(c=g.set(a,c,d)))))try{i[b]=c}catch(j){}}},css:function(a,b,c,d){var e,f,g,h=n.camelCase(b);return b=n.cssProps[h]||(n.cssProps[h]=bb(h)||h),g=n.cssHooks[b]||n.cssHooks[h],g&&"get"in g&&(f=g.get(a,!0,c)),void 0===f&&(f=Sa(a,b,d)),"normal"===f&&b in $a&&(f=$a[b]),""===c||c?(e=parseFloat(f),c===!0||isFinite(e)?e||0:f):f}}),n.each(["height","width"],function(a,b){n.cssHooks[b]={get:function(a,c,d){return c?Xa.test(n.css(a,"display"))&&0===a.offsetWidth?Pa(a,Za,function(){return fb(a,b,d)}):fb(a,b,d):void 0},set:function(a,c,d){var e=d&&Ra(a);return db(a,c,d?eb(a,b,d,l.boxSizing&&"border-box"===n.css(a,"boxSizing",!1,e),e):0)}}}),l.opacity||(n.cssHooks.opacity={get:function(a,b){return Wa.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?.01*parseFloat(RegExp.$1)+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=n.isNumeric(b)?"alpha(opacity="+100*b+")":"",f=d&&d.filter||c.filter||"";c.zoom=1,(b>=1||""===b)&&""===n.trim(f.replace(Va,""))&&c.removeAttribute&&(c.removeAttribute("filter"),""===b||d&&!d.filter)||(c.filter=Va.test(f)?f.replace(Va,e):f+" "+e)}}),n.cssHooks.marginRight=Ua(l.reliableMarginRight,function(a,b){return b?Pa(a,{display:"inline-block"},Sa,[a,"marginRight"]):void 0}),n.cssHooks.marginLeft=Ua(l.reliableMarginLeft,function(a,b){return b?(parseFloat(Sa(a,"marginLeft"))||(n.contains(a.ownerDocument,a)?a.getBoundingClientRect().left-Pa(a,{
marginLeft:0},function(){return a.getBoundingClientRect().left}):0))+"px":void 0}),n.each({margin:"",padding:"",border:"Width"},function(a,b){n.cssHooks[a+b]={expand:function(c){for(var d=0,e={},f="string"==typeof c?c.split(" "):[c];4>d;d++)e[a+V[d]+b]=f[d]||f[d-2]||f[0];return e}},Na.test(a)||(n.cssHooks[a+b].set=db)}),n.fn.extend({css:function(a,b){return Y(this,function(a,b,c){var d,e,f={},g=0;if(n.isArray(b)){for(d=Ra(a),e=b.length;e>g;g++)f[b[g]]=n.css(a,b[g],!1,d);return f}return void 0!==c?n.style(a,b,c):n.css(a,b)},a,b,arguments.length>1)},show:function(){return cb(this,!0)},hide:function(){return cb(this)},toggle:function(a){return"boolean"==typeof a?a?this.show():this.hide():this.each(function(){W(this)?n(this).show():n(this).hide()})}});function gb(a,b,c,d,e){return new gb.prototype.init(a,b,c,d,e)}n.Tween=gb,gb.prototype={constructor:gb,init:function(a,b,c,d,e,f){this.elem=a,this.prop=c,this.easing=e||n.easing._default,this.options=b,this.start=this.now=this.cur(),this.end=d,this.unit=f||(n.cssNumber[c]?"":"px")},cur:function(){var a=gb.propHooks[this.prop];return a&&a.get?a.get(this):gb.propHooks._default.get(this)},run:function(a){var b,c=gb.propHooks[this.prop];return this.options.duration?this.pos=b=n.easing[this.easing](a,this.options.duration*a,0,1,this.options.duration):this.pos=b=a,this.now=(this.end-this.start)*b+this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):gb.propHooks._default.set(this),this}},gb.prototype.init.prototype=gb.prototype,gb.propHooks={_default:{get:function(a){var b;return 1!==a.elem.nodeType||null!=a.elem[a.prop]&&null==a.elem.style[a.prop]?a.elem[a.prop]:(b=n.css(a.elem,a.prop,""),b&&"auto"!==b?b:0)},set:function(a){n.fx.step[a.prop]?n.fx.step[a.prop](a):1!==a.elem.nodeType||null==a.elem.style[n.cssProps[a.prop]]&&!n.cssHooks[a.prop]?a.elem[a.prop]=a.now:n.style(a.elem,a.prop,a.now+a.unit)}}},gb.propHooks.scrollTop=gb.propHooks.scrollLeft={set:function(a){a.elem.nodeType&&a.elem.parentNode&&(a.elem[a.prop]=a.now)}},n.easing={linear:function(a){return a},swing:function(a){return.5-Math.cos(a*Math.PI)/2},_default:"swing"},n.fx=gb.prototype.init,n.fx.step={};var hb,ib,jb=/^(?:toggle|show|hide)$/,kb=/queueHooks$/;function lb(){return a.setTimeout(function(){hb=void 0}),hb=n.now()}function mb(a,b){var c,d={height:a},e=0;for(b=b?1:0;4>e;e+=2-b)c=V[e],d["margin"+c]=d["padding"+c]=a;return b&&(d.opacity=d.width=a),d}function nb(a,b,c){for(var d,e=(qb.tweeners[b]||[]).concat(qb.tweeners["*"]),f=0,g=e.length;g>f;f++)if(d=e[f].call(c,b,a))return d}function ob(a,b,c){var d,e,f,g,h,i,j,k,m=this,o={},p=a.style,q=a.nodeType&&W(a),r=n._data(a,"fxshow");c.queue||(h=n._queueHooks(a,"fx"),null==h.unqueued&&(h.unqueued=0,i=h.empty.fire,h.empty.fire=function(){h.unqueued||i()}),h.unqueued++,m.always(function(){m.always(function(){h.unqueued--,n.queue(a,"fx").length||h.empty.fire()})})),1===a.nodeType&&("height"in b||"width"in b)&&(c.overflow=[p.overflow,p.overflowX,p.overflowY],j=n.css(a,"display"),k="none"===j?n._data(a,"olddisplay")||Ma(a.nodeName):j,"inline"===k&&"none"===n.css(a,"float")&&(l.inlineBlockNeedsLayout&&"inline"!==Ma(a.nodeName)?p.zoom=1:p.display="inline-block")),c.overflow&&(p.overflow="hidden",l.shrinkWrapBlocks()||m.always(function(){p.overflow=c.overflow[0],p.overflowX=c.overflow[1],p.overflowY=c.overflow[2]}));for(d in b)if(e=b[d],jb.exec(e)){if(delete b[d],f=f||"toggle"===e,e===(q?"hide":"show")){if("show"!==e||!r||void 0===r[d])continue;q=!0}o[d]=r&&r[d]||n.style(a,d)}else j=void 0;if(n.isEmptyObject(o))"inline"===("none"===j?Ma(a.nodeName):j)&&(p.display=j);else{r?"hidden"in r&&(q=r.hidden):r=n._data(a,"fxshow",{}),f&&(r.hidden=!q),q?n(a).show():m.done(function(){n(a).hide()}),m.done(function(){var b;n._removeData(a,"fxshow");for(b in o)n.style(a,b,o[b])});for(d in o)g=nb(q?r[d]:0,d,m),d in r||(r[d]=g.start,q&&(g.end=g.start,g.start="width"===d||"height"===d?1:0))}}function pb(a,b){var c,d,e,f,g;for(c in a)if(d=n.camelCase(c),e=b[d],f=a[c],n.isArray(f)&&(e=f[1],f=a[c]=f[0]),c!==d&&(a[d]=f,delete a[c]),g=n.cssHooks[d],g&&"expand"in g){f=g.expand(f),delete a[d];for(c in f)c in a||(a[c]=f[c],b[c]=e)}else b[d]=e}function qb(a,b,c){var d,e,f=0,g=qb.prefilters.length,h=n.Deferred().always(function(){delete i.elem}),i=function(){if(e)return!1;for(var b=hb||lb(),c=Math.max(0,j.startTime+j.duration-b),d=c/j.duration||0,f=1-d,g=0,i=j.tweens.length;i>g;g++)j.tweens[g].run(f);return h.notifyWith(a,[j,f,c]),1>f&&i?c:(h.resolveWith(a,[j]),!1)},j=h.promise({elem:a,props:n.extend({},b),opts:n.extend(!0,{specialEasing:{},easing:n.easing._default},c),originalProperties:b,originalOptions:c,startTime:hb||lb(),duration:c.duration,tweens:[],createTween:function(b,c){var d=n.Tween(a,j.opts,b,c,j.opts.specialEasing[b]||j.opts.easing);return j.tweens.push(d),d},stop:function(b){var c=0,d=b?j.tweens.length:0;if(e)return this;for(e=!0;d>c;c++)j.tweens[c].run(1);return b?(h.notifyWith(a,[j,1,0]),h.resolveWith(a,[j,b])):h.rejectWith(a,[j,b]),this}}),k=j.props;for(pb(k,j.opts.specialEasing);g>f;f++)if(d=qb.prefilters[f].call(j,a,k,j.opts))return n.isFunction(d.stop)&&(n._queueHooks(j.elem,j.opts.queue).stop=n.proxy(d.stop,d)),d;return n.map(k,nb,j),n.isFunction(j.opts.start)&&j.opts.start.call(a,j),n.fx.timer(n.extend(i,{elem:a,anim:j,queue:j.opts.queue})),j.progress(j.opts.progress).done(j.opts.done,j.opts.complete).fail(j.opts.fail).always(j.opts.always)}n.Animation=n.extend(qb,{tweeners:{"*":[function(a,b){var c=this.createTween(a,b);return X(c.elem,a,U.exec(b),c),c}]},tweener:function(a,b){n.isFunction(a)?(b=a,a=["*"]):a=a.match(G);for(var c,d=0,e=a.length;e>d;d++)c=a[d],qb.tweeners[c]=qb.tweeners[c]||[],qb.tweeners[c].unshift(b)},prefilters:[ob],prefilter:function(a,b){b?qb.prefilters.unshift(a):qb.prefilters.push(a)}}),n.speed=function(a,b,c){var d=a&&"object"==typeof a?n.extend({},a):{complete:c||!c&&b||n.isFunction(a)&&a,duration:a,easing:c&&b||b&&!n.isFunction(b)&&b};return d.duration=n.fx.off?0:"number"==typeof d.duration?d.duration:d.duration in n.fx.speeds?n.fx.speeds[d.duration]:n.fx.speeds._default,null!=d.queue&&d.queue!==!0||(d.queue="fx"),d.old=d.complete,d.complete=function(){n.isFunction(d.old)&&d.old.call(this),d.queue&&n.dequeue(this,d.queue)},d},n.fn.extend({fadeTo:function(a,b,c,d){return this.filter(W).css("opacity",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){var e=n.isEmptyObject(a),f=n.speed(b,c,d),g=function(){var b=qb(this,n.extend({},a),f);(e||n._data(this,"finish"))&&b.stop(!0)};return g.finish=g,e||f.queue===!1?this.each(g):this.queue(f.queue,g)},stop:function(a,b,c){var d=function(a){var b=a.stop;delete a.stop,b(c)};return"string"!=typeof a&&(c=b,b=a,a=void 0),b&&a!==!1&&this.queue(a||"fx",[]),this.each(function(){var b=!0,e=null!=a&&a+"queueHooks",f=n.timers,g=n._data(this);if(e)g[e]&&g[e].stop&&d(g[e]);else for(e in g)g[e]&&g[e].stop&&kb.test(e)&&d(g[e]);for(e=f.length;e--;)f[e].elem!==this||null!=a&&f[e].queue!==a||(f[e].anim.stop(c),b=!1,f.splice(e,1));!b&&c||n.dequeue(this,a)})},finish:function(a){return a!==!1&&(a=a||"fx"),this.each(function(){var b,c=n._data(this),d=c[a+"queue"],e=c[a+"queueHooks"],f=n.timers,g=d?d.length:0;for(c.finish=!0,n.queue(this,a,[]),e&&e.stop&&e.stop.call(this,!0),b=f.length;b--;)f[b].elem===this&&f[b].queue===a&&(f[b].anim.stop(!0),f.splice(b,1));for(b=0;g>b;b++)d[b]&&d[b].finish&&d[b].finish.call(this);delete c.finish})}}),n.each(["toggle","show","hide"],function(a,b){var c=n.fn[b];n.fn[b]=function(a,d,e){return null==a||"boolean"==typeof a?c.apply(this,arguments):this.animate(mb(b,!0),a,d,e)}}),n.each({slideDown:mb("show"),slideUp:mb("hide"),slideToggle:mb("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(a,b){n.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),n.timers=[],n.fx.tick=function(){var a,b=n.timers,c=0;for(hb=n.now();c<b.length;c++)a=b[c],a()||b[c]!==a||b.splice(c--,1);b.length||n.fx.stop(),hb=void 0},n.fx.timer=function(a){n.timers.push(a),a()?n.fx.start():n.timers.pop()},n.fx.interval=13,n.fx.start=function(){ib||(ib=a.setInterval(n.fx.tick,n.fx.interval))},n.fx.stop=function(){a.clearInterval(ib),ib=null},n.fx.speeds={slow:600,fast:200,_default:400},n.fn.delay=function(b,c){return b=n.fx?n.fx.speeds[b]||b:b,c=c||"fx",this.queue(c,function(c,d){var e=a.setTimeout(c,b);d.stop=function(){a.clearTimeout(e)}})},function(){var a,b=d.createElement("input"),c=d.createElement("div"),e=d.createElement("select"),f=e.appendChild(d.createElement("option"));c=d.createElement("div"),c.setAttribute("className","t"),c.innerHTML="  <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",a=c.getElementsByTagName("a")[0],b.setAttribute("type","checkbox"),c.appendChild(b),a=c.getElementsByTagName("a")[0],a.style.cssText="top:1px",l.getSetAttribute="t"!==c.className,l.style=/top/.test(a.getAttribute("style")),l.hrefNormalized="/a"===a.getAttribute("href"),l.checkOn=!!b.value,l.optSelected=f.selected,l.enctype=!!d.createElement("form").enctype,e.disabled=!0,l.optDisabled=!f.disabled,b=d.createElement("input"),b.setAttribute("value",""),l.input=""===b.getAttribute("value"),b.value="t",b.setAttribute("type","radio"),l.radioValue="t"===b.value}();var rb=/\r/g,sb=/[\x20\t\r\n\f]+/g;n.fn.extend({val:function(a){var b,c,d,e=this[0];{if(arguments.length)return d=n.isFunction(a),this.each(function(c){var e;1===this.nodeType&&(e=d?a.call(this,c,n(this).val()):a,null==e?e="":"number"==typeof e?e+="":n.isArray(e)&&(e=n.map(e,function(a){return null==a?"":a+""})),b=n.valHooks[this.type]||n.valHooks[this.nodeName.toLowerCase()],b&&"set"in b&&void 0!==b.set(this,e,"value")||(this.value=e))});if(e)return b=n.valHooks[e.type]||n.valHooks[e.nodeName.toLowerCase()],b&&"get"in b&&void 0!==(c=b.get(e,"value"))?c:(c=e.value,"string"==typeof c?c.replace(rb,""):null==c?"":c)}}}),n.extend({valHooks:{option:{get:function(a){var b=n.find.attr(a,"value");return null!=b?b:n.trim(n.text(a)).replace(sb," ")}},select:{get:function(a){for(var b,c,d=a.options,e=a.selectedIndex,f="select-one"===a.type||0>e,g=f?null:[],h=f?e+1:d.length,i=0>e?h:f?e:0;h>i;i++)if(c=d[i],(c.selected||i===e)&&(l.optDisabled?!c.disabled:null===c.getAttribute("disabled"))&&(!c.parentNode.disabled||!n.nodeName(c.parentNode,"optgroup"))){if(b=n(c).val(),f)return b;g.push(b)}return g},set:function(a,b){var c,d,e=a.options,f=n.makeArray(b),g=e.length;while(g--)if(d=e[g],n.inArray(n.valHooks.option.get(d),f)>-1)try{d.selected=c=!0}catch(h){d.scrollHeight}else d.selected=!1;return c||(a.selectedIndex=-1),e}}}}),n.each(["radio","checkbox"],function(){n.valHooks[this]={set:function(a,b){return n.isArray(b)?a.checked=n.inArray(n(a).val(),b)>-1:void 0}},l.checkOn||(n.valHooks[this].get=function(a){return null===a.getAttribute("value")?"on":a.value})});var tb,ub,vb=n.expr.attrHandle,wb=/^(?:checked|selected)$/i,xb=l.getSetAttribute,yb=l.input;n.fn.extend({attr:function(a,b){return Y(this,n.attr,a,b,arguments.length>1)},removeAttr:function(a){return this.each(function(){n.removeAttr(this,a)})}}),n.extend({attr:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return"undefined"==typeof a.getAttribute?n.prop(a,b,c):(1===f&&n.isXMLDoc(a)||(b=b.toLowerCase(),e=n.attrHooks[b]||(n.expr.match.bool.test(b)?ub:tb)),void 0!==c?null===c?void n.removeAttr(a,b):e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:(a.setAttribute(b,c+""),c):e&&"get"in e&&null!==(d=e.get(a,b))?d:(d=n.find.attr(a,b),null==d?void 0:d))},attrHooks:{type:{set:function(a,b){if(!l.radioValue&&"radio"===b&&n.nodeName(a,"input")){var c=a.value;return a.setAttribute("type",b),c&&(a.value=c),b}}}},removeAttr:function(a,b){var c,d,e=0,f=b&&b.match(G);if(f&&1===a.nodeType)while(c=f[e++])d=n.propFix[c]||c,n.expr.match.bool.test(c)?yb&&xb||!wb.test(c)?a[d]=!1:a[n.camelCase("default-"+c)]=a[d]=!1:n.attr(a,c,""),a.removeAttribute(xb?c:d)}}),ub={set:function(a,b,c){return b===!1?n.removeAttr(a,c):yb&&xb||!wb.test(c)?a.setAttribute(!xb&&n.propFix[c]||c,c):a[n.camelCase("default-"+c)]=a[c]=!0,c}},n.each(n.expr.match.bool.source.match(/\w+/g),function(a,b){var c=vb[b]||n.find.attr;yb&&xb||!wb.test(b)?vb[b]=function(a,b,d){var e,f;return d||(f=vb[b],vb[b]=e,e=null!=c(a,b,d)?b.toLowerCase():null,vb[b]=f),e}:vb[b]=function(a,b,c){return c?void 0:a[n.camelCase("default-"+b)]?b.toLowerCase():null}}),yb&&xb||(n.attrHooks.value={set:function(a,b,c){return n.nodeName(a,"input")?void(a.defaultValue=b):tb&&tb.set(a,b,c)}}),xb||(tb={set:function(a,b,c){var d=a.getAttributeNode(c);return d||a.setAttributeNode(d=a.ownerDocument.createAttribute(c)),d.value=b+="","value"===c||b===a.getAttribute(c)?b:void 0}},vb.id=vb.name=vb.coords=function(a,b,c){var d;return c?void 0:(d=a.getAttributeNode(b))&&""!==d.value?d.value:null},n.valHooks.button={get:function(a,b){var c=a.getAttributeNode(b);return c&&c.specified?c.value:void 0},set:tb.set},n.attrHooks.contenteditable={set:function(a,b,c){tb.set(a,""===b?!1:b,c)}},n.each(["width","height"],function(a,b){n.attrHooks[b]={set:function(a,c){return""===c?(a.setAttribute(b,"auto"),c):void 0}}})),l.style||(n.attrHooks.style={get:function(a){return a.style.cssText||void 0},set:function(a,b){return a.style.cssText=b+""}});var zb=/^(?:input|select|textarea|button|object)$/i,Ab=/^(?:a|area)$/i;n.fn.extend({prop:function(a,b){return Y(this,n.prop,a,b,arguments.length>1)},removeProp:function(a){return a=n.propFix[a]||a,this.each(function(){try{this[a]=void 0,delete this[a]}catch(b){}})}}),n.extend({prop:function(a,b,c){var d,e,f=a.nodeType;if(3!==f&&8!==f&&2!==f)return 1===f&&n.isXMLDoc(a)||(b=n.propFix[b]||b,e=n.propHooks[b]),void 0!==c?e&&"set"in e&&void 0!==(d=e.set(a,c,b))?d:a[b]=c:e&&"get"in e&&null!==(d=e.get(a,b))?d:a[b]},propHooks:{tabIndex:{get:function(a){var b=n.find.attr(a,"tabindex");return b?parseInt(b,10):zb.test(a.nodeName)||Ab.test(a.nodeName)&&a.href?0:-1}}},propFix:{"for":"htmlFor","class":"className"}}),l.hrefNormalized||n.each(["href","src"],function(a,b){n.propHooks[b]={get:function(a){return a.getAttribute(b,4)}}}),l.optSelected||(n.propHooks.selected={get:function(a){var b=a.parentNode;return b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex),null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),n.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){n.propFix[this.toLowerCase()]=this}),l.enctype||(n.propFix.enctype="encoding");var Bb=/[\t\r\n\f]/g;function Cb(a){return n.attr(a,"class")||""}n.fn.extend({addClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).addClass(a.call(this,b,Cb(this)))});if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])d.indexOf(" "+f+" ")<0&&(d+=f+" ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},removeClass:function(a){var b,c,d,e,f,g,h,i=0;if(n.isFunction(a))return this.each(function(b){n(this).removeClass(a.call(this,b,Cb(this)))});if(!arguments.length)return this.attr("class","");if("string"==typeof a&&a){b=a.match(G)||[];while(c=this[i++])if(e=Cb(c),d=1===c.nodeType&&(" "+e+" ").replace(Bb," ")){g=0;while(f=b[g++])while(d.indexOf(" "+f+" ")>-1)d=d.replace(" "+f+" "," ");h=n.trim(d),e!==h&&n.attr(c,"class",h)}}return this},toggleClass:function(a,b){var c=typeof a;return"boolean"==typeof b&&"string"===c?b?this.addClass(a):this.removeClass(a):n.isFunction(a)?this.each(function(c){n(this).toggleClass(a.call(this,c,Cb(this),b),b)}):this.each(function(){var b,d,e,f;if("string"===c){d=0,e=n(this),f=a.match(G)||[];while(b=f[d++])e.hasClass(b)?e.removeClass(b):e.addClass(b)}else void 0!==a&&"boolean"!==c||(b=Cb(this),b&&n._data(this,"__className__",b),n.attr(this,"class",b||a===!1?"":n._data(this,"__className__")||""))})},hasClass:function(a){var b,c,d=0;b=" "+a+" ";while(c=this[d++])if(1===c.nodeType&&(" "+Cb(c)+" ").replace(Bb," ").indexOf(b)>-1)return!0;return!1}}),n.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(a,b){n.fn[b]=function(a,c){return arguments.length>0?this.on(b,null,a,c):this.trigger(b)}}),n.fn.extend({hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}});var Db=a.location,Eb=n.now(),Fb=/\?/,Gb=/(,)|(\[|{)|(}|])|"(?:[^"\\\r\n]|\\["\\\/bfnrt]|\\u[\da-fA-F]{4})*"\s*:?|true|false|null|-?(?!0\d)\d+(?:\.\d+|)(?:[eE][+-]?\d+|)/g;n.parseJSON=function(b){if(a.JSON&&a.JSON.parse)return a.JSON.parse(b+"");var c,d=null,e=n.trim(b+"");return e&&!n.trim(e.replace(Gb,function(a,b,e,f){return c&&b&&(d=0),0===d?a:(c=e||b,d+=!f-!e,"")}))?Function("return "+e)():n.error("Invalid JSON: "+b)},n.parseXML=function(b){var c,d;if(!b||"string"!=typeof b)return null;try{a.DOMParser?(d=new a.DOMParser,c=d.parseFromString(b,"text/xml")):(c=new a.ActiveXObject("Microsoft.XMLDOM"),c.async="false",c.loadXML(b))}catch(e){c=void 0}return c&&c.documentElement&&!c.getElementsByTagName("parsererror").length||n.error("Invalid XML: "+b),c};var Hb=/#.*$/,Ib=/([?&])_=[^&]*/,Jb=/^(.*?):[ \t]*([^\r\n]*)\r?$/gm,Kb=/^(?:about|app|app-storage|.+-extension|file|res|widget):$/,Lb=/^(?:GET|HEAD)$/,Mb=/^\/\//,Nb=/^([\w.+-]+:)(?:\/\/(?:[^\/?#]*@|)([^\/?#:]*)(?::(\d+)|)|)/,Ob={},Pb={},Qb="*/".concat("*"),Rb=Db.href,Sb=Nb.exec(Rb.toLowerCase())||[];function Tb(a){return function(b,c){"string"!=typeof b&&(c=b,b="*");var d,e=0,f=b.toLowerCase().match(G)||[];if(n.isFunction(c))while(d=f[e++])"+"===d.charAt(0)?(d=d.slice(1)||"*",(a[d]=a[d]||[]).unshift(c)):(a[d]=a[d]||[]).push(c)}}function Ub(a,b,c,d){var e={},f=a===Pb;function g(h){var i;return e[h]=!0,n.each(a[h]||[],function(a,h){var j=h(b,c,d);return"string"!=typeof j||f||e[j]?f?!(i=j):void 0:(b.dataTypes.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function Vb(a,b){var c,d,e=n.ajaxSettings.flatOptions||{};for(d in b)void 0!==b[d]&&((e[d]?a:c||(c={}))[d]=b[d]);return c&&n.extend(!0,a,c),a}function Wb(a,b,c){var d,e,f,g,h=a.contents,i=a.dataTypes;while("*"===i[0])i.shift(),void 0===e&&(e=a.mimeType||b.getResponseHeader("Content-Type"));if(e)for(g in h)if(h[g]&&h[g].test(e)){i.unshift(g);break}if(i[0]in c)f=i[0];else{for(g in c){if(!i[0]||a.converters[g+" "+i[0]]){f=g;break}d||(d=g)}f=f||d}return f?(f!==i[0]&&i.unshift(f),c[f]):void 0}function Xb(a,b,c,d){var e,f,g,h,i,j={},k=a.dataTypes.slice();if(k[1])for(g in a.converters)j[g.toLowerCase()]=a.converters[g];f=k.shift();while(f)if(a.responseFields[f]&&(c[a.responseFields[f]]=b),!i&&d&&a.dataFilter&&(b=a.dataFilter(b,a.dataType)),i=f,f=k.shift())if("*"===f)f=i;else if("*"!==i&&i!==f){if(g=j[i+" "+f]||j["* "+f],!g)for(e in j)if(h=e.split(" "),h[1]===f&&(g=j[i+" "+h[0]]||j["* "+h[0]])){g===!0?g=j[e]:j[e]!==!0&&(f=h[0],k.unshift(h[1]));break}if(g!==!0)if(g&&a["throws"])b=g(b);else try{b=g(b)}catch(l){return{state:"parsererror",error:g?l:"No conversion from "+i+" to "+f}}}return{state:"success",data:b}}n.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:Rb,type:"GET",isLocal:Kb.test(Sb[1]),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":Qb,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/\bxml\b/,html:/\bhtml/,json:/\bjson\b/},responseFields:{xml:"responseXML",text:"responseText",json:"responseJSON"},converters:{"* text":String,"text html":!0,"text json":n.parseJSON,"text xml":n.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(a,b){return b?Vb(Vb(a,n.ajaxSettings),b):Vb(n.ajaxSettings,a)},ajaxPrefilter:Tb(Ob),ajaxTransport:Tb(Pb),ajax:function(b,c){"object"==typeof b&&(c=b,b=void 0),c=c||{};var d,e,f,g,h,i,j,k,l=n.ajaxSetup({},c),m=l.context||l,o=l.context&&(m.nodeType||m.jquery)?n(m):n.event,p=n.Deferred(),q=n.Callbacks("once memory"),r=l.statusCode||{},s={},t={},u=0,v="canceled",w={readyState:0,getResponseHeader:function(a){var b;if(2===u){if(!k){k={};while(b=Jb.exec(g))k[b[1].toLowerCase()]=b[2]}b=k[a.toLowerCase()]}return null==b?null:b},getAllResponseHeaders:function(){return 2===u?g:null},setRequestHeader:function(a,b){var c=a.toLowerCase();return u||(a=t[c]=t[c]||a,s[a]=b),this},overrideMimeType:function(a){return u||(l.mimeType=a),this},statusCode:function(a){var b;if(a)if(2>u)for(b in a)r[b]=[r[b],a[b]];else w.always(a[w.status]);return this},abort:function(a){var b=a||v;return j&&j.abort(b),y(0,b),this}};if(p.promise(w).complete=q.add,w.success=w.done,w.error=w.fail,l.url=((b||l.url||Rb)+"").replace(Hb,"").replace(Mb,Sb[1]+"//"),l.type=c.method||c.type||l.method||l.type,l.dataTypes=n.trim(l.dataType||"*").toLowerCase().match(G)||[""],null==l.crossDomain&&(d=Nb.exec(l.url.toLowerCase()),l.crossDomain=!(!d||d[1]===Sb[1]&&d[2]===Sb[2]&&(d[3]||("http:"===d[1]?"80":"443"))===(Sb[3]||("http:"===Sb[1]?"80":"443")))),l.data&&l.processData&&"string"!=typeof l.data&&(l.data=n.param(l.data,l.traditional)),Ub(Ob,l,c,w),2===u)return w;i=n.event&&l.global,i&&0===n.active++&&n.event.trigger("ajaxStart"),l.type=l.type.toUpperCase(),l.hasContent=!Lb.test(l.type),f=l.url,l.hasContent||(l.data&&(f=l.url+=(Fb.test(f)?"&":"?")+l.data,delete l.data),l.cache===!1&&(l.url=Ib.test(f)?f.replace(Ib,"$1_="+Eb++):f+(Fb.test(f)?"&":"?")+"_="+Eb++)),l.ifModified&&(n.lastModified[f]&&w.setRequestHeader("If-Modified-Since",n.lastModified[f]),n.etag[f]&&w.setRequestHeader("If-None-Match",n.etag[f])),(l.data&&l.hasContent&&l.contentType!==!1||c.contentType)&&w.setRequestHeader("Content-Type",l.contentType),w.setRequestHeader("Accept",l.dataTypes[0]&&l.accepts[l.dataTypes[0]]?l.accepts[l.dataTypes[0]]+("*"!==l.dataTypes[0]?", "+Qb+"; q=0.01":""):l.accepts["*"]);for(e in l.headers)w.setRequestHeader(e,l.headers[e]);if(l.beforeSend&&(l.beforeSend.call(m,w,l)===!1||2===u))return w.abort();v="abort";for(e in{success:1,error:1,complete:1})w[e](l[e]);if(j=Ub(Pb,l,c,w)){if(w.readyState=1,i&&o.trigger("ajaxSend",[w,l]),2===u)return w;l.async&&l.timeout>0&&(h=a.setTimeout(function(){w.abort("timeout")},l.timeout));try{u=1,j.send(s,y)}catch(x){if(!(2>u))throw x;y(-1,x)}}else y(-1,"No Transport");function y(b,c,d,e){var k,s,t,v,x,y=c;2!==u&&(u=2,h&&a.clearTimeout(h),j=void 0,g=e||"",w.readyState=b>0?4:0,k=b>=200&&300>b||304===b,d&&(v=Wb(l,w,d)),v=Xb(l,v,w,k),k?(l.ifModified&&(x=w.getResponseHeader("Last-Modified"),x&&(n.lastModified[f]=x),x=w.getResponseHeader("etag"),x&&(n.etag[f]=x)),204===b||"HEAD"===l.type?y="nocontent":304===b?y="notmodified":(y=v.state,s=v.data,t=v.error,k=!t)):(t=y,!b&&y||(y="error",0>b&&(b=0))),w.status=b,w.statusText=(c||y)+"",k?p.resolveWith(m,[s,y,w]):p.rejectWith(m,[w,y,t]),w.statusCode(r),r=void 0,i&&o.trigger(k?"ajaxSuccess":"ajaxError",[w,l,k?s:t]),q.fireWith(m,[w,y]),i&&(o.trigger("ajaxComplete",[w,l]),--n.active||n.event.trigger("ajaxStop")))}return w},getJSON:function(a,b,c){return n.get(a,b,c,"json")},getScript:function(a,b){return n.get(a,void 0,b,"script")}}),n.each(["get","post"],function(a,b){n[b]=function(a,c,d,e){return n.isFunction(c)&&(e=e||d,d=c,c=void 0),n.ajax(n.extend({url:a,type:b,dataType:e,data:c,success:d},n.isPlainObject(a)&&a))}}),n._evalUrl=function(a){return n.ajax({url:a,type:"GET",dataType:"script",cache:!0,async:!1,global:!1,"throws":!0})},n.fn.extend({wrapAll:function(a){if(n.isFunction(a))return this.each(function(b){n(this).wrapAll(a.call(this,b))});if(this[0]){var b=n(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&1===a.firstChild.nodeType)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){return n.isFunction(a)?this.each(function(b){n(this).wrapInner(a.call(this,b))}):this.each(function(){var b=n(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=n.isFunction(a);return this.each(function(c){n(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){n.nodeName(this,"body")||n(this).replaceWith(this.childNodes)}).end()}});function Yb(a){return a.style&&a.style.display||n.css(a,"display")}function Zb(a){if(!n.contains(a.ownerDocument||d,a))return!0;while(a&&1===a.nodeType){if("none"===Yb(a)||"hidden"===a.type)return!0;a=a.parentNode}return!1}n.expr.filters.hidden=function(a){return l.reliableHiddenOffsets()?a.offsetWidth<=0&&a.offsetHeight<=0&&!a.getClientRects().length:Zb(a)},n.expr.filters.visible=function(a){return!n.expr.filters.hidden(a)};var $b=/%20/g,_b=/\[\]$/,ac=/\r?\n/g,bc=/^(?:submit|button|image|reset|file)$/i,cc=/^(?:input|select|textarea|keygen)/i;function dc(a,b,c,d){var e;if(n.isArray(b))n.each(b,function(b,e){c||_b.test(a)?d(a,e):dc(a+"["+("object"==typeof e&&null!=e?b:"")+"]",e,c,d)});else if(c||"object"!==n.type(b))d(a,b);else for(e in b)dc(a+"["+e+"]",b[e],c,d)}n.param=function(a,b){var c,d=[],e=function(a,b){b=n.isFunction(b)?b():null==b?"":b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};if(void 0===b&&(b=n.ajaxSettings&&n.ajaxSettings.traditional),n.isArray(a)||a.jquery&&!n.isPlainObject(a))n.each(a,function(){e(this.name,this.value)});else for(c in a)dc(c,a[c],b,e);return d.join("&").replace($b,"+")},n.fn.extend({serialize:function(){return n.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var a=n.prop(this,"elements");return a?n.makeArray(a):this}).filter(function(){var a=this.type;return this.name&&!n(this).is(":disabled")&&cc.test(this.nodeName)&&!bc.test(a)&&(this.checked||!Z.test(a))}).map(function(a,b){var c=n(this).val();return null==c?null:n.isArray(c)?n.map(c,function(a){return{name:b.name,value:a.replace(ac,"\r\n")}}):{name:b.name,value:c.replace(ac,"\r\n")}}).get()}}),n.ajaxSettings.xhr=void 0!==a.ActiveXObject?function(){return this.isLocal?ic():d.documentMode>8?hc():/^(get|post|head|put|delete|options)$/i.test(this.type)&&hc()||ic()}:hc;var ec=0,fc={},gc=n.ajaxSettings.xhr();a.attachEvent&&a.attachEvent("onunload",function(){for(var a in fc)fc[a](void 0,!0)}),l.cors=!!gc&&"withCredentials"in gc,gc=l.ajax=!!gc,gc&&n.ajaxTransport(function(b){if(!b.crossDomain||l.cors){var c;return{send:function(d,e){var f,g=b.xhr(),h=++ec;if(g.open(b.type,b.url,b.async,b.username,b.password),b.xhrFields)for(f in b.xhrFields)g[f]=b.xhrFields[f];b.mimeType&&g.overrideMimeType&&g.overrideMimeType(b.mimeType),b.crossDomain||d["X-Requested-With"]||(d["X-Requested-With"]="XMLHttpRequest");for(f in d)void 0!==d[f]&&g.setRequestHeader(f,d[f]+"");g.send(b.hasContent&&b.data||null),c=function(a,d){var f,i,j;if(c&&(d||4===g.readyState))if(delete fc[h],c=void 0,g.onreadystatechange=n.noop,d)4!==g.readyState&&g.abort();else{j={},f=g.status,"string"==typeof g.responseText&&(j.text=g.responseText);try{i=g.statusText}catch(k){i=""}f||!b.isLocal||b.crossDomain?1223===f&&(f=204):f=j.text?200:404}j&&e(f,i,j,g.getAllResponseHeaders())},b.async?4===g.readyState?a.setTimeout(c):g.onreadystatechange=fc[h]=c:c()},abort:function(){c&&c(void 0,!0)}}}});function hc(){try{return new a.XMLHttpRequest}catch(b){}}function ic(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}n.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/\b(?:java|ecma)script\b/},converters:{"text script":function(a){return n.globalEval(a),a}}}),n.ajaxPrefilter("script",function(a){void 0===a.cache&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),n.ajaxTransport("script",function(a){if(a.crossDomain){var b,c=d.head||n("head")[0]||d.documentElement;return{send:function(e,f){b=d.createElement("script"),b.async=!0,a.scriptCharset&&(b.charset=a.scriptCharset),b.src=a.url,b.onload=b.onreadystatechange=function(a,c){(c||!b.readyState||/loaded|complete/.test(b.readyState))&&(b.onload=b.onreadystatechange=null,b.parentNode&&b.parentNode.removeChild(b),b=null,c||f(200,"success"))},c.insertBefore(b,c.firstChild)},abort:function(){b&&b.onload(void 0,!0)}}}});var jc=[],kc=/(=)\?(?=&|$)|\?\?/;n.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var a=jc.pop()||n.expando+"_"+Eb++;return this[a]=!0,a}}),n.ajaxPrefilter("json jsonp",function(b,c,d){var e,f,g,h=b.jsonp!==!1&&(kc.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType||"").indexOf("application/x-www-form-urlencoded")&&kc.test(b.data)&&"data");return h||"jsonp"===b.dataTypes[0]?(e=b.jsonpCallback=n.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,h?b[h]=b[h].replace(kc,"$1"+e):b.jsonp!==!1&&(b.url+=(Fb.test(b.url)?"&":"?")+b.jsonp+"="+e),b.converters["script json"]=function(){return g||n.error(e+" was not called"),g[0]},b.dataTypes[0]="json",f=a[e],a[e]=function(){g=arguments},d.always(function(){void 0===f?n(a).removeProp(e):a[e]=f,b[e]&&(b.jsonpCallback=c.jsonpCallback,jc.push(e)),g&&n.isFunction(f)&&f(g[0]),g=f=void 0}),"script"):void 0}),n.parseHTML=function(a,b,c){if(!a||"string"!=typeof a)return null;"boolean"==typeof b&&(c=b,b=!1),b=b||d;var e=x.exec(a),f=!c&&[];return e?[b.createElement(e[1])]:(e=ja([a],b,f),f&&f.length&&n(f).remove(),n.merge([],e.childNodes))};var lc=n.fn.load;n.fn.load=function(a,b,c){if("string"!=typeof a&&lc)return lc.apply(this,arguments);var d,e,f,g=this,h=a.indexOf(" ");return h>-1&&(d=n.trim(a.slice(h,a.length)),a=a.slice(0,h)),n.isFunction(b)?(c=b,b=void 0):b&&"object"==typeof b&&(e="POST"),g.length>0&&n.ajax({url:a,type:e||"GET",dataType:"html",data:b}).done(function(a){f=arguments,g.html(d?n("<div>").append(n.parseHTML(a)).find(d):a)}).always(c&&function(a,b){g.each(function(){c.apply(this,f||[a.responseText,b,a])})}),this},n.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(a,b){n.fn[b]=function(a){return this.on(b,a)}}),n.expr.filters.animated=function(a){return n.grep(n.timers,function(b){return a===b.elem}).length};function mc(a){return n.isWindow(a)?a:9===a.nodeType?a.defaultView||a.parentWindow:!1}n.offset={setOffset:function(a,b,c){var d,e,f,g,h,i,j,k=n.css(a,"position"),l=n(a),m={};"static"===k&&(a.style.position="relative"),h=l.offset(),f=n.css(a,"top"),i=n.css(a,"left"),j=("absolute"===k||"fixed"===k)&&n.inArray("auto",[f,i])>-1,j?(d=l.position(),g=d.top,e=d.left):(g=parseFloat(f)||0,e=parseFloat(i)||0),n.isFunction(b)&&(b=b.call(a,c,n.extend({},h))),null!=b.top&&(m.top=b.top-h.top+g),null!=b.left&&(m.left=b.left-h.left+e),"using"in b?b.using.call(a,m):l.css(m)}},n.fn.extend({offset:function(a){if(arguments.length)return void 0===a?this:this.each(function(b){n.offset.setOffset(this,a,b)});var b,c,d={top:0,left:0},e=this[0],f=e&&e.ownerDocument;if(f)return b=f.documentElement,n.contains(b,e)?("undefined"!=typeof e.getBoundingClientRect&&(d=e.getBoundingClientRect()),c=mc(f),{top:d.top+(c.pageYOffset||b.scrollTop)-(b.clientTop||0),left:d.left+(c.pageXOffset||b.scrollLeft)-(b.clientLeft||0)}):d},position:function(){if(this[0]){var a,b,c={top:0,left:0},d=this[0];return"fixed"===n.css(d,"position")?b=d.getBoundingClientRect():(a=this.offsetParent(),b=this.offset(),n.nodeName(a[0],"html")||(c=a.offset()),c.top+=n.css(a[0],"borderTopWidth",!0),c.left+=n.css(a[0],"borderLeftWidth",!0)),{top:b.top-c.top-n.css(d,"marginTop",!0),left:b.left-c.left-n.css(d,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var a=this.offsetParent;while(a&&!n.nodeName(a,"html")&&"static"===n.css(a,"position"))a=a.offsetParent;return a||Qa})}}),n.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(a,b){var c=/Y/.test(b);n.fn[a]=function(d){return Y(this,function(a,d,e){var f=mc(a);return void 0===e?f?b in f?f[b]:f.document.documentElement[d]:a[d]:void(f?f.scrollTo(c?n(f).scrollLeft():e,c?e:n(f).scrollTop()):a[d]=e)},a,d,arguments.length,null)}}),n.each(["top","left"],function(a,b){n.cssHooks[b]=Ua(l.pixelPosition,function(a,c){return c?(c=Sa(a,b),Oa.test(c)?n(a).position()[b]+"px":c):void 0})}),n.each({Height:"height",Width:"width"},function(a,b){n.each({
padding:"inner"+a,content:b,"":"outer"+a},function(c,d){n.fn[d]=function(d,e){var f=arguments.length&&(c||"boolean"!=typeof d),g=c||(d===!0||e===!0?"margin":"border");return Y(this,function(b,c,d){var e;return n.isWindow(b)?b.document.documentElement["client"+a]:9===b.nodeType?(e=b.documentElement,Math.max(b.body["scroll"+a],e["scroll"+a],b.body["offset"+a],e["offset"+a],e["client"+a])):void 0===d?n.css(b,c,g):n.style(b,c,d,g)},b,f?d:void 0,f,null)}})}),n.fn.extend({bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return 1===arguments.length?this.off(a,"**"):this.off(b,a||"**",c)}}),n.fn.size=function(){return this.length},n.fn.andSelf=n.fn.addBack,"function"==typeof define&&define.amd&&define("jquery",[],function(){return n});var nc=a.jQuery,oc=a.$;return n.noConflict=function(b){return a.$===n&&(a.$=oc),b&&a.jQuery===n&&(a.jQuery=nc),n},b||(a.jQuery=a.$=n),n});
(function(c){var b,d,a;b=(function(){function e(h,f,g){var j;this.row=h;this.tree=f;this.settings=g;this.id=this.row.data(this.settings.nodeIdAttr);j=this.row.data(this.settings.parentIdAttr);if(j!=null&&j!==""){this.parentId=j}this.treeCell=c(this.row.children(this.settings.columnElType)[this.settings.column]);this.expander=c(this.settings.expanderTemplate);this.indenter=c(this.settings.indenterTemplate);this.children=[];this.initialized=false;this.treeCell.prepend(this.indenter)}e.prototype.addChild=function(f){return this.children.push(f)};e.prototype.ancestors=function(){var f,g;g=this;f=[];while(g=g.parentNode()){f.push(g)}return f};e.prototype.collapse=function(){if(this.collapsed()){return this}this.row.removeClass("expanded").addClass("collapsed");this._hideChildren();this.expander.attr("title",this.settings.stringExpand);if(this.initialized&&this.settings.onNodeCollapse!=null){this.settings.onNodeCollapse.apply(this)}return this};e.prototype.collapsed=function(){return this.row.hasClass("collapsed")};e.prototype.expand=function(){if(this.expanded()){return this}this.row.removeClass("collapsed").addClass("expanded");if(this.initialized&&this.settings.onNodeExpand!=null){this.settings.onNodeExpand.apply(this)}if(c(this.row).is(":visible")){this._showChildren()}this.expander.attr("title",this.settings.stringCollapse);return this};e.prototype.expanded=function(){return this.row.hasClass("expanded")};e.prototype.hide=function(){this._hideChildren();this.row.hide();return this};e.prototype.isBranchNode=function(){if(this.children.length>0||this.row.data(this.settings.branchAttr)===true){return true}else{return false}};e.prototype.updateBranchLeafClass=function(){this.row.removeClass("branch");this.row.removeClass("leaf");this.row.addClass(this.isBranchNode()?"branch":"leaf")};e.prototype.level=function(){return this.ancestors().length};e.prototype.parentNode=function(){if(this.parentId!=null){return this.tree[this.parentId]}else{return null}};e.prototype.removeChild=function(g){var f=c.inArray(g,this.children);return this.children.splice(f,1)};e.prototype.render=function(){var g,f=this.settings,h;if(f.expandable===true&&this.isBranchNode()){g=function(j){c(this).parents("table").treetable("node",c(this).parents("tr").data(f.nodeIdAttr)).toggle();return j.preventDefault()};this.indenter.html(this.expander);h=f.clickableNodeNames===true?this.treeCell:this.expander;h.off("click.treetable").on("click.treetable",g);h.off("keydown.treetable").on("keydown.treetable",function(j){if(j.keyCode==13){g.apply(this,[j])}})}this.indenter[0].style.paddingLeft=""+(this.level()*f.indent)+"px";return this};e.prototype.reveal=function(){if(this.parentId!=null){this.parentNode().reveal()}return this.expand()};e.prototype.setParent=function(f){if(this.parentId!=null){this.tree[this.parentId].removeChild(this)}this.parentId=f.id;this.row.data(this.settings.parentIdAttr,f.id);return f.addChild(this)};e.prototype.show=function(){if(!this.initialized){this._initialize()}this.row.show();if(this.expanded()){this._showChildren()}return this};e.prototype.toggle=function(){if(this.expanded()){this.collapse()}else{this.expand()}return this};e.prototype._hideChildren=function(){var k,j,g,h,f;h=this.children;f=[];for(j=0,g=h.length;j<g;j++){k=h[j];f.push(k.hide())}return f};e.prototype._initialize=function(){var f=this.settings;this.render();if(f.expandable===true&&f.initialState==="collapsed"){this.collapse()}else{this.expand()}if(f.onNodeInitialized!=null){f.onNodeInitialized.apply(this)}return this.initialized=true};e.prototype._showChildren=function(){var k,j,g,h,f;h=this.children;f=[];for(j=0,g=h.length;j<g;j++){k=h[j];f.push(k.show())}return f};return e})();d=(function(){function e(g,f){this.table=g;this.settings=f;this.tree={};this.nodes=[];this.roots=[]}e.prototype.collapseAll=function(){var h,k,g,j,f;j=this.nodes;f=[];for(k=0,g=j.length;k<g;k++){h=j[k];f.push(h.collapse())}return f};e.prototype.expandAll=function(){var h,k,g,j,f;j=this.nodes;f=[];for(k=0,g=j.length;k<g;k++){h=j[k];f.push(h.expand())}return f};e.prototype.findLastNode=function(f){if(f.children.length>0){return this.findLastNode(f.children[f.children.length-1])}else{return f}};e.prototype.loadRows=function(h){var g,j,f;if(h!=null){for(f=0;f<h.length;f++){j=c(h[f]);if(j.data(this.settings.nodeIdAttr)!=null){g=new b(j,this.tree,this.settings);this.nodes.push(g);this.tree[g.id]=g;if(g.parentId!=null&&this.tree[g.parentId]){this.tree[g.parentId].addChild(g)}else{this.roots.push(g)}}}}for(f=0;f<this.nodes.length;f++){g=this.nodes[f].updateBranchLeafClass()}return this};e.prototype.move=function(h,f){var g=h.parentNode();if(h!==f&&f.id!==h.parentId&&c.inArray(h,f.ancestors())===-1){h.setParent(f);this._moveRows(h,f);if(h.parentNode().children.length===1){h.parentNode().render()}}if(g){g.updateBranchLeafClass()}if(h.parentNode()){h.parentNode().updateBranchLeafClass()}h.updateBranchLeafClass();return this};e.prototype.removeNode=function(f){this.unloadBranch(f);f.row.remove();if(f.parentId!=null){f.parentNode().removeChild(f)}delete this.tree[f.id];this.nodes.splice(c.inArray(f,this.nodes),1);return this};e.prototype.render=function(){var g,j,f,h;h=this.roots;for(j=0,f=h.length;j<f;j++){g=h[j];g.show()}return this};e.prototype.sortBranch=function(g,f){g.children.sort(f);this._sortChildRows(g);return this};e.prototype.unloadBranch=function(h){var g=h.children.slice(0),f;for(f=0;f<g.length;f++){this.removeNode(g[f])}h.children=[];h.updateBranchLeafClass();return this};e.prototype._moveRows=function(j,f){var h=j.children,g;j.row.insertAfter(f.row);j.render();for(g=h.length-1;g>=0;g--){this._moveRows(h[g],j)}};e.prototype._sortChildRows=function(f){return this._moveRows(f,f)};return e})();a={init:function(e,g){var f;f=c.extend({branchAttr:"ttBranch",clickableNodeNames:false,column:0,columnElType:"td",expandable:false,expanderTemplate:"<a href='#'>&nbsp;</a>",indent:19,indenterTemplate:"<span class='indenter'></span>",initialState:"collapsed",nodeIdAttr:"ttId",parentIdAttr:"ttParentId",stringExpand:"Expand",stringCollapse:"Collapse",onInitialized:null,onNodeCollapse:null,onNodeExpand:null,onNodeInitialized:null},e);return this.each(function(){var j=c(this),h;if(g||j.data("treetable")===undefined){h=new d(this,f);h.loadRows(this.rows).render();j.addClass("treetable").data("treetable",h);if(f.onInitialized!=null){f.onInitialized.apply(h)}}return j})},destroy:function(){return this.each(function(){return c(this).removeData("treetable").removeClass("treetable")})},collapseAll:function(){this.data("treetable").collapseAll();return this},collapseNode:function(f){var e=this.data("treetable").tree[f];if(e){e.collapse()}else{throw new Error("Unknown node '"+f+"'")}return this},expandAll:function(){this.data("treetable").expandAll();return this},expandNode:function(f){var e=this.data("treetable").tree[f];if(e){if(!e.initialized){e._initialize()}e.expand()}else{throw new Error("Unknown node '"+f+"'")}return this},loadBranch:function(h,j){var f=this.data("treetable").settings,e=this.data("treetable").tree;j=c(j);if(h==null){this.append(j)}else{var g=this.data("treetable").findLastNode(h);j.insertAfter(g.row)}this.data("treetable").loadRows(j);j.filter("tr").each(function(){e[c(this).data(f.nodeIdAttr)].show()});if(h!=null){h.render().expand()}return this},move:function(h,g){var e,f;f=this.data("treetable").tree[h];e=this.data("treetable").tree[g];this.data("treetable").move(f,e);return this},node:function(e){return this.data("treetable").tree[e]},removeNode:function(f){var e=this.data("treetable").tree[f];if(e){this.data("treetable").removeNode(e)}else{throw new Error("Unknown node '"+f+"'")}return this},reveal:function(f){var e=this.data("treetable").tree[f];if(e){e.reveal()}else{throw new Error("Unknown node '"+f+"'")}return this},sortBranch:function(j,g){var h=this.data("treetable").settings,f,e;g=g||h.column;e=g;if(c.isNumeric(g)){e=function(m,k){var o,n,l;o=function(p){var q=p.row.find("td:eq("+g+")").text();return c.trim(q).toUpperCase()};n=o(m);l=o(k);if(n<l){return -1}if(n>l){return 1}return 0}}this.data("treetable").sortBranch(j,e);return this},unloadBranch:function(e){this.data("treetable").unloadBranch(e);return this}};c.fn.treetable=function(e){if(a[e]){return a[e].apply(this,Array.prototype.slice.call(arguments,1))}else{if(typeof e==="object"||!e){return a.init.apply(this,arguments)}else{return c.error("Method "+e+" does not exist on jQuery.treetable")}}};this.TreeTable||(this.TreeTable={});this.TreeTable.Node=b;this.TreeTable.Tree=d})(jQuery);
/*!
 * Bootstrap v3.3.7 (http://getbootstrap.com)
 * Copyright 2011-2016 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 */
;
/*!
 * Generated using the Bootstrap Customizer (https://getbootstrap.com/customize/?id=8160adef040364fa8f688f6065765caf)
 * Config saved to config.json and https://gist.github.com/8160adef040364fa8f688f6065765caf
 */
;if("undefined"==typeof jQuery){throw new Error("Bootstrap's JavaScript requires jQuery")}+function(a){var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3){throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}}(jQuery),+function(b){function c(g){return this.each(function(){var e=b(this),h=e.data("bs.alert");h||e.data("bs.alert",h=new f(this)),"string"==typeof g&&h[g].call(e)})}var a='[data-dismiss="alert"]',f=function(g){b(g).on("click",a,this.close)};f.VERSION="3.3.7",f.TRANSITION_DURATION=150,f.prototype.close=function(k){function h(){g.detach().trigger("closed.bs.alert").remove()}var l=b(this),j=l.attr("data-target");j||(j=l.attr("href"),j=j&&j.replace(/.*(?=#[^\s]*$)/,""));var g=b("#"===j?[]:j);k&&k.preventDefault(),g.length||(g=l.closest(".alert")),g.trigger(k=b.Event("close.bs.alert")),k.isDefaultPrevented()||(g.removeClass("in"),b.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",h).emulateTransitionEnd(f.TRANSITION_DURATION):h())};var d=b.fn.alert;b.fn.alert=c,b.fn.alert.Constructor=f,b.fn.alert.noConflict=function(){return b.fn.alert=d,this},b(document).on("click.bs.alert.data-api",a,f.prototype.close)}(jQuery),+function(d){function h(l){var a=l.attr("data-target");a||(a=l.attr("href"),a=a&&/#[A-Za-z]/.test(a)&&a.replace(/.*(?=#[^\s]*$)/,""));var m=a&&d(a);return m&&m.length?m:l.parent()}function c(a){a&&3===a.which||(d(j).remove(),d(f).each(function(){var m=d(this),l=h(m),e={relatedTarget:this};l.hasClass("open")&&(a&&"click"==a.type&&/input|textarea/i.test(a.target.tagName)&&d.contains(l[0],a.target)||(l.trigger(a=d.Event("hide.bs.dropdown",e)),a.isDefaultPrevented()||(m.attr("aria-expanded","false"),l.removeClass("open").trigger(d.Event("hidden.bs.dropdown",e)))))}))}function k(a){return this.each(function(){var e=d(this),l=e.data("bs.dropdown");l||e.data("bs.dropdown",l=new b(this)),"string"==typeof a&&l[a].call(e)})}var j=".dropdown-backdrop",f='[data-toggle="dropdown"]',b=function(a){d(a).on("click.bs.dropdown",this.toggle)};b.VERSION="3.3.7",b.prototype.toggle=function(q){var p=d(this);if(!p.is(".disabled, :disabled")){var l=h(p),e=l.hasClass("open");if(c(),!e){"ontouchstart" in document.documentElement&&!l.closest(".navbar-nav").length&&d(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(d(this)).on("click",c);var m={relatedTarget:this};if(l.trigger(q=d.Event("show.bs.dropdown",m)),q.isDefaultPrevented()){return}p.trigger("focus").attr("aria-expanded","true"),l.toggleClass("open").trigger(d.Event("shown.bs.dropdown",m))}return !1}},b.prototype.keydown=function(p){if(/(38|40|27|32)/.test(p.which)&&!/input|textarea/i.test(p.target.tagName)){var u=d(this);if(p.preventDefault(),p.stopPropagation(),!u.is(".disabled, :disabled")){var t=h(u),m=t.hasClass("open");if(!m&&27!=p.which||m&&27==p.which){return 27==p.which&&t.find(f).trigger("focus"),u.trigger("click")}var q=" li:not(.disabled):visible a",s=t.find(".dropdown-menu"+q);if(s.length){var e=s.index(p.target);38==p.which&&e>0&&e--,40==p.which&&e<s.length-1&&e++,~e||(e=0),s.eq(e).trigger("focus")}}}};var g=d.fn.dropdown;d.fn.dropdown=k,d.fn.dropdown.Constructor=b,d.fn.dropdown.noConflict=function(){return d.fn.dropdown=g,this},d(document).on("click.bs.dropdown.data-api",c).on("click.bs.dropdown.data-api",".dropdown form",function(a){a.stopPropagation()}).on("click.bs.dropdown.data-api",f,b.prototype.toggle).on("keydown.bs.dropdown.data-api",f,b.prototype.keydown).on("keydown.bs.dropdown.data-api",".dropdown-menu",b.prototype.keydown)}(jQuery),+function(b){function c(f,g){return this.each(function(){var j=b(this),h=j.data("bs.modal"),e=b.extend({},a.DEFAULTS,j.data(),"object"==typeof f&&f);h||j.data("bs.modal",h=new a(this,e)),"string"==typeof f?h[f](g):e.show&&h.show(g)})}var a=function(g,f){this.options=f,this.$body=b(document.body),this.$element=b(g),this.$dialog=this.$element.find(".modal-dialog"),this.$backdrop=null,this.isShown=null,this.originalBodyPad=null,this.scrollbarWidth=0,this.ignoreBackdropClick=!1,this.options.remote&&this.$element.find(".modal-content").load(this.options.remote,b.proxy(function(){this.$element.trigger("loaded.bs.modal")},this))};a.VERSION="3.3.7",a.TRANSITION_DURATION=300,a.BACKDROP_TRANSITION_DURATION=150,a.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},a.prototype.toggle=function(e){return this.isShown?this.hide():this.show(e)},a.prototype.show=function(f){var h=this,g=b.Event("show.bs.modal",{relatedTarget:f});this.$element.trigger(g),this.isShown||g.isDefaultPrevented()||(this.isShown=!0,this.checkScrollbar(),this.setScrollbar(),this.$body.addClass("modal-open"),this.escape(),this.resize(),this.$element.on("click.dismiss.bs.modal",'[data-dismiss="modal"]',b.proxy(this.hide,this)),this.$dialog.on("mousedown.dismiss.bs.modal",function(){h.$element.one("mouseup.dismiss.bs.modal",function(j){b(j.target).is(h.$element)&&(h.ignoreBackdropClick=!0)})}),this.backdrop(function(){var j=b.support.transition&&h.$element.hasClass("fade");h.$element.parent().length||h.$element.appendTo(h.$body),h.$element.show().scrollTop(0),h.adjustDialog(),j&&h.$element[0].offsetWidth,h.$element.addClass("in"),h.enforceFocus();var e=b.Event("shown.bs.modal",{relatedTarget:f});j?h.$dialog.one("bsTransitionEnd",function(){h.$element.trigger("focus").trigger(e)}).emulateTransitionEnd(a.TRANSITION_DURATION):h.$element.trigger("focus").trigger(e)}))},a.prototype.hide=function(f){f&&f.preventDefault(),f=b.Event("hide.bs.modal"),this.$element.trigger(f),this.isShown&&!f.isDefaultPrevented()&&(this.isShown=!1,this.escape(),this.resize(),b(document).off("focusin.bs.modal"),this.$element.removeClass("in").off("click.dismiss.bs.modal").off("mouseup.dismiss.bs.modal"),this.$dialog.off("mousedown.dismiss.bs.modal"),b.support.transition&&this.$element.hasClass("fade")?this.$element.one("bsTransitionEnd",b.proxy(this.hideModal,this)).emulateTransitionEnd(a.TRANSITION_DURATION):this.hideModal())},a.prototype.enforceFocus=function(){b(document).off("focusin.bs.modal").on("focusin.bs.modal",b.proxy(function(e){document===e.target||this.$element[0]===e.target||this.$element.has(e.target).length||this.$element.trigger("focus")},this))},a.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keydown.dismiss.bs.modal",b.proxy(function(e){27==e.which&&this.hide()},this)):this.isShown||this.$element.off("keydown.dismiss.bs.modal")},a.prototype.resize=function(){this.isShown?b(window).on("resize.bs.modal",b.proxy(this.handleUpdate,this)):b(window).off("resize.bs.modal")},a.prototype.hideModal=function(){var e=this;this.$element.hide(),this.backdrop(function(){e.$body.removeClass("modal-open"),e.resetAdjustments(),e.resetScrollbar(),e.$element.trigger("hidden.bs.modal")})},a.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null},a.prototype.backdrop=function(h){var k=this,j=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var g=b.support.transition&&j;if(this.$backdrop=b(document.createElement("div")).addClass("modal-backdrop "+j).appendTo(this.$body),this.$element.on("click.dismiss.bs.modal",b.proxy(function(e){return this.ignoreBackdropClick?void (this.ignoreBackdropClick=!1):void (e.target===e.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus():this.hide()))},this)),g&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!h){return}g?this.$backdrop.one("bsTransitionEnd",h).emulateTransitionEnd(a.BACKDROP_TRANSITION_DURATION):h()}else{if(!this.isShown&&this.$backdrop){this.$backdrop.removeClass("in");var f=function(){k.removeBackdrop(),h&&h()};b.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one("bsTransitionEnd",f).emulateTransitionEnd(a.BACKDROP_TRANSITION_DURATION):f()}else{h&&h()}}},a.prototype.handleUpdate=function(){this.adjustDialog()},a.prototype.adjustDialog=function(){var e=this.$element[0].scrollHeight>document.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&e?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!e?this.scrollbarWidth:""})},a.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},a.prototype.checkScrollbar=function(){var f=window.innerWidth;if(!f){var g=document.documentElement.getBoundingClientRect();f=g.right-Math.abs(g.left)}this.bodyIsOverflowing=document.body.clientWidth<f,this.scrollbarWidth=this.measureScrollbar()},a.prototype.setScrollbar=function(){var e=parseInt(this.$body.css("padding-right")||0,10);this.originalBodyPad=document.body.style.paddingRight||"",this.bodyIsOverflowing&&this.$body.css("padding-right",e+this.scrollbarWidth)},a.prototype.resetScrollbar=function(){this.$body.css("padding-right",this.originalBodyPad)},a.prototype.measureScrollbar=function(){var f=document.createElement("div");f.className="modal-scrollbar-measure",this.$body.append(f);var g=f.offsetWidth-f.clientWidth;return this.$body[0].removeChild(f),g};var d=b.fn.modal;b.fn.modal=c,b.fn.modal.Constructor=a,b.fn.modal.noConflict=function(){return b.fn.modal=d,this},b(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(f){var j=b(this),h=j.attr("href"),g=b(j.attr("data-target")||h&&h.replace(/.*(?=#[^\s]+$)/,"")),e=g.data("bs.modal")?"toggle":b.extend({remote:!/#/.test(h)&&h},g.data(),j.data());j.is("a")&&f.preventDefault(),g.one("show.bs.modal",function(k){k.isDefaultPrevented()||g.one("hidden.bs.modal",function(){j.is(":visible")&&j.trigger("focus")})}),c.call(g,e,this)})}(jQuery),+function(b){function c(h){var g,j=h.attr("data-target")||(g=h.attr("href"))&&g.replace(/.*(?=#[^\s]+$)/,"");return b(j)}function a(g){return this.each(function(){var e=b(this),j=e.data("bs.collapse"),h=b.extend({},f.DEFAULTS,e.data(),"object"==typeof g&&g);!j&&h.toggle&&/show|hide/.test(g)&&(h.toggle=!1),j||e.data("bs.collapse",j=new f(this,h)),"string"==typeof g&&j[g]()})}var f=function(h,g){this.$element=b(h),this.options=b.extend({},f.DEFAULTS,g),this.$trigger=b('[data-toggle="collapse"][href="#'+h.id+'"],[data-toggle="collapse"][data-target="#'+h.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};f.VERSION="3.3.7",f.TRANSITION_DURATION=350,f.DEFAULTS={toggle:!0},f.prototype.dimension=function(){var e=this.$element.hasClass("width");return e?"width":"height"},f.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var k,m=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(m&&m.length&&(k=m.data("bs.collapse"),k&&k.transitioning))){var h=b.Event("show.bs.collapse");if(this.$element.trigger(h),!h.isDefaultPrevented()){m&&m.length&&(a.call(m,"hide"),k||m.data("bs.collapse",null));var g=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[g](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var j=function(){this.$element.removeClass("collapsing").addClass("collapse in")[g](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!b.support.transition){return j.call(this)}var l=b.camelCase(["scroll",g].join("-"));this.$element.one("bsTransitionEnd",b.proxy(j,this)).emulateTransitionEnd(f.TRANSITION_DURATION)[g](this.$element[0][l])}}}},f.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var h=b.Event("hide.bs.collapse");if(this.$element.trigger(h),!h.isDefaultPrevented()){var g=this.dimension();this.$element[g](this.$element[g]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var j=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return b.support.transition?void this.$element[g](0).one("bsTransitionEnd",b.proxy(j,this)).emulateTransitionEnd(f.TRANSITION_DURATION):j.call(this)}}},f.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},f.prototype.getParent=function(){return b(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(b.proxy(function(e,h){var g=b(h);this.addAriaAndCollapsedClass(c(g),g)},this)).end()},f.prototype.addAriaAndCollapsedClass=function(h,j){var g=h.hasClass("in");h.attr("aria-expanded",g),j.toggleClass("collapsed",!g).attr("aria-expanded",g)};var d=b.fn.collapse;b.fn.collapse=a,b.fn.collapse.Constructor=f,b.fn.collapse.noConflict=function(){return b.fn.collapse=d,this},b(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(k){var j=b(this);j.attr("data-target")||k.preventDefault();var g=c(j),e=g.data("bs.collapse"),h=e?"toggle":j.data();a.call(g,h)})}(jQuery),+function(a){function b(){var d=document.createElement("bootstrap"),f={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in f){if(void 0!==d.style[c]){return{end:f[c]}}}return !1}a.fn.emulateTransitionEnd=function(d){var c=!1,g=this;a(this).one("bsTransitionEnd",function(){c=!0});var f=function(){c||a(g).trigger(a.support.transition.end)};return setTimeout(f,d),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(c){return a(c.target).is(this)?c.handleObj.handler.apply(this,arguments):void 0}})})}(jQuery);function openRuleDetailsDialog(d){var a=$('<button type="button" class="close btn btn-sm btn-default" data-dismiss="modal" aria-hidden="false" title="Close">&#x274c;</button>');var b=$('<div id="detail-modal" class="modal fade" tabindex="-1" role="dialog" aria-hidden="false"><div id="detail-modal-body" class="modal-body"></div></div>');$("body").prepend(b);var c=$("#rule-detail-"+d).clone();c.attr("id","");c.children(".panel-heading").append(a);a.css({"float":"right"});a.css({"margin-top":"-=23px"});$("#detail-modal-body").append(c);$("#detail-modal").on("hidden.bs.modal",function(f){$("#detail-modal").remove()});$("#detail-modal").modal();return false}function toggleRuleDisplay(b){var a=b.value;if(b.checked){$(".rule-overview-leaf-"+a).removeClass("rule-result-filtered");$(".rule-detail-"+a).removeClass("rule-result-filtered")}else{$(".rule-overview-leaf-"+a).addClass("rule-result-filtered");$(".rule-detail-"+a).addClass("rule-result-filtered")}stripeTreeTable()}function toggleResultDetails(b){var a=$("#result-details");if(a.is(":visible")){a.hide();$(b).html("Show all result details")}else{a.show();$(b).html("Hide all result details")}return false}function ruleSearchMatches(e,c){if(c.length==0){return true}var b=true;var d=e.children(".keywords").text().toLowerCase();var a;for(a=0;a<c.length;++a){if(d.indexOf(c[a].toLowerCase())<0){b=false;break}}return b}function ruleSearch(){var c=$("#search-input").val();var a=c.split(/[\s,\.;]+/);var b=0;$(".rule-detail").each(function(){var d=$(this).attr("id").substring(12);var e=$("#rule-overview-leaf-"+d);var f=$(this);if(ruleSearchMatches(f,a)){e.removeClass("search-no-match");f.removeClass("search-no-match");++b}else{e.addClass("search-no-match");f.addClass("search-no-match")}});if(!c){$("#search-matches").html("")}else{if(b>0){$("#search-matches").html(b.toString()+" rules match.")}else{$("#search-matches").html("No rules match your search criteria!")}}}var is_original=true;var original_treetable=null;$(document).ready(function(){$("#result-details").hide();$(".js-only").show();$(".form-group select").val("default");$(".toggle-rule-display").each(function(){toggleRuleDisplay(this)});original_treetable=$(".treetable").clone();$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});is_original=true;stripeTreeTable()});function resetTreetable(){if(!is_original){$(".treetable").remove();$("#rule-overview").append(original_treetable.clone());$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});$(".toggle-rule-display").each(function(){toggleRuleDisplay(this)});is_original=true}}function newGroupLine(a,c){var b=24;if(a.length>b){a=a.substring(0,b-1)+"…"}return'<tr class="rule-overview-inner-node" data-tt-id="'+c+'"><td colspan="3"><small>'+a+"</small> = <strong>"+c+"</strong></td></tr>"}var KeysEnum={DEFAULT:"default",SEVERITY:"severity",RESULT:"result",NIST:"NIST SP 800-53 ID",DISA_CCI:"DISA CCI",DISA_SRG:"DISA SRG",DISA_STIG_ID:"DISA STIG ID",PCI_DSS:"PCI DSS Requirement",CIS:"CIS Recommendation"};function getTargetGroupsList(f,d){switch(d){case KeysEnum.SEVERITY:var b=f.children(".rule-severity").text();return[b];case KeysEnum.RESULT:var a=f.children(".rule-result").text();return[a];default:try{var c=JSON.parse(f.attr("data-references"))}catch(e){return["unknown"]}if(!c.hasOwnProperty(d)){return["unknown"]}return c[d]}}function sortGroups(a,b){switch(b){case KeysEnum.SEVERITY:return["high","medium","low"];case KeysEnum.RESULT:return a.sort();default:return a.sort(function(e,d){var f=e.split(/[.()-]/);var g=d.split(/[.()-]/);var c=0;var j=Math.min(f.length,g.length);var h=/^[1-9][0-9]*$/;for(i=0;i<j&&c==0;i++){if(f[i].match(h)==null||f[i].match(h)==null){c=f[i].localeCompare(g[i])}else{c=parseInt(f[i])-parseInt(g[i])}}if(c==0){c=f.length-g.length}return c})}}function groupRulesBy(c){resetTreetable();if(c==KeysEnum.DEFAULT){return}var b={};$(".rule-overview-leaf").each(function(){$(this).children("td:first").css("padding-left","0px");var j=$(this).attr("data-tt-id");var g=getTargetGroupsList($(this),c);for(i=0;i<g.length;i++){var e=g[i];if(!b.hasOwnProperty(e)){b[e]=[newGroupLine(c,e)]}var h=$(this).clone();h.attr("data-tt-id",j+"copy"+i);h.attr("data-tt-parent-id",e);var f=h.wrap("<div>").parent().html();b[e].push(f)}});$(".treetable").remove();var a=sortGroups(Object.keys(b),c);var d="";for(i=0;i<a.length;i++){d+=b[a[i]].join("\n")}new_table='<table class="treetable table table-bordered"><thead><tr><th>Group</th> <th style="width: 120px; text-align: center">Severity</th><th style="width: 120px; text-align: center">Result</th></tr></thead><tbody>'+d+"</tbody></table>";$("#rule-overview").append(new_table);is_original=false;$(".treetable").treetable({column:0,expandable:true,clickableNodeNames:true,initialState:"expanded",indent:0});stripeTreeTable()}function stripeTreeTable(){var a=$(".rule-overview-leaf:not(.rule-result-filtered)");var b=false;$(a).each(function(){$(this).css("background-color",b?"#F9F9F9":"inherit");b=!b})};</script></head><body><nav class="navbar navbar-default"><div class="navbar-header" style="float: none"><a class="navbar-brand" href="#"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="52" height="52" id="svg2"><g transform="matrix(0.75266991,0,0,0.75266991,-17.752968,-104.57468)" id="g32"><path d="m 24.7,173.5 c 0,-9 3.5,-17.5 9.9,-23.9 6.8,-6.8 15.7,-10.4 25,-10 8.6,0.3 16.9,3.9 22.9,9.8 6.4,6.4 9.9,14.9 10,23.8 0.1,9.1 -3.5,17.8 -10,24.3 -13.2,13.2 -34.7,13.1 -48,-0.1 -1.5,-1.5 -1.9,-4.2 0.2,-6.2 l 9,-9 c -2,-3.6 -4.9,-13.1 2.6,-20.7 7.6,-7.6 18.6,-6 24.4,-0.2 3.3,3.3 5.1,7.6 5.1,12.1 0.1,4.6 -1.8,9.1 -5.3,12.5 -4.2,4.2 -10.2,5.8 -16.1,4.4 -1.5,-0.4 -2.4,-1.9 -2.1,-3.4 0.4,-1.5 1.9,-2.4 3.4,-2.1 4.1,1 8,-0.1 10.9,-2.9 2.3,-2.3 3.6,-5.3 3.6,-8.4 0,0 0,-0.1 0,-0.1 0,-3 -1.3,-5.9 -3.5,-8.2 -3.9,-3.9 -11.3,-4.9 -16.5,0.2 -6.3,6.3 -1.6,14.1 -1.6,14.2 1.5,2.4 0.7,5 -0.9,6.3 l -8.4,8.4 c 9.9,8.9 27.2,11.2 39.1,-0.8 5.4,-5.4 8.4,-12.5 8.4,-20 0,-0.1 0,-0.2 0,-0.3 -0.1,-7.5 -3,-14.6 -8.4,-19.9 -5,-5 -11.9,-8 -19.1,-8.2 -7.8,-0.3 -15.2,2.7 -20.9,8.4 -8.7,8.7 -8.7,19 -7.9,24.3 0.3,2.4 1.1,4.9 2.2,7.3 0.6,1.4 0,3.1 -1.4,3.7 -1.4,0.6 -3.1,0 -3.7,-1.4 -1.3,-2.9 -2.2,-5.8 -2.6,-8.7 -0.3,-1.7 -0.4,-3.5 -0.4,-5.2 z" id="path34" style="fill:#12497f"></path></g></svg></a><div><h1>OpenSCAP Evaluation Report</h1></div></div></nav><div class="container"><div id="content"><div id="introduction"><div class="row"><h2>Guide to the Secure Configuration of Red Hat Enterprise Linux 9</h2><div class="col-md-12 well well-lg horizontal-scroll"><div class="front-matter">The SCAP Security Guide Project<br>
    <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a>
   </div><div class="description">This guide presents a catalog of security-relevant
configuration settings for Red Hat Enterprise Linux 9. It is a rendering of
content structured in the eXtensible Configuration Checklist Description Format (XCCDF)
in order to support security automation.  The SCAP content is
is available in the <code>scap-security-guide</code> package which is developed at

    <a href="https://www.open-scap.org/security-policies/scap-security-guide">https://www.open-scap.org/security-policies/scap-security-guide</a>.
<br>
    <br>
Providing system administrators with such guidance informs them how to securely
configure systems under their control in a variety of network roles. Policy
makers and baseline creators can use this catalog of settings, with its
associated references to higher-level security control catalogs, in order to
assist them in security baseline creation. This guide is a <em>catalog, not a
checklist</em>, and satisfaction of every item is not likely to be possible or
sensible in many operational scenarios. However, the XCCDF format enables
granular selection and adjustment of settings, and their association with OVAL
and OCIL content provides an automated checking capability. Transformations of
this document, and its associated automated checking content, are capable of
providing baselines that meet a diverse set of policy objectives. Some example
XCCDF <em>Profiles</em>, which are selections of items that form checklists and
can be used as baselines, are available with this guide. They can be
processed, in an automated fashion, with tools that support the Security
Content Automation Protocol (SCAP). The DISA STIG, which provides required
settings for US Department of Defense systems, is one example of a baseline
created from this guidance.
</div><div class="top-spacer-10"><div class="alert alert-info">Do not attempt to implement any of the settings in
this guide without first testing them in a non-operational environment. The
creators of this guidance assume no responsibility whatsoever for its use by
other parties, and makes no guarantees, expressed or implied, about its
quality, reliability, or any other characteristic.
</div></div></div></div></div><div id="characteristics"><h2>Evaluation Characteristics</h2><div class="row"><div class="col-md-5 well well-lg horizontal-scroll"><table class="table table-bordered"><tr><th>Evaluation target</th><td>localhost</td></tr><tr><th>Benchmark URL</th><td>#scap_org.open-scap_comp_ssg-rhel9-xccdf.xml</td></tr><tr><th>Benchmark ID</th><td>xccdf_org.ssgproject.content_benchmark_RHEL-9</td></tr><tr><th>Benchmark version</th><td>0.1.73</td></tr><tr><th>Profile ID</th><td>xccdf_org.ssgproject.content_profile_stig_high_only</td></tr><tr><th>Started at</th><td>2024-07-25T20:42:44+00:00</td></tr><tr><th>Finished at</th><td>2024-07-25T20:42:46+00:00</td></tr><tr><th>Performed by</th><td>core</td></tr><tr><th>Test system</th><td>cpe:/a:redhat:openscap:1.3.10</td></tr></table></div><div class="col-md-3 horizontal-scroll"><h4>CPE Platforms</h4><ul class="list-group"><li class="list-group-item"><span class="label label-success" title="CPE platform cpe:/o:redhat:enterprise_linux:9 was found applicable on the evaluated machine">cpe:/o:redhat:enterprise_linux:9</span></li></ul></div><div class="col-md-4 horizontal-scroll"><h4>Addresses</h4><ul class="list-group"><li class="list-group-item"><span class="label label-primary">IPv4</span>
                             127.0.0.1</li><li class="list-group-item"><span class="label label-primary">IPv4</span>
                             192.168.122.87</li><li class="list-group-item"><span class="label label-info">IPv6</span>
                             0:0:0:0:0:0:0:1</li><li class="list-group-item"><span class="label label-info">IPv6</span>
                             fe80:0:0:0:23a4:8e93:5a3:2d0a</li><li class="list-group-item"><span class="label label-default">MAC</span>
                             00:00:00:00:00:00</li><li class="list-group-item"><span class="label label-default">MAC</span>
                             52:54:00:92:D1:F0</li></ul></div></div></div><div id="compliance-and-scoring"><h2>Compliance and Scoring</h2><div class="alert alert-success"><strong>There were no failed or uncertain rules.</strong> It seems that no action is necessary.
                </div><h3>Rule results</h3><div class="progress" title="Displays proportion of passed/fixed, failed/error, and other rules (in that order). There were 27 rules taken into account."><div class="progress-bar progress-bar-success" style="width: 96.2962962962963%">26 passed
                    </div><div class="progress-bar progress-bar-danger" style="width: 0%">0 failed
                    </div><div class="progress-bar progress-bar-warning" style="width: 3.703703703703709%">1 other
                    </div></div><h3 title="As per the XCCDF specification">Score</h3><table class="table table-striped table-bordered"><thead><tr><th>Scoring system</th><th class="text-center">Score</th><th class="text-center">Maximum</th><th class="text-center" style="width: 40%">Percent</th></tr></thead><tbody><tr><td>urn:xccdf:scoring:default</td><td class="text-center">100.000000</td><td class="text-center">100.000000</td><td><div class="progress"><div class="progress-bar progress-bar-success" style="width: 100%">100%</div><div class="progress-bar progress-bar-danger" style="width: 0%"></div></div></td></tr></tbody></table></div><div id="rule-overview"><h2>Rule Overview</h2><div class="form-group js-only hidden-print"><div class="row"><div title="Filter rules by their XCCDF result"><div class="col-sm-2 toggle-rule-display-success"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="pass">pass</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fixed">fixed</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="informational">informational</label></div></div><div class="col-sm-2 toggle-rule-display-danger"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="fail">fail</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="error">error</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="unknown">unknown</label></div></div><div class="col-sm-2 toggle-rule-display-other"><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notchecked">notchecked</label></div><div class="checkbox"><label><input class="toggle-rule-display" type="checkbox" onclick="toggleRuleDisplay(this)" checked value="notapplicable">notapplicable</label></div></div></div><div class="col-sm-6"><div class="input-group"><input type="text" class="form-control" placeholder="Search through XCCDF rules" id="search-input" oninput="ruleSearch()"><div class="input-group-btn"><button class="btn btn-default" onclick="ruleSearch()">Search</button></div></div><p id="search-matches"></p>
                    Group rules by:
                    <select name="groupby" onchange="groupRulesBy(value)"><option value="default" selected>Default</option><option value="severity">Severity</option><option value="result">Result</option><option disabled>──────────</option><option value="cui">cui</option><option value="nist">nist</option><option value="anssi">anssi</option><option value="pcidss4">pcidss4</option><option value="nist-csf">nist-csf</option><option value="disa">disa</option><option value="app-srg">app-srg</option><option value="app-srg-ctr">app-srg-ctr</option><option value="os-srg">os-srg</option><option value="stigid">stigid</option><option value="stigref">stigref</option><option value="bsi">bsi</option><option value="ccn">ccn</option><option value="cis">cis</option><option value="cis-csc">cis-csc</option><option value="ism">ism</option><option value="cjis">cjis</option><option value="hipaa">hipaa</option><option value="isa-62443-2013">isa-62443-2013</option><option value="isa-62443-2009">isa-62443-2009</option><option value="cobit5">cobit5</option><option value="iso27001-2013">iso27001-2013</option><option value="nerc-cip">nerc-cip</option><option value="ospp">ospp</option><option value="pcidss">pcidss</option><option value="dcid">dcid</option></select></div></div></div><table class="treetable table table-bordered"><thead><tr><th>Title</th><th style="width: 120px; text-align: center">Severity</th><th style="width: 120px; text-align: center">Result</th></tr></thead><tbody><tr data-tt-id="xccdf_org.ssgproject.content_benchmark_RHEL-9" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_benchmark_RHEL-9"><td colspan="3" style="padding-left: 0px"><strong>Guide to the Secure Configuration of Red Hat Enterprise Linux 9</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_system" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_system" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_RHEL-9"><td colspan="3" style="padding-left: 19px"><strong>System Settings</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_software" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_software" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px"><strong>Installing and Maintaining Software</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_integrity" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_integrity" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">System and Software Integrity<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_integrity");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_fips" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_fips" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Federal Information Processing Standard (FIPS)<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_fips");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_enable_dracut_fips_module" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_enable_dracut_fips_module" id="rule-overview-leaf-idm45637211972544" data-tt-parent-id="xccdf_org.ssgproject.content_group_fips" data-references='{"nist":["SC-12(2)","SC-12(3)","IA-7","SC-13","CM-6(a)","SC-12"],"disa":["CCI-000068","CCI-000803","CCI-002450"],"os-srg":["SRG-OS-000478-GPOS-00223"],"stigid":["RHEL-09-671010"],"stigref":["SV-258230r926677_rule"],"ism":["1446"],"nerc-cip":["CIP-003-8 R4.2","CIP-007-3 R5.1"],"ospp":["FCS_RBG_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211972544" onclick="return openRuleDetailsDialog('idm45637211972544')">Enable Dracut FIPS Module</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_enable_fips_mode" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_enable_fips_mode" id="rule-overview-leaf-idm45637211968544" data-tt-parent-id="xccdf_org.ssgproject.content_group_fips" data-references='{"nist":["CM-3(6)","SC-12(2)","SC-12(3)","IA-7","SC-13","CM-6(a)","SC-12"],"disa":["CCI-000068","CCI-000803","CCI-002450"],"os-srg":["SRG-OS-000478-GPOS-00223","SRG-OS-000396-GPOS-00176"],"stigid":["RHEL-09-671010"],"stigref":["SV-258230r926677_rule"],"ism":["1446"],"nerc-cip":["CIP-003-8 R4.2","CIP-007-3 R5.1"],"ospp":["FCS_COP.1(1)","FCS_COP.1(2)","FCS_COP.1(3)","FCS_COP.1(4)","FCS_CKM.1","FCS_CKM.2","FCS_TLSC_EXT.1","FCS_RBG_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211968544" onclick="return openRuleDetailsDialog('idm45637211968544')">Enable FIPS Mode</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sysctl_crypto_fips_enabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sysctl_crypto_fips_enabled" id="rule-overview-leaf-idm45637211961680" data-tt-parent-id="xccdf_org.ssgproject.content_group_fips" data-references='{"nist":["SC-12(2)","SC-12(3)","IA-7","SC-13","CM-6(a)","SC-12"],"disa":["CCI-000068","CCI-000803","CCI-000877","CCI-001453","CCI-002418","CCI-002450","CCI-002890","CCI-003123"],"os-srg":["SRG-OS-000033-GPOS-00014","SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000393-GPOS-00173","SRG-OS-000394-GPOS-00174","SRG-OS-000396-GPOS-00176","SRG-OS-000423-GPOS-00187","SRG-OS-000478-GPOS-00223"],"stigid":["RHEL-09-671010"],"stigref":["SV-258230r926677_rule"],"nerc-cip":["CIP-003-8 R4.2","CIP-007-3 R5.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211961680" onclick="return openRuleDetailsDialog('idm45637211961680')">Set kernel parameter 'crypto.fips_enabled' to 1</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_crypto" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_crypto" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">System Cryptographic Policies<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_crypto");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy" class="rule-overview-leaf rule-overview-leaf-notapplicable rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy" id="rule-overview-leaf-idm45637211954976" data-tt-parent-id="xccdf_org.ssgproject.content_group_crypto" data-references='{"nist":["SC-13","SC-12(2)","SC-12(3)"],"os-srg":["SRG-OS-000423-GPOS-00187","SRG-OS-000426-GPOS-00190"],"stigid":["RHEL-09-672050"],"stigref":["SV-258242r926713_rule"],"nerc-cip":["CIP-003-8 R4.2","CIP-007-3 R5.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211954976" onclick="return openRuleDetailsDialog('idm45637211954976')">Configure BIND to use System Crypto Policy</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_configure_crypto_policy" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_configure_crypto_policy" id="rule-overview-leaf-idm45637211952272" data-tt-parent-id="xccdf_org.ssgproject.content_group_crypto" data-references='{"nist":["AC-17(a)","AC-17(2)","CM-6(a)","MA-4(6)","SC-13","SC-12(2)","SC-12(3)"],"pcidss4":["2.2.7"],"os-srg":["SRG-OS-000396-GPOS-00176","SRG-OS-000393-GPOS-00173","SRG-OS-000394-GPOS-00174"],"stigid":["RHEL-09-671010","RHEL-09-672030","RHEL-09-672045"],"stigref":["SV-258230r926677_rule","SV-258238r926701_rule","SV-258241r926710_rule"],"ccn":["A.5.SEC-RHEL4"],"cis":["1.10"],"ism":["1446"],"hipaa":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.312(e)(1)","164.312(e)(2)(ii)"],"nerc-cip":["CIP-003-8 R4.2","CIP-007-3 R5.1","CIP-007-3 R7.1"],"ospp":["FCS_COP.1(1)","FCS_COP.1(2)","FCS_COP.1(3)","FCS_COP.1(4)","FCS_CKM.1","FCS_CKM.2","FCS_TLSC_EXT.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211952272" onclick="return openRuleDetailsDialog('idm45637211952272')">Configure System Cryptography Policy</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy" id="rule-overview-leaf-idm45637211944752" data-tt-parent-id="xccdf_org.ssgproject.content_group_crypto" data-references='{"nist":["SC-13","SC-12(2)","SC-12(3)"],"os-srg":["SRG-OS-000120-GPOS-00061"],"stigid":["RHEL-09-672025"],"stigref":["SV-258237r926698_rule"],"ism":["0418","1055","1402"],"nerc-cip":["CIP-003-8 R4.2","CIP-007-3 R5.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211944752" onclick="return openRuleDetailsDialog('idm45637211944752')">Configure Kerberos to use System Crypto Policy</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_configure_libreswan_crypto_policy" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_configure_libreswan_crypto_policy" id="rule-overview-leaf-idm45637211940752" data-tt-parent-id="xccdf_org.ssgproject.content_group_crypto" data-references='{"nist":["CM-6(a)","MA-4(6)","SC-13","SC-12(2)","SC-12(3)"],"os-srg":["SRG-OS-000033-GPOS-00014"],"stigid":["RHEL-09-671020"],"stigref":["SV-258232r926683_rule"],"nerc-cip":["CIP-003-8 R4.2","CIP-007-3 R5.1"],"ospp":["FCS_IPSEC_EXT.1.4","FCS_IPSEC_EXT.1.6"],"pcidss":["Req-2.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211940752" onclick="return openRuleDetailsDialog('idm45637211940752')">Configure Libreswan to use System Crypto Policy</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy" id="rule-overview-leaf-idm45637211925936" data-tt-parent-id="xccdf_org.ssgproject.content_group_crypto" data-references='{"nist":["AC-17(2)"],"disa":["CCI-000068","CCI-000877","CCI-001453","CCI-002418","CCI-002890","CCI-003123"],"os-srg":["SRG-OS-000033-GPOS-00014","SRG-OS-000125-GPOS-00065","SRG-OS-000250-GPOS-00093","SRG-OS-000393-GPOS-00173","SRG-OS-000394-GPOS-00174","SRG-OS-000423-GPOS-00187"],"stigid":["RHEL-09-255060"],"stigref":["SV-257988r925951_rule"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211925936" onclick="return openRuleDetailsDialog('idm45637211925936')">Configure SSH Client to Use FIPS 140-2 Validated Ciphers: openssh.config</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_certified-vendor" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_certified-vendor" data-tt-parent-id="xccdf_org.ssgproject.content_group_integrity"><td colspan="3" style="padding-left: 76px">Operating System Vendor Support and Certification<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_certified-vendor");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_installed_OS_is_vendor_supported" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_installed_OS_is_vendor_supported" id="rule-overview-leaf-idm45637211910848" data-tt-parent-id="xccdf_org.ssgproject.content_group_certified-vendor" data-references='{"nist":["CM-6(a)","MA-6","SA-13(a)"],"nist-csf":["ID.RA-1","PR.IP-12"],"disa":["CCI-000366"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-211010"],"stigref":["SV-257777r925318_rule"],"cis-csc":["18","20","4"],"isa-62443-2009":["4.2.3","4.2.3.12","4.2.3.7","4.2.3.9"],"cobit5":["APO12.01","APO12.02","APO12.03","APO12.04","BAI03.10","DSS05.01","DSS05.02"],"iso27001-2013":["A.12.6.1","A.14.2.3","A.16.1.3","A.18.2.2","A.18.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211910848" onclick="return openRuleDetailsDialog('idm45637211910848')">The Installed Operating System Is Vendor Supported</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_disk_partitioning" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_disk_partitioning" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px"><strong>Disk Partitioning</strong> <span class="badge">1x notchecked</span></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_encrypt_partitions" class="rule-overview-leaf rule-overview-leaf-notchecked rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_encrypt_partitions" id="rule-overview-leaf-idm45637211894000" data-tt-parent-id="xccdf_org.ssgproject.content_group_disk_partitioning" data-references='{"cui":["3.13.16"],"nist":["CM-6(a)","SC-28","SC-28(1)","SC-13","AU-9(3)"],"nist-csf":["PR.DS-1","PR.DS-5"],"disa":["CCI-001199","CCI-002475","CCI-002476"],"os-srg":["SRG-OS-000405-GPOS-00184","SRG-OS-000185-GPOS-00079","SRG-OS-000404-GPOS-00183"],"stigid":["RHEL-09-231190"],"stigref":["SV-257879r925624_rule"],"ccn":["A.25.SEC-RHEL1"],"cis-csc":["13","14"],"hipaa":["164.308(a)(1)(ii)(D)","164.308(b)(1)","164.310(d)","164.312(a)(1)","164.312(a)(2)(iii)","164.312(a)(2)(iv)","164.312(b)","164.312(c)","164.314(b)(2)(i)","164.312(d)"],"isa-62443-2013":["SR 3.4","SR 4.1","SR 5.2"],"cobit5":["APO01.06","BAI02.01","BAI06.01","DSS04.07","DSS05.03","DSS05.04","DSS05.07","DSS06.02","DSS06.06"],"iso27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"nerc-cip":["CIP-003-8 R4.2","CIP-007-3 R5.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211894000" onclick="return openRuleDetailsDialog('idm45637211894000')">Encrypt Partitions</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gnome" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gnome" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">GNOME Desktop Environment<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gnome");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gnome_login_screen" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gnome_login_screen" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome"><td colspan="3" style="padding-left: 76px">Configure GNOME Login Screen<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gnome_login_screen");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown" class="rule-overview-leaf rule-overview-leaf-notapplicable rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown" id="rule-overview-leaf-idm45637211858368" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_login_screen" data-references='{"cui":["3.1.2"],"nist":["CM-6(a)","AC-6(1)","CM-7(b)"],"nist-csf":["PR.AC-4","PR.DS-5"],"disa":["CCI-000366"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-271095","RHEL-09-271100"],"stigref":["SV-258029r943059_rule","SV-258030r926077_rule"],"cis-csc":["12","13","14","15","16","18","3","5"],"isa-62443-2013":["SR 2.1","SR 5.2"],"isa-62443-2009":["4.3.3.7.3"],"cobit5":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"iso27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211858368" onclick="return openRuleDetailsDialog('idm45637211858368')">Disable the GNOME3 Login Restart and Shutdown Buttons</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login" class="rule-overview-leaf rule-overview-leaf-notapplicable rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login" id="rule-overview-leaf-idm45637211844832" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_login_screen" data-references='{"cui":["3.1.1"],"nist":["CM-6(a)","AC-6(1)","CM-7(b)"],"pcidss4":["8.3.1"],"nist-csf":["PR.IP-1"],"disa":["CCI-000366"],"os-srg":["SRG-OS-000480-GPOS-00229"],"stigid":["RHEL-09-271040"],"stigref":["SV-258018r926041_rule"],"cis-csc":["11","3","9"],"isa-62443-2013":["SR 7.6"],"isa-62443-2009":["4.3.4.3.2","4.3.4.3.3"],"cobit5":["BAI10.01","BAI10.02","BAI10.03","BAI10.05"],"iso27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4"],"ospp":["FIA_UAU.1"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211844832" onclick="return openRuleDetailsDialog('idm45637211844832')">Disable GDM Automatic Login</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_gnome_system_settings" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_gnome_system_settings" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome"><td colspan="3" style="padding-left: 76px">GNOME System Settings<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_gnome_system_settings");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_gnome_disable_ctrlaltdel_reboot" class="rule-overview-leaf rule-overview-leaf-notapplicable rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_gnome_disable_ctrlaltdel_reboot" id="rule-overview-leaf-idm45637211790704" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome_system_settings" data-references='{"cui":["3.1.2"],"nist":["CM-6(a)","AC-6(1)","CM-7(b)"],"nist-csf":["PR.AC-4","PR.DS-5"],"disa":["CCI-000366"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-271105","RHEL-09-271110"],"stigref":["SV-258031r926080_rule","SV-258032r926083_rule"],"cis-csc":["12","13","14","15","16","18","3","5"],"isa-62443-2013":["SR 2.1","SR 5.2"],"isa-62443-2009":["4.3.3.7.3"],"cobit5":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"iso27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211790704" onclick="return openRuleDetailsDialog('idm45637211790704')">Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_dconf_db_up_to_date" class="rule-overview-leaf rule-overview-leaf-notapplicable rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_dconf_db_up_to_date" id="rule-overview-leaf-idm45637211863760" data-tt-parent-id="xccdf_org.ssgproject.content_group_gnome" data-references='{"pcidss4":["8.2.8"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-271090"],"stigref":["SV-258028r926071_rule"],"ccn":["reload_dconf_db"],"cis":["reload_dconf_db"],"hipaa":["164.308(a)(1)(ii)(B)","164.308(a)(5)(ii)(A)"],"pcidss":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211863760" onclick="return openRuleDetailsDialog('idm45637211863760')">Make sure that the dconf databases are up-to-date with regards to respective keyfiles</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_updating" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_updating" data-tt-parent-id="xccdf_org.ssgproject.content_group_software"><td colspan="3" style="padding-left: 57px">Updating Software<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_updating");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-overview-leaf-idm45637211667712" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"cui":["3.4.8"],"nist":["CM-5(3)","SI-7","SC-12","SC-12(3)","CM-6(a)","SA-12","SA-12(10)","CM-11(a)","CM-11(b)"],"anssi":["R59"],"pcidss4":["6.3.3"],"nist-csf":["PR.DS-6","PR.DS-8","PR.IP-1"],"disa":["CCI-001749"],"os-srg":["SRG-OS-000366-GPOS-00153"],"stigid":["RHEL-09-214015"],"stigref":["SV-257820r925447_rule"],"cis":["1.2.2"],"cis-csc":["11","2","3","9"],"cjis":["5.10.4.1"],"hipaa":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"isa-62443-2013":["SR 3.1","SR 3.3","SR 3.4","SR 3.8","SR 7.6"],"isa-62443-2009":["4.3.4.3.2","4.3.4.3.3","4.3.4.4.4"],"cobit5":["APO01.06","BAI03.05","BAI06.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS06.02"],"iso27001-2013":["A.11.2.4","A.12.1.2","A.12.2.1","A.12.5.1","A.12.6.2","A.14.1.2","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4"],"ospp":["FPT_TUD_EXT.1","FPT_TUD_EXT.2"],"pcidss":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211667712" onclick="return openRuleDetailsDialog('idm45637211667712')">Ensure gpgcheck Enabled In Main dnf Configuration</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" id="rule-overview-leaf-idm45637211663712" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"cui":["3.4.8"],"nist":["CM-11(a)","CM-11(b)","CM-6(a)","CM-5(3)","SA-12","SA-12(10)"],"anssi":["R59"],"nist-csf":["PR.IP-1"],"disa":["CCI-001749"],"os-srg":["SRG-OS-000366-GPOS-00153"],"stigid":["RHEL-09-214020"],"stigref":["SV-257821r925450_rule"],"cis-csc":["11","3","9"],"hipaa":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"isa-62443-2013":["SR 7.6"],"isa-62443-2009":["4.3.4.3.2","4.3.4.3.3"],"cobit5":["BAI10.01","BAI10.02","BAI10.03","BAI10.05"],"iso27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4"],"ospp":["FPT_TUD_EXT.1","FPT_TUD_EXT.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211663712" onclick="return openRuleDetailsDialog('idm45637211663712')">Ensure gpgcheck Enabled for Local Packages</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" id="rule-overview-leaf-idm45637211659712" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"cui":["3.4.8"],"nist":["CM-5(3)","SI-7","SC-12","SC-12(3)","CM-6(a)","SA-12","SA-12(10)","CM-11(a)","CM-11(b)"],"anssi":["R59"],"pcidss4":["6.3.3"],"nist-csf":["PR.DS-6","PR.DS-8","PR.IP-1"],"disa":["CCI-001749"],"os-srg":["SRG-OS-000366-GPOS-00153"],"stigid":["RHEL-09-214025"],"stigref":["SV-257822r925453_rule"],"cis-csc":["11","2","3","9"],"cjis":["5.10.4.1"],"hipaa":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"isa-62443-2013":["SR 3.1","SR 3.3","SR 3.4","SR 3.8","SR 7.6"],"isa-62443-2009":["4.3.4.3.2","4.3.4.3.3","4.3.4.4.4"],"cobit5":["APO01.06","BAI03.05","BAI06.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS06.02"],"iso27001-2013":["A.11.2.4","A.12.1.2","A.12.2.1","A.12.5.1","A.12.6.2","A.14.1.2","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4"],"ospp":["FPT_TUD_EXT.1","FPT_TUD_EXT.2"],"pcidss":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211659712" onclick="return openRuleDetailsDialog('idm45637211659712')">Ensure gpgcheck Enabled for All dnf Package Repositories</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" id="rule-overview-leaf-idm45637211655712" data-tt-parent-id="xccdf_org.ssgproject.content_group_updating" data-references='{"cui":["3.4.8"],"nist":["CM-5(3)","SI-7","SC-12","SC-12(3)","CM-6(a)"],"anssi":["R59"],"pcidss4":["6.3.3"],"nist-csf":["PR.DS-6","PR.DS-8","PR.IP-1"],"disa":["CCI-001749"],"os-srg":["SRG-OS-000366-GPOS-00153"],"stigid":["RHEL-09-214010"],"stigref":["SV-257819r925444_rule"],"cis-csc":["11","2","3","9"],"cjis":["5.10.4.1"],"hipaa":["164.308(a)(1)(ii)(D)","164.312(b)","164.312(c)(1)","164.312(c)(2)","164.312(e)(2)(i)"],"isa-62443-2013":["SR 3.1","SR 3.3","SR 3.4","SR 3.8","SR 7.6"],"isa-62443-2009":["4.3.4.3.2","4.3.4.3.3","4.3.4.4.4"],"cobit5":["APO01.06","BAI03.05","BAI06.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS06.02"],"iso27001-2013":["A.11.2.4","A.12.1.2","A.12.2.1","A.12.5.1","A.12.6.2","A.14.1.2","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4"],"nerc-cip":["CIP-003-8 R4.2","CIP-003-8 R6","CIP-007-3 R4","CIP-007-3 R4.1","CIP-007-3 R4.2","CIP-007-3 R5.1"],"ospp":["FPT_TUD_EXT.1","FPT_TUD_EXT.2"],"pcidss":["Req-6.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211655712" onclick="return openRuleDetailsDialog('idm45637211655712')">Ensure Red Hat GPG Key Installed</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">Account and Access Control<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-physical" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-physical" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Physical Console Access<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-physical");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="rule-overview-leaf-idm45637211498688" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"cui":["3.4.5"],"nist":["CM-6(a)","AC-6(1)","CM-6(a)"],"nist-csf":["PR.AC-4","PR.DS-5"],"disa":["CCI-000366"],"os-srg":["SRG-OS-000324-GPOS-00125","SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-211045"],"stigref":["SV-257784r925339_rule"],"cis-csc":["12","13","14","15","16","18","3","5"],"hipaa":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"isa-62443-2013":["SR 2.1","SR 5.2"],"isa-62443-2009":["4.3.3.7.3"],"cobit5":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"iso27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"nerc-cip":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"],"ospp":["FAU_GEN.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211498688" onclick="return openRuleDetailsDialog('idm45637211498688')">Disable Ctrl-Alt-Del Burst Action</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" id="rule-overview-leaf-idm45637211494688" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-physical" data-references='{"cui":["3.4.5"],"nist":["CM-6(a)","AC-6(1)"],"nist-csf":["PR.AC-4","PR.DS-5"],"disa":["CCI-000366"],"os-srg":["SRG-OS-000324-GPOS-00125","SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-211050"],"stigref":["SV-257785r925342_rule"],"cis-csc":["12","13","14","15","16","18","3","5"],"hipaa":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"isa-62443-2013":["SR 2.1","SR 5.2"],"isa-62443-2009":["4.3.3.7.3"],"cobit5":["APO01.06","DSS05.04","DSS05.07","DSS06.02"],"iso27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"nerc-cip":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.3","CIP-007-3 R2.1","CIP-007-3 R2.2","CIP-007-3 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.1","CIP-007-3 R5.1.2"],"ospp":["FAU_GEN.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211494688" onclick="return openRuleDetailsDialog('idm45637211494688')">Disable Ctrl-Alt-Del Reboot Activation</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_accounts-restrictions" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_accounts-restrictions" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts"><td colspan="3" style="padding-left: 57px">Protect Accounts by Restricting Password-Based Login<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_accounts-restrictions");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_password_storage" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_password_storage" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Verify Proper Storage and Existence of Password
Hashes<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_password_storage");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_empty_passwords" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_no_empty_passwords" id="rule-overview-leaf-idm45637211383168" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_storage" data-references='{"cui":["3.1.1","3.1.5"],"nist":["IA-5(1)(a)","IA-5(c)","CM-6(a)"],"pcidss4":["8.3.1"],"nist-csf":["PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.DS-5"],"disa":["CCI-000366"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-611025"],"stigref":["SV-258094r926269_rule"],"cis":["5.4.1"],"cis-csc":["1","12","13","14","15","16","18","3","5"],"cjis":["5.5.2"],"hipaa":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 5.2"],"isa-62443-2009":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4"],"cobit5":["APO01.06","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.02","DSS06.03","DSS06.10"],"iso27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.18.1.4","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"ospp":["FIA_UAU.1"],"pcidss":["Req-8.2.3"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211383168" onclick="return openRuleDetailsDialog('idm45637211383168')">Prevent Login to Accounts With Empty Password</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow" id="rule-overview-leaf-idm45637211379200" data-tt-parent-id="xccdf_org.ssgproject.content_group_password_storage" data-references='{"nist":["CM-6(b)","CM-6.1(iv)"],"pcidss4":["2.2.2"],"disa":["CCI-000366"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-611155"],"stigref":["SV-258120r926347_rule"],"ccn":["A.6.SEC-RHEL4"],"cis":["5.6.6","6.2.2"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211379200" onclick="return openRuleDetailsDialog('idm45637211379200')">Ensure There Are No Accounts With Blank or Null Passwords</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_root_logins" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_root_logins" data-tt-parent-id="xccdf_org.ssgproject.content_group_accounts-restrictions"><td colspan="3" style="padding-left: 76px">Restrict Root Logins<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_root_logins");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero" id="rule-overview-leaf-idm45637211361712" data-tt-parent-id="xccdf_org.ssgproject.content_group_root_logins" data-references='{"cui":["3.1.1","3.1.5"],"nist":["IA-2","AC-6(5)","IA-4(b)"],"pcidss4":["8.2.1"],"nist-csf":["PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.DS-5"],"disa":["CCI-000366"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-411100"],"stigref":["SV-258059r926164_rule"],"cis":["6.2.9"],"cis-csc":["1","12","13","14","15","16","18","3","5"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 5.2"],"isa-62443-2009":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4"],"cobit5":["APO01.06","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.02","DSS06.03","DSS06.10"],"iso27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.18.1.4","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"nerc-cip":["CIP-003-8 R5.1.1","CIP-003-8 R5.3","CIP-004-6 R2.2.3","CIP-004-6 R2.3","CIP-007-3 R5.1","CIP-007-3 R5.1.2","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3"],"pcidss":["Req-8.5"]}'><td style="padding-left: 95px"><a href="#rule-detail-idm45637211361712" onclick="return openRuleDetailsDialog('idm45637211361712')">Verify Only Root Has UID 0</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_bootloader-grub2" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_bootloader-grub2" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">GRUB2 bootloader configuration<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_bootloader-grub2");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_non-uefi" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_non-uefi" data-tt-parent-id="xccdf_org.ssgproject.content_group_bootloader-grub2"><td colspan="3" style="padding-left: 57px">Non-UEFI GRUB2 bootloader configuration<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_non-uefi");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_admin_username" class="rule-overview-leaf rule-overview-leaf-notapplicable rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_admin_username" id="rule-overview-leaf-idm45637211195504" data-tt-parent-id="xccdf_org.ssgproject.content_group_non-uefi" data-references='{"cui":["3.4.5"],"nist":["CM-6(a)"],"nist-csf":["PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.PT-3"],"disa":["CCI-000213"],"os-srg":["SRG-OS-000080-GPOS-00048"],"stigid":["RHEL-09-212020"],"stigref":["SV-257789r943055_rule"],"cis-csc":["1","11","12","14","15","16","18","3","5"],"hipaa":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7"],"isa-62443-2009":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4"],"cobit5":["DSS05.02","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.06","DSS06.10"],"iso27001-2013":["A.18.1.4","A.6.1.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"ospp":["FIA_UAU.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211195504" onclick="return openRuleDetailsDialog('idm45637211195504')">Set the Boot Loader Admin Username to a Non-Default Value</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_grub2_password" class="rule-overview-leaf rule-overview-leaf-notapplicable rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_grub2_password" id="rule-overview-leaf-idm45637211192816" data-tt-parent-id="xccdf_org.ssgproject.content_group_non-uefi" data-references='{"cui":["3.4.5"],"nist":["CM-6(a)"],"anssi":["R5"],"nist-csf":["PR.AC-1","PR.AC-4","PR.AC-6","PR.AC-7","PR.PT-3"],"disa":["CCI-000213"],"os-srg":["SRG-OS-000080-GPOS-00048"],"stigid":["RHEL-09-212010"],"stigref":["SV-257787r925348_rule"],"ccn":["A.8.SEC-RHEL7"],"cis":["1.4.1"],"cis-csc":["1","11","12","14","15","16","18","3","5"],"hipaa":["164.308(a)(1)(ii)(B)","164.308(a)(7)(i)","164.308(a)(7)(ii)(A)","164.310(a)(1)","164.310(a)(2)(i)","164.310(a)(2)(ii)","164.310(a)(2)(iii)","164.310(b)","164.310(c)","164.310(d)(1)","164.310(d)(2)(iii)"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7"],"isa-62443-2009":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4"],"cobit5":["DSS05.02","DSS05.04","DSS05.05","DSS05.07","DSS05.10","DSS06.03","DSS06.06","DSS06.10"],"iso27001-2013":["A.18.1.4","A.6.1.2","A.7.1.1","A.9.1.2","A.9.2.1","A.9.2.2","A.9.2.3","A.9.2.4","A.9.2.6","A.9.3.1","A.9.4.1","A.9.4.2","A.9.4.3","A.9.4.4","A.9.4.5"],"ospp":["FIA_UAU.1"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637211192816" onclick="return openRuleDetailsDialog('idm45637211192816')">Set Boot Loader Password in grub2</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_selinux" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_selinux" data-tt-parent-id="xccdf_org.ssgproject.content_group_system"><td colspan="3" style="padding-left: 38px">SELinux<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_selinux");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_selinux_state" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_selinux_state" id="rule-overview-leaf-idm45637210156384" data-tt-parent-id="xccdf_org.ssgproject.content_group_selinux" data-references='{"cui":["3.1.2","3.7.2"],"nist":["AC-3","AC-3(3)(a)","AU-9","SC-7(21)"],"anssi":["R37","R79"],"pcidss4":["1.2.6"],"nist-csf":["DE.AE-1","ID.AM-3","PR.AC-4","PR.AC-5","PR.AC-6","PR.DS-5","PR.PT-1","PR.PT-3","PR.PT-4"],"disa":["CCI-001084","CCI-002165","CCI-002696"],"os-srg":["SRG-OS-000445-GPOS-00199","SRG-OS-000134-GPOS-00068"],"stigid":["RHEL-09-431010"],"stigref":["SV-258078r926221_rule"],"bsi":["APP.4.4.A4"],"ccn":["A.6.SEC-RHEL1"],"cis":["1.6.1.5"],"cis-csc":["1","11","12","13","14","15","16","18","3","4","5","6","8","9"],"hipaa":["164.308(a)(1)(ii)(D)","164.308(a)(3)","164.308(a)(4)","164.310(b)","164.310(c)","164.312(a)","164.312(e)"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.10","SR 2.11","SR 2.12","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 2.8","SR 2.9","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 7.1","SR 7.6"],"isa-62443-2009":["4.2.3.4","4.3.3.2.2","4.3.3.3.9","4.3.3.4","4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.4.7","4.4.2.1","4.4.2.2","4.4.2.4","4.4.3.3"],"cobit5":["APO01.06","APO11.04","APO13.01","BAI03.05","DSS01.05","DSS03.01","DSS05.02","DSS05.04","DSS05.05","DSS05.07","DSS06.02","DSS06.03","DSS06.06","MEA02.01"],"iso27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.12.1.1","A.12.1.2","A.12.4.1","A.12.4.2","A.12.4.3","A.12.4.4","A.12.7.1","A.13.1.1","A.13.1.2","A.13.1.3","A.13.2.1","A.13.2.2","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.1","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"nerc-cip":["CIP-003-8 R5.1.1","CIP-003-8 R5.2","CIP-003-8 R5.3","CIP-004-6 R2.2.3","CIP-004-6 R2.3","CIP-004-6 R3.3","CIP-007-3 R5.1","CIP-007-3 R5.1.2","CIP-007-3 R5.2","CIP-007-3 R5.3.1","CIP-007-3 R5.3.2","CIP-007-3 R5.3.3","CIP-007-3 R6.5"]}'><td style="padding-left: 57px"><a href="#rule-detail-idm45637210156384" onclick="return openRuleDetailsDialog('idm45637210156384')">Ensure SELinux State is Enforcing</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_services" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_services" data-tt-parent-id="xccdf_org.ssgproject.content_benchmark_RHEL-9"><td colspan="3" style="padding-left: 19px">Services<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_services");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ftp" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ftp" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">FTP Server<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ftp");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_disabling_vsftpd" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_disabling_vsftpd" data-tt-parent-id="xccdf_org.ssgproject.content_group_ftp"><td colspan="3" style="padding-left: 57px">Disable vsftpd if Possible<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_disabling_vsftpd");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_vsftpd_removed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_vsftpd_removed" id="rule-overview-leaf-idm45637209385184" data-tt-parent-id="xccdf_org.ssgproject.content_group_disabling_vsftpd" data-references='{"nist":["CM-7(a)","CM-7(b)","CM-6(a)","IA-5(1)(c)","IA-5(1).1(v)","CM-7","CM-7.1(ii)"],"nist-csf":["PR.IP-1","PR.PT-3"],"disa":["CCI-000197","CCI-000366","CCI-000381"],"os-srg":["SRG-OS-000074-GPOS-00042","SRG-OS-000095-GPOS-00049","SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-215015"],"stigref":["SV-257826r925465_rule"],"ccn":["A.8.SEC-RHEL4"],"cis":["2.2.6"],"cis-csc":["11","14","3","9"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 7.6"],"isa-62443-2009":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"cobit5":["BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.05","DSS06.06"],"iso27001-2013":["A.12.1.2","A.12.5.1","A.12.6.2","A.14.2.2","A.14.2.3","A.14.2.4","A.9.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637209385184" onclick="return openRuleDetailsDialog('idm45637209385184')">Uninstall vsftpd Package</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_obsolete" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_obsolete" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">Obsolete Services<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_obsolete");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_nis" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_nis" data-tt-parent-id="xccdf_org.ssgproject.content_group_obsolete"><td colspan="3" style="padding-left: 57px">NIS<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_nis");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_ypserv_removed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_ypserv_removed" id="rule-overview-leaf-idm45637209229264" data-tt-parent-id="xccdf_org.ssgproject.content_group_nis" data-references='{"nist":["CM-7(a)","CM-7(b)","CM-6(a)","IA-5(1)(c)"],"anssi":["R62"],"pcidss4":["2.2.4"],"nist-csf":["PR.AC-3","PR.IP-1","PR.PT-3","PR.PT-4"],"disa":["CCI-000381"],"os-srg":["SRG-OS-000095-GPOS-00049"],"stigid":["RHEL-09-215030"],"stigref":["SV-257829r925474_rule"],"cis-csc":["11","12","14","15","3","8","9"],"hipaa":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 7.1","SR 7.6"],"isa-62443-2009":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"cobit5":["APO13.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS01.04","DSS05.02","DSS05.03","DSS05.05","DSS06.06"],"iso27001-2013":["A.11.2.6","A.12.1.2","A.12.5.1","A.12.6.2","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4","A.6.2.1","A.6.2.2","A.9.1.2"],"pcidss":["Req-2.2.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637209229264" onclick="return openRuleDetailsDialog('idm45637209229264')">Uninstall ypserv Package</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_r_services" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_r_services" data-tt-parent-id="xccdf_org.ssgproject.content_group_obsolete"><td colspan="3" style="padding-left: 57px">Rlogin, Rsh, and Rexec<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_r_services");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_rsh-server_removed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_rsh-server_removed" id="rule-overview-leaf-idm45637209222576" data-tt-parent-id="xccdf_org.ssgproject.content_group_r_services" data-references='{"nist":["CM-7(a)","CM-7(b)","CM-6(a)","IA-5(1)(c)"],"anssi":["R62"],"pcidss4":["2.2.4"],"nist-csf":["PR.AC-3","PR.IP-1","PR.PT-3","PR.PT-4"],"disa":["CCI-000381"],"os-srg":["SRG-OS-000095-GPOS-00049"],"stigid":["RHEL-09-215035"],"stigref":["SV-257830r925477_rule"],"cis-csc":["11","12","14","15","3","8","9"],"hipaa":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 7.1","SR 7.6"],"isa-62443-2009":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"cobit5":["APO13.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS01.04","DSS05.02","DSS05.03","DSS05.05","DSS06.06"],"iso27001-2013":["A.11.2.6","A.12.1.2","A.12.5.1","A.12.6.2","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4","A.6.2.1","A.6.2.2","A.9.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637209222576" onclick="return openRuleDetailsDialog('idm45637209222576')">Uninstall rsh-server Package</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_host_based_files" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_no_host_based_files" id="rule-overview-leaf-idm45637209213184" data-tt-parent-id="xccdf_org.ssgproject.content_group_r_services" data-references='{"disa":["CCI-000366"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-252070"],"stigref":["SV-257955r925852_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637209213184" onclick="return openRuleDetailsDialog('idm45637209213184')">Remove Host-Based Authentication Files</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_no_user_host_based_files" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_no_user_host_based_files" id="rule-overview-leaf-idm45637209206528" data-tt-parent-id="xccdf_org.ssgproject.content_group_r_services" data-references='{"disa":["CCI-000366"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-252075"],"stigref":["SV-257956r925855_rule"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637209206528" onclick="return openRuleDetailsDialog('idm45637209206528')">Remove User Host-Based Authentication Files</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_telnet" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_telnet" data-tt-parent-id="xccdf_org.ssgproject.content_group_obsolete"><td colspan="3" style="padding-left: 57px">Telnet<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_telnet");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_telnet-server_removed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_telnet-server_removed" id="rule-overview-leaf-idm45637209197152" data-tt-parent-id="xccdf_org.ssgproject.content_group_telnet" data-references='{"nist":["CM-7(a)","CM-7(b)","CM-6(a)"],"anssi":["R62"],"pcidss4":["2.2.4"],"nist-csf":["PR.AC-3","PR.IP-1","PR.PT-3","PR.PT-4"],"disa":["CCI-000381"],"os-srg":["SRG-OS-000095-GPOS-00049"],"stigid":["RHEL-09-215040"],"stigref":["SV-257831r925480_rule"],"ccn":["A.8.SEC-RHEL4"],"cis":["2.2.13"],"cis-csc":["11","12","14","15","3","8","9"],"hipaa":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 7.1","SR 7.6"],"isa-62443-2009":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"cobit5":["APO13.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS01.04","DSS05.02","DSS05.03","DSS05.05","DSS06.06"],"iso27001-2013":["A.11.2.6","A.12.1.2","A.12.5.1","A.12.6.2","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4","A.6.2.1","A.6.2.2","A.9.1.2"],"pcidss":["Req-2.2.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637209197152" onclick="return openRuleDetailsDialog('idm45637209197152')">Uninstall telnet-server Package</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_tftp" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_tftp" data-tt-parent-id="xccdf_org.ssgproject.content_group_obsolete"><td colspan="3" style="padding-left: 57px">TFTP Server<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_tftp");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_package_tftp-server_removed" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_package_tftp-server_removed" id="rule-overview-leaf-idm45637209187744" data-tt-parent-id="xccdf_org.ssgproject.content_group_tftp" data-references='{"nist":["CM-7(a)","CM-7(b)","CM-6(a)"],"anssi":["R62"],"pcidss4":["2.2.4"],"nist-csf":["PR.AC-3","PR.IP-1","PR.PT-3","PR.PT-4"],"disa":["CCI-000318","CCI-000366","CCI-000368","CCI-001812","CCI-001813","CCI-001814"],"os-srg":["SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-215060"],"stigref":["SV-257835r952171_rule"],"ccn":["A.8.SEC-RHEL4"],"cis":["2.2.7"],"cis-csc":["11","12","14","15","3","8","9"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 3.1","SR 3.5","SR 3.8","SR 4.1","SR 4.3","SR 5.1","SR 5.2","SR 5.3","SR 7.1","SR 7.6"],"isa-62443-2009":["4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"cobit5":["APO13.01","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS01.04","DSS05.02","DSS05.03","DSS05.05","DSS06.06"],"iso27001-2013":["A.11.2.6","A.12.1.2","A.12.5.1","A.12.6.2","A.13.1.1","A.13.2.1","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4","A.6.2.1","A.6.2.2","A.9.1.2"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637209187744" onclick="return openRuleDetailsDialog('idm45637209187744')">Uninstall tftp-server Package</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh" data-tt-parent-id="xccdf_org.ssgproject.content_group_services"><td colspan="3" style="padding-left: 38px">SSH Server<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ssh");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_group_ssh_server" class="rule-overview-inner-node rule-overview-inner-node-id-xccdf_org.ssgproject.content_group_ssh_server" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh"><td colspan="3" style="padding-left: 57px">Configure OpenSSH Server if Necessary<script>$(document).ready(function(){$('.treetable').treetable("collapseNode","xccdf_org.ssgproject.content_group_ssh_server");});</script></td></tr><tr data-tt-id="xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" class="rule-overview-leaf rule-overview-leaf-pass rule-overview-leaf-id-xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" id="rule-overview-leaf-idm45637209074880" data-tt-parent-id="xccdf_org.ssgproject.content_group_ssh_server" data-references='{"cui":["3.1.1","3.1.5"],"nist":["AC-17(a)","CM-7(a)","CM-7(b)","CM-6(a)"],"pcidss4":["2.2.6"],"nist-csf":["PR.AC-4","PR.AC-6","PR.DS-5","PR.IP-1","PR.PT-3"],"disa":["CCI-000366","CCI-000766"],"os-srg":["SRG-OS-000106-GPOS-00053","SRG-OS-000480-GPOS-00229","SRG-OS-000480-GPOS-00227"],"stigid":["RHEL-09-255040"],"stigref":["SV-257984r952179_rule"],"cis":["5.2.9"],"cis-csc":["11","12","13","14","15","16","18","3","5","9"],"cjis":["5.5.6"],"hipaa":["164.308(a)(4)(i)","164.308(b)(1)","164.308(b)(3)","164.310(b)","164.312(e)(1)","164.312(e)(2)(ii)"],"isa-62443-2013":["SR 1.1","SR 1.10","SR 1.11","SR 1.12","SR 1.13","SR 1.2","SR 1.3","SR 1.4","SR 1.5","SR 1.6","SR 1.7","SR 1.8","SR 1.9","SR 2.1","SR 2.2","SR 2.3","SR 2.4","SR 2.5","SR 2.6","SR 2.7","SR 5.2","SR 7.6"],"isa-62443-2009":["4.3.3.2.2","4.3.3.5.1","4.3.3.5.2","4.3.3.5.3","4.3.3.5.4","4.3.3.5.5","4.3.3.5.6","4.3.3.5.7","4.3.3.5.8","4.3.3.6.1","4.3.3.6.2","4.3.3.6.3","4.3.3.6.4","4.3.3.6.5","4.3.3.6.6","4.3.3.6.7","4.3.3.6.8","4.3.3.6.9","4.3.3.7.1","4.3.3.7.2","4.3.3.7.3","4.3.3.7.4","4.3.4.3.2","4.3.4.3.3"],"cobit5":["APO01.06","BAI10.01","BAI10.02","BAI10.03","BAI10.05","DSS05.02","DSS05.04","DSS05.05","DSS05.07","DSS06.02","DSS06.03","DSS06.06"],"iso27001-2013":["A.10.1.1","A.11.1.4","A.11.1.5","A.11.2.1","A.12.1.2","A.12.5.1","A.12.6.2","A.13.1.1","A.13.1.3","A.13.2.1","A.13.2.3","A.13.2.4","A.14.1.2","A.14.1.3","A.14.2.2","A.14.2.3","A.14.2.4","A.6.1.2","A.7.1.1","A.7.1.2","A.7.3.1","A.8.2.2","A.8.2.3","A.9.1.1","A.9.1.2","A.9.2.1","A.9.2.3","A.9.4.1","A.9.4.4","A.9.4.5"],"ospp":["FIA_UAU.1"],"pcidss":["Req-2.2.4"]}'><td style="padding-left: 76px"><a href="#rule-detail-idm45637209074880" onclick="return openRuleDetailsDialog('idm45637209074880')">Disable SSH Access via Empty Passwords</a></td><td class="rule-severity" style="text-align: center">high</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr></tbody></table></div><div class="js-only hidden-print"><button type="button" class="btn btn-info" onclick="return toggleResultDetails(this)">Show all result details</button></div><div id="result-details"><h2>Result Details</h2><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_enable_dracut_fips_module" id="rule-detail-idm45637211972544"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable Dracut FIPS Modulexccdf_org.ssgproject.content_rule_enable_dracut_fips_module highCCE-86547-7 </div><div class="panel-heading"><h3 class="panel-title">Enable Dracut FIPS Module</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_enable_dracut_fips_module</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-enable_dracut_fips_module:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-86547-7">CCE-86547-7</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000068, CCI-000803, CCI-002450</td></tr><tr><td><a href="https://www.cyber.gov.au/acsc/view-all-content/ism">ism</a></td><td>1446</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R4.2, CIP-007-3 R5.1</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>SC-12(2), SC-12(3), IA-7, SC-13, CM-6(a), SC-12</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FCS_RBG_EXT.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000478-GPOS-00223</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-671010</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258230r926677_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">To enable FIPS mode, run the following command:
<pre>fips-mode-setup --enable</pre>
To enable FIPS, the system requires that the <code>fips</code> module is added in <code>dracut</code> configuration.
Check if <code>/etc/dracut.conf.d/40-fips.conf</code> contain <code>add_dracutmodules+=" fips "</code>
        </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to
protect data. The operating system must implement cryptographic modules adhering to the higher
standards approved by the federal government since this provides assurance they have been tested
and validated.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                System Crypto Modules must be provided by a vendor that undergoes FIPS-140 certifications.
FIPS-140 is applicable to all Federal agencies that use cryptographic-based security
systems to protect sensitive information in computer and telecommunication systems
(including voice systems) as defined in Section 5131 of the Information Technology
Management Reform Act of 1996, Public Law 104-106. This standard shall be used in designing
and implementing cryptographic modules that Federal departments and agencies operate or are
operated for them under contract.
See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
To meet this, the system has to have cryptographic software provided by a vendor that has
undergone this certification. This means providing documentation, test results, design
information, and independent third party review by an accredited lab. While open source
software is capable of meeting this, it does not meet FIPS-140 unless the vendor submits to
this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">add_dracutmodules contains fips</span> 
        <span class="label label-default">oval:ssg-test_enable_dracut_fips_module:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/dracut.conf.d/40-fips.conf</td><td>add_dracutmodules+=" fips "
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_enable_fips_mode" id="rule-detail-idm45637211968544"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Enable FIPS Modexccdf_org.ssgproject.content_rule_enable_fips_mode highCCE-88742-2 </div><div class="panel-heading"><h3 class="panel-title">Enable FIPS Mode</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_enable_fips_mode</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-enable_fips_mode:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-88742-2">CCE-88742-2</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000068, CCI-000803, CCI-002450</td></tr><tr><td><a href="https://www.cyber.gov.au/acsc/view-all-content/ism">ism</a></td><td>1446</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R4.2, CIP-007-3 R5.1</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-3(6), SC-12(2), SC-12(3), IA-7, SC-13, CM-6(a), SC-12</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4), FCS_CKM.1, FCS_CKM.2, FCS_TLSC_EXT.1, FCS_RBG_EXT.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000478-GPOS-00223, SRG-OS-000396-GPOS-00176</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-671010</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258230r926677_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">
To enable FIPS mode, run the following command:
<pre>fips-mode-setup --enable</pre>
         <br>
The <code>fips-mode-setup</code> command will configure the system in
FIPS mode by automatically configuring the following:
<ul><li>Setting the kernel FIPS mode flag (<code>/proc/sys/crypto/fips_enabled</code>) to <code>1</code>
          </li><li>Creating <code>/etc/system-fips</code>
          </li><li>Setting the system crypto policy in <code>/etc/crypto-policies/config</code> to <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_system_crypto_policy">FIPS</abbr></code>
          </li><li>Loading the Dracut <code>fips</code> module</li></ul>
        </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to
protect data. The operating system must implement cryptographic modules adhering to the higher
standards approved by the federal government since this provides assurance they have been tested
and validated.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                This rule DOES NOT CHECK if the components of the operating system are FIPS certified.
You can find the list of FIPS certified modules at 
<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search">https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search</a>.
This rule checks if the system is running in FIPS mode. See the rule description for more information about what it means.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">/etc/system-fips exists</span> 
        <span class="label label-default">oval:ssg-test_etc_system_fips:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Type</th><th>UID</th><th>GID</th><th>Size (B)</th><th>Permissions</th></tr></thead><tbody><tr><td><span class="label label-danger">not evaluated</span></td><td>/etc/system-fips</td><td>regular</td><td>0</td><td>0</td><td>36</td><td><code>rw-r--r-- </code></td></tr></tbody></table><h4><span class="label label-primary">kernel runtime parameter crypto.fips_enabled set to 1</span> 
        <span class="label label-default">oval:ssg-test_sysctl_crypto_fips_enabled:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>crypto.fips_enabled</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">add_dracutmodules contains fips</span> 
        <span class="label label-default">oval:ssg-test_enable_dracut_fips_module:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/dracut.conf.d/40-fips.conf</td><td>add_dracutmodules+=" fips "
</td></tr></tbody></table><h4><span class="label label-primary">check for crypto policy correctly configured in /etc/crypto-policies/config</span> 
        <span class="label label-default">oval:ssg-test_configure_crypto_policy:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/crypto-policies/config</td><td>FIPS</td></tr></tbody></table><h4><span class="label label-primary">check for crypto policy correctly configured in /etc/crypto-policies/state/current</span> 
        <span class="label label-default">oval:ssg-test_configure_crypto_policy_current:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/crypto-policies/state/current</td><td>FIPS</td></tr></tbody></table><h4><span class="label label-primary">Check if update-crypto-policies has been run</span> 
        <span class="label label-default">oval:ssg-test_crypto_policies_updated:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>oval:ssg-variable_crypto_policies_config_file_timestamp:var:1</td><td>1721939919</td></tr></tbody></table><h4><span class="label label-primary">Check if /etc/crypto-policies/back-ends/nss.config exists</span> 
        <span class="label label-default">oval:ssg-test_crypto_policy_nss_config:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Type</th><th>UID</th><th>GID</th><th>Size (B)</th><th>Permissions</th></tr></thead><tbody><tr><td><span class="label label-danger">not evaluated</span></td><td>/etc/crypto-policies/back-ends/nss.config</td><td>regular</td><td>0</td><td>0</td><td>398</td><td><code>rw-r--r-- </code></td></tr></tbody></table><h4><span class="label label-primary">test if var_system_crypto_policy selection is set to FIPS</span> 
        <span class="label label-default">oval:ssg-test_system_crypto_policy_value:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>oval:ssg-var_system_crypto_policy:var:1</td><td>FIPS</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span> 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td><span class="label label-danger">false</span></td><td>x86_64</td><td>localhost.localdomain</td><td>Linux</td><td>5.14.0-427.26.1.el9_4.x86_64</td><td>#1 SMP PREEMPT_DYNAMIC Fri Jul 5 11:34:54 EDT 2024</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">check if kernel option fips=1 is present in options in /boot/loader/entries/.*.conf</span> 
        <span class="label label-default">oval:ssg-test_fips_1_argument_in_boot_loader_entries_conf:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/boot/loader/entries/ostree-1.conf</td><td>options root=UUID=00c49597-82c6-4f71-babe-a6ca5366e36f rw boot=UUID=afb2b2b2-e3e8-4e6d-a0c1-f091c135871d rw console=tty0 console=ttyS0 fips=1 inst.noverifyssl audit_backlog_limit=8192 audit=1 slub_debug=P page_poison=1 vsyscall=none pti=on ostree=/ostree/boot.1/default/6fe9dddacaf5c3232ba2332010aa7442e0a6d0e3f455b7572b047cc2284c3f2f/0</td></tr></tbody></table><h4><span class="label label-primary">64 bit architecture</span> 
        <span class="label label-default">oval:ssg-test_system_info_architecture_s390_64:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Machine class</th><th>Node name</th><th>Os name</th><th>Os release</th><th>Os version</th><th>Processor type</th></tr></thead><tbody><tr><td><span class="label label-danger">false</span></td><td>x86_64</td><td>localhost.localdomain</td><td>Linux</td><td>5.14.0-427.26.1.el9_4.x86_64</td><td>#1 SMP PREEMPT_DYNAMIC Fri Jul 5 11:34:54 EDT 2024</td><td>x86_64</td></tr></tbody></table><h4><span class="label label-primary">check if kernel option fips=1 is present in options in /boot/loader/entries/.*.conf</span> 
        <span class="label label-default">oval:ssg-test_fips_1_argument_in_boot_loader_entries_conf:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/boot/loader/entries/ostree-1.conf</td><td>options root=UUID=00c49597-82c6-4f71-babe-a6ca5366e36f rw boot=UUID=afb2b2b2-e3e8-4e6d-a0c1-f091c135871d rw console=tty0 console=ttyS0 fips=1 inst.noverifyssl audit_backlog_limit=8192 audit=1 slub_debug=P page_poison=1 vsyscall=none pti=on ostree=/ostree/boot.1/default/6fe9dddacaf5c3232ba2332010aa7442e0a6d0e3f455b7572b047cc2284c3f2f/0</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sysctl_crypto_fips_enabled" id="rule-detail-idm45637211961680"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set kernel parameter 'crypto.fips_enabled' to 1xccdf_org.ssgproject.content_rule_sysctl_crypto_fips_enabled highCCE-83441-6 </div><div class="panel-heading"><h3 class="panel-title">Set kernel parameter 'crypto.fips_enabled' to 1</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sysctl_crypto_fips_enabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sysctl_crypto_fips_enabled:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83441-6">CCE-83441-6</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000068, CCI-000803, CCI-000877, CCI-001453, CCI-002418, CCI-002450, CCI-002890, CCI-003123</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R4.2, CIP-007-3 R5.1</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>SC-12(2), SC-12(3), IA-7, SC-13, CM-6(a), SC-12</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000396-GPOS-00176, SRG-OS-000423-GPOS-00187, SRG-OS-000478-GPOS-00223</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-671010</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258230r926677_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">System running in FIPS mode is indicated by kernel parameter
<code>'crypto.fips_enabled'</code>. This parameter should be set to <code>1</code> in FIPS mode.
To enable FIPS mode, run the following command:
<pre>fips-mode-setup --enable</pre>

To enable strict FIPS compliance, the fips=1 kernel option needs to be added to the kernel boot
parameters during system installation so key generation is done with FIPS-approved algorithms
and continuous monitoring tests in place.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to
protect data. The operating system must implement cryptographic modules adhering to the higher
standards approved by the federal government since this provides assurance they have been tested
and validated.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                System Crypto Modules must be provided by a vendor that undergoes FIPS-140 certifications.
FIPS-140 is applicable to all Federal agencies that use cryptographic-based security
systems to protect sensitive information in computer and telecommunication systems
(including voice systems) as defined in Section 5131 of the Information Technology
Management Reform Act of 1996, Public Law 104-106. This standard shall be used in designing
and implementing cryptographic modules that Federal departments and agencies operate or are
operated for them under contract.
See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
To meet this, the system has to have cryptographic software provided by a vendor that has
undergone this certification. This means providing documentation, test results, design
information, and independent third party review by an accredited lab. While open source
software is capable of meeting this, it does not meet FIPS-140 unless the vendor submits to
this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">kernel runtime parameter crypto.fips_enabled set to 1</span> 
        <span class="label label-default">oval:ssg-test_sysctl_crypto_fips_enabled:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>crypto.fips_enabled</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-notapplicable rule-detail-id-xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy" id="rule-detail-idm45637211954976"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure BIND to use System Crypto Policyxccdf_org.ssgproject.content_rule_configure_bind_crypto_policy highCCE-83451-5 </div><div class="panel-heading"><h3 class="panel-title">Configure BIND to use System Crypto Policy</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_configure_bind_crypto_policy</td></tr><tr><td>Result</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83451-5">CCE-83451-5</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R4.2, CIP-007-3 R5.1</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>SC-13, SC-12(2), SC-12(3)</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-672050</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258242r926713_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">Crypto Policies provide a centralized control over crypto algorithms usage of many packages.
BIND is supported by crypto policy, but the BIND configuration may be
set up to ignore it.

To check that Crypto Policies settings are configured correctly, ensure that the <code>/etc/named.conf</code>
includes the appropriate configuration:
In the <code>options</code> section of <code>/etc/named.conf</code>, make sure that the following line
is not commented out or superseded by later includes:
<code>include "/etc/crypto-policies/back-ends/bind.config";</code>
        </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Overriding the system crypto policy makes the behavior of the BIND service violate expectations,
and makes system configuration more fragmented.</div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_configure_crypto_policy" id="rule-detail-idm45637211952272"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure System Cryptography Policyxccdf_org.ssgproject.content_rule_configure_crypto_policy highCCE-83450-7 </div><div class="panel-heading"><h3 class="panel-title">Configure System Cryptography Policy</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_configure_crypto_policy</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-configure_crypto_policy:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83450-7">CCE-83450-7</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(4)(i), 164.308(b)(1), 164.308(b)(3), 164.312(e)(1), 164.312(e)(2)(ii)</td></tr><tr><td><a href="https://www.cyber.gov.au/acsc/view-all-content/ism">ism</a></td><td>1446</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R4.2, CIP-007-3 R5.1, CIP-007-3 R7.1</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>AC-17(a), AC-17(2), CM-6(a), MA-4(6), SC-13, SC-12(2), SC-12(3)</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4), FCS_CKM.1, FCS_CKM.2, FCS_TLSC_EXT.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174</td></tr><tr><td><a href="https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html">ccn</a></td><td>A.5.SEC-RHEL4</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>1.10</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>2.2.7</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-671010, RHEL-09-672030, RHEL-09-672045</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258230r926677_rule, SV-258238r926701_rule, SV-258241r926710_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">To configure the system cryptography policy to use ciphers only from the <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_system_crypto_policy">FIPS</abbr></code>
policy, run the following command:
<pre>$ sudo update-crypto-policies --set <abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_system_crypto_policy">FIPS</abbr>
         </pre>
The rule checks if settings for selected crypto policy are configured as expected. Configuration files in the <code>/etc/crypto-policies/back-ends</code> are either symlinks to correct files provided by Crypto-policies package or they are regular files in case crypto policy customizations are applied.
Crypto policies may be customized by crypto policy modules, in which case it is delimited from the base policy using a colon.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Centralized cryptographic policies simplify applying secure ciphers across an operating system and
the applications that run on that operating system. Use of weak or untested encryption algorithms
undermines the purposes of utilizing encryption to protect data.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                System Crypto Modules must be provided by a vendor that undergoes
FIPS-140 certifications.
FIPS-140 is applicable to all Federal agencies that use
cryptographic-based security systems to protect sensitive information
in computer and telecommunication systems (including voice systems) as
defined in Section 5131 of the Information Technology Management Reform
Act of 1996, Public Law 104-106. This standard shall be used in
designing and implementing cryptographic modules that Federal
departments and agencies operate or are operated for them under
contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
To meet this, the system has to have cryptographic software provided by
a vendor that has undergone this certification. This means providing
documentation, test results, design information, and independent third
party review by an accredited lab. While open source software is
capable of meeting this, it does not meet FIPS-140 unless the vendor
submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check for crypto policy correctly configured in /etc/crypto-policies/config</span> 
        <span class="label label-default">oval:ssg-test_configure_crypto_policy:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/crypto-policies/config</td><td>FIPS</td></tr></tbody></table><h4><span class="label label-primary">check for crypto policy correctly configured in /etc/crypto-policies/state/current</span> 
        <span class="label label-default">oval:ssg-test_configure_crypto_policy_current:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/crypto-policies/state/current</td><td>FIPS</td></tr></tbody></table><h4><span class="label label-primary">Check if update-crypto-policies has been run</span> 
        <span class="label label-default">oval:ssg-test_crypto_policies_updated:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>oval:ssg-variable_crypto_policies_config_file_timestamp:var:1</td><td>1721939919</td></tr></tbody></table><h4><span class="label label-primary">Check if /etc/crypto-policies/back-ends/nss.config exists</span> 
        <span class="label label-default">oval:ssg-test_crypto_policy_nss_config:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Type</th><th>UID</th><th>GID</th><th>Size (B)</th><th>Permissions</th></tr></thead><tbody><tr><td><span class="label label-danger">not evaluated</span></td><td>/etc/crypto-policies/back-ends/nss.config</td><td>regular</td><td>0</td><td>0</td><td>398</td><td><code>rw-r--r-- </code></td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy" id="rule-detail-idm45637211944752"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure Kerberos to use System Crypto Policyxccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy highCCE-83449-9 </div><div class="panel-heading"><h3 class="panel-title">Configure Kerberos to use System Crypto Policy</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_configure_kerberos_crypto_policy</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-configure_kerberos_crypto_policy:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83449-9">CCE-83449-9</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cyber.gov.au/acsc/view-all-content/ism">ism</a></td><td>0418, 1055, 1402</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R4.2, CIP-007-3 R5.1</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>SC-13, SC-12(2), SC-12(3)</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000120-GPOS-00061</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-672025</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258237r926698_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">Crypto Policies provide a centralized control over crypto algorithms usage of many packages.
Kerberos is supported by crypto policy, but it's configuration may be
set up to ignore it.
To check that Crypto Policies settings for Kerberos are configured correctly, examine that there is a symlink at
/etc/krb5.conf.d/crypto-policies targeting /etc/cypto-policies/back-ends/krb5.config.
If the symlink exists, Kerberos is configured to use the system-wide crypto policy settings.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Overriding the system crypto policy makes the behavior of Kerberos violate expectations,
and makes system configuration more fragmented.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Check if kerberos configuration symlink and crypto policy kerberos backend symlink point to same file</span> 
        <span class="label label-default">oval:ssg-test_configure_kerberos_crypto_policy_symlink:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>oval:ssg-var_symlink_kerberos_crypto_policy_configuration:var:1</td><td>/usr/share/crypto-policies/FIPS/krb5.txt</td></tr></tbody></table><h4><span class="label label-primary">Check if kerberos configuration symlink links to the crypto-policy backend file</span> 
        <span class="label label-default">oval:ssg-test_configure_kerberos_crypto_policy_nosymlink:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-danger">false</span></td><td>oval:ssg-var_symlink_kerberos_crypto_policy_configuration:var:1</td><td>/usr/share/crypto-policies/FIPS/krb5.txt</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_configure_libreswan_crypto_policy" id="rule-detail-idm45637211940752"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure Libreswan to use System Crypto Policyxccdf_org.ssgproject.content_rule_configure_libreswan_crypto_policy highCCE-83446-5 </div><div class="panel-heading"><h3 class="panel-title">Configure Libreswan to use System Crypto Policy</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_configure_libreswan_crypto_policy</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-configure_libreswan_crypto_policy:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83446-5">CCE-83446-5</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R4.2, CIP-007-3 R5.1</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a), MA-4(6), SC-13, SC-12(2), SC-12(3)</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FCS_IPSEC_EXT.1.4, FCS_IPSEC_EXT.1.6</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-2.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000033-GPOS-00014</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-671020</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258232r926683_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">Crypto Policies provide a centralized control over crypto algorithms usage of many packages.
Libreswan is supported by system crypto policy, but the Libreswan configuration may be
set up to ignore it.

To check that Crypto Policies settings are configured correctly, ensure that the <code>/etc/ipsec.conf</code>
includes the appropriate configuration file.
In <code>/etc/ipsec.conf</code>, make sure that the following line
is not commented out or superseded by later includes:
<code>include /etc/crypto-policies/back-ends/libreswan.config</code>
        </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Overriding the system crypto policy makes the behavior of the Libreswan
service violate expectations, and makes system configuration more
fragmented.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package libreswan is installed</span> 
        <span class="label label-default">oval:ssg-test_package_libreswan_installed:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_test_package_libreswan_installed:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>libreswan</td></tr></tbody></table><h4><span class="label label-primary">Check that the libreswan configuration includes the crypto policy config file</span> 
        <span class="label label-default">oval:ssg-test_configure_libreswan_crypto_policy:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_configure_libreswan_crypto_policy:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/ipsec.conf</td><td>^\s*include\s+/etc/crypto-policies/back-ends/libreswan.config\s*(?:#.*)?$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy" id="rule-detail-idm45637211925936"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Configure SSH Client to Use FIPS 140-2 Validated Ciphers: openssh.configxccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy highCCE-90125-6 </div><div class="panel-heading"><h3 class="panel-title">Configure SSH Client to Use FIPS 140-2 Validated Ciphers: openssh.config</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-harden_sshd_ciphers_openssh_conf_crypto_policy:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-90125-6">CCE-90125-6</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000068, CCI-000877, CCI-001453, CCI-002418, CCI-002890, CCI-003123</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>AC-17(2)</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000250-GPOS-00093, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000423-GPOS-00187</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-255060</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257988r925951_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">Crypto Policies provide a centralized control over crypto algorithms usage of many packages.
OpenSSH is supported by system crypto policy, but the OpenSSH configuration may be
set up incorrectly.

To check that Crypto Policies settings for ciphers are configured correctly, ensure that
<code>/etc/crypto-policies/back-ends/openssh.config</code> contains the following
line and is not commented out:
<pre>Ciphers <abbr title="from TestResult: xccdf_org.ssgproject.content_value_sshd_approved_ciphers">aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr</abbr>
         </pre>
        </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Overriding the system crypto policy makes the behavior of the OpenSSH client
violate expectations, and makes system configuration more fragmented. By
specifying a cipher list with the order of ciphers being in a “strongest to
weakest” orientation, the system will automatically attempt to use the
strongest cipher for securing SSH connections.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                The system needs to be rebooted for these changes to take effect.</div></div><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                System Crypto Modules must be provided by a vendor that undergoes
FIPS-140 certifications.
FIPS-140 is applicable to all Federal agencies that use
cryptographic-based security systems to protect sensitive information
in computer and telecommunication systems (including voice systems) as
defined in Section 5131 of the Information Technology Management Reform
Act of 1996, Public Law 104-106. This standard shall be used in
designing and implementing cryptographic modules that Federal
departments and agencies operate or are operated for them under
contract. See <b><a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf</a></b>
To meet this, the system has to have cryptographic software provided by
a vendor that has undergone this certification. This means providing
documentation, test results, design information, and independent third
party review by an accredited lab. While open source software is
capable of meeting this, it does not meet FIPS-140 unless the vendor
submits to this process.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">test the value of Ciphers setting in the /etc/crypto-policies/back-ends/openssh.config file</span> 
        <span class="label label-default">oval:ssg-test_harden_sshd_ciphers_openssh_conf_crypto_policy:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/crypto-policies/back-ends/openssh.config</td><td>Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_installed_OS_is_vendor_supported" id="rule-detail-idm45637211910848"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->The Installed Operating System Is Vendor Supportedxccdf_org.ssgproject.content_rule_installed_OS_is_vendor_supported highCCE-83453-1 </div><div class="panel-heading"><h3 class="panel-title">The Installed Operating System Is Vendor Supported</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_installed_OS_is_vendor_supported</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-installed_OS_is_vendor_supported:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83453-1">CCE-83453-1</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>18, 20, 4</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO12.01, APO12.02, APO12.03, APO12.04, BAI03.10, DSS05.01, DSS05.02</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.2.3, 4.2.3.12, 4.2.3.7, 4.2.3.9</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.12.6.1, A.14.2.3, A.16.1.3, A.18.2.2, A.18.2.3</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a), MA-6, SA-13(a)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>ID.RA-1, PR.IP-12</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-211010</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257777r925318_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The installed operating system must be maintained by a vendor.

Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise
Linux vendor, Red Hat, Inc. is responsible for providing security patches.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">An operating system is considered "supported" if the vendor continues to
provide security patches for the product.  With an unsupported release, it
will not be possible to resolve any security issue discovered in the system
software.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                There is no remediation besides switching to a different operating system.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel7_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-client is version 7</span> 
        <span class="label label-default">oval:ssg-test_rhel7_client:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_client:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-client</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-workstation is version 7</span> 
        <span class="label label-default">oval:ssg-test_rhel7_workstation:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_workstation:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-workstation</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-server is version 7</span> 
        <span class="label label-default">oval:ssg-test_rhel7_server:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-server</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-computenode is version 7</span> 
        <span class="label label-default">oval:ssg-test_rhel7_computenode:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhel7_computenode:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-computenode</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 7</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel7_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel7_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel8_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 8</span> 
        <span class="label label-default">oval:ssg-test_rhel8:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-danger">false</span></td><td>redhat-release</td><td>x86_64</td><td>(none)</td><td>0.4.el9</td><td>9.4</td><td>0:9.4-0.4.el9</td><td>199e2f91fd431d51</td><td>redhat-release-0:9.4-0.4.el9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 8</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel8_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel8_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel9_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel9_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhel9:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>redhat-release</td><td>x86_64</td><td>(none)</td><td>0.4.el9</td><td>9.4</td><td>0:9.4-0.4.el9</td><td>199e2f91fd431d51</td><td>redhat-release-0:9.4-0.4.el9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhel9:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>redhat-release</td><td>x86_64</td><td>(none)</td><td>0.4.el9</td><td>9.4</td><td>0:9.4-0.4.el9</td><td>199e2f91fd431d51</td><td>redhat-release-0:9.4-0.4.el9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel9_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel9_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel9_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel9_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel9_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel9_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhel9:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>redhat-release</td><td>x86_64</td><td>(none)</td><td>0.4.el9</td><td>9.4</td><td>0:9.4-0.4.el9</td><td>199e2f91fd431d51</td><td>redhat-release-0:9.4-0.4.el9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhel9:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>redhat-release</td><td>x86_64</td><td>(none)</td><td>0.4.el9</td><td>9.4</td><td>0:9.4-0.4.el9</td><td>199e2f91fd431d51</td><td>redhat-release-0:9.4-0.4.el9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel9_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel9_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel9_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel9_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span> 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 7</span> 
        <span class="label label-default">oval:ssg-test_ol7_system:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol7_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span> 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">oraclelinux-release is version 8</span> 
        <span class="label label-default">oval:ssg-test_ol8_system:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ol8_system:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>oraclelinux-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_sle12_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 6</span> 
        <span class="label label-default">oval:ssg-test_sle12_desktop:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 6</span> 
        <span class="label label-default">oval:ssg-test_sle12_server:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle12_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 12</span> 
        <span class="label label-default">oval:ssg-test_sles_12_for_sap:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_12_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_sle15_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">sled-release is version 15</span> 
        <span class="label label-default">oval:ssg-test_sle15_desktop:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_desktop:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sled-release</td></tr></tbody></table><h4><span class="label label-primary">sles-release is version 15</span> 
        <span class="label label-default">oval:ssg-test_sle15_server:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle15_server:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>sles-release</td></tr></tbody></table><h4><span class="label label-primary">SLES_SAP-release is version 15</span> 
        <span class="label label-default">oval:ssg-test_sles_15_for_sap:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sles_15_for_sap:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLES_SAP-release</td></tr></tbody></table><h4><span class="label label-primary">SUMA is version 4</span> 
        <span class="label label-default">oval:ssg-test_suma_4:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_suma_4:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SUSE-Manager-Server-release</td></tr></tbody></table><h4><span class="label label-primary">SLE HPC release is version 15</span> 
        <span class="label label-default">oval:ssg-test_sle_hpc:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_sle_hpc:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>SLE_HPC-release</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-notchecked rule-detail-id-xccdf_org.ssgproject.content_rule_encrypt_partitions" id="rule-detail-idm45637211894000"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Encrypt Partitionsxccdf_org.ssgproject.content_rule_encrypt_partitions highCCE-90849-1 </div><div class="panel-heading"><h3 class="panel-title">Encrypt Partitions</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_encrypt_partitions</td></tr><tr><td>Result</td><td class="rule-result rule-result-notchecked"><div><abbr title="The Rule was not evaluated by the checking engine. This status is designed for Rule elements that have no check elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.">notchecked</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-90849-1">CCE-90849-1</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>13, 14</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, BAI02.01, BAI06.01, DSS04.07, DSS05.03, DSS05.04, DSS05.07, DSS06.02, DSS06.06</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.13.16</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-001199, CCI-002475, CCI-002476</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(D), 164.308(b)(1), 164.310(d), 164.312(a)(1), 164.312(a)(2)(iii), 164.312(a)(2)(iv), 164.312(b), 164.312(c), 164.314(b)(2)(i), 164.312(d)</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 3.4, SR 4.1, SR 5.2</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3, A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R4.2, CIP-007-3 R5.1</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a), SC-28, SC-28(1), SC-13, AU-9(3)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.DS-1, PR.DS-5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000405-GPOS-00184, SRG-OS-000185-GPOS-00079, SRG-OS-000404-GPOS-00183</td></tr><tr><td><a href="https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html">ccn</a></td><td>A.25.SEC-RHEL1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-231190</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257879r925624_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">Red Hat Enterprise Linux 9 natively supports partition encryption through the
Linux Unified Key Setup-on-disk-format (LUKS) technology. The easiest way to
encrypt a partition is during installation time.
<br>
        <br>
For manual installations, select the <code>Encrypt</code> checkbox during
partition creation to encrypt the partition. When this
option is selected the system will prompt for a passphrase to use in
decrypting the partition. The passphrase will subsequently need to be entered manually
every time the system boots.

<br>
        <br>
For automated/unattended installations, it is possible to use Kickstart by adding
the <code>--encrypted</code> and <code>--passphrase=</code> options to the definition of each partition to be
encrypted. For example, the following line would encrypt the root partition:
<pre>part / --fstype=ext4 --size=100 --onpart=hda1 --encrypted --passphrase=<i>PASSPHRASE</i>
        </pre>
Any <i>PASSPHRASE</i> is stored in the Kickstart in plaintext, and the Kickstart
must then be protected accordingly.
Omitting the <code>--passphrase=</code> option from the partition definition will cause the
installer to pause and interactively ask for the passphrase during installation.
<br>
        <br>
By default, the <code>Anaconda</code> installer uses <code>aes-xts-plain64</code> cipher
with a minimum <code>512</code> bit key size which should be compatible with FIPS enabled.

<br>
        <br>
Detailed information on encrypting partitions using LUKS or LUKS ciphers can be found on
the Red Hat Enterprise Linux 9 Documentation web site:<br>
        <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/encrypting-block-devices-using-luks_security-hardening">https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/encrypting-block-devices-using-luks_security-hardening</a>
.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">The risk of a system's physical compromise, particularly mobile systems such as
laptops, places its data at risk of compromise.  Encrypting this data mitigates
the risk of its loss if the system is lost.</div></td></tr><tr><td colspan="2"><div class="evaluation-messages"><span class="label label-default"><abbr title="Messages taken from rule-result">Evaluation messages</abbr></span><div class="panel panel-default"><div class="panel-body"><span class="label label-primary">info</span> 
                                <pre><message xmlns="http://checklists.nist.gov/xccdf/1.2" severity="info">No candidate or applicable check found.</message></pre></div></div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notapplicable rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown" id="rule-detail-idm45637211858368"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable the GNOME3 Login Restart and Shutdown Buttonsxccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown highCCE-86315-9 </div><div class="panel-heading"><h3 class="panel-title">Disable the GNOME3 Login Restart and Shutdown Buttons</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_disable_restart_shutdown</td></tr><tr><td>Result</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-86315-9">CCE-86315-9</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>12, 13, 14, 15, 16, 18, 3, 5</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, DSS05.04, DSS05.07, DSS06.02</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.1.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.7.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 2.1, SR 5.2</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3, A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a), AC-6(1), CM-7(b)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-4, PR.DS-5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-271095, RHEL-09-271100</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258029r943059_rule, SV-258030r926077_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">In the default graphical environment, users logging directly into the
system are greeted with a login screen that allows any user, known or
unknown, the ability the ability to shutdown or restart the system. This
functionality should be disabled by setting
<code>disable-restart-buttons</code> to <code>true</code>.
<br>
         <br>
To disable, add or edit <code>disable-restart-buttons</code> to
<code>/etc/dconf/db/distro.d/00-security-settings</code>. For example:
<pre>[org/gnome/login-screen]
disable-restart-buttons=true</pre>
Once the setting has been added, add a lock to
<code>/etc/dconf/db/distro.d/locks/00-security-settings-lock</code> to prevent
user modification. For example:
<pre>/org/gnome/login-screen/disable-restart-buttons</pre>
After the settings have been set, run <code>dconf update</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">A user who is at the console can reboot the system at the login screen. If restart or shutdown buttons
are pressed at the login screen, this can create the risk of short-term loss of availability of systems
due to reboot.</div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notapplicable rule-detail-id-xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login" id="rule-detail-idm45637211844832"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable GDM Automatic Loginxccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login highCCE-89663-9 </div><div class="panel-heading"><h3 class="panel-title">Disable GDM Automatic Login</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login</td></tr><tr><td>Result</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-89663-9">CCE-89663-9</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 3, 9</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>BAI10.01, BAI10.02, BAI10.03, BAI10.05</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.1.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.4.3.2, 4.3.4.3.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.12.1.2, A.12.5.1, A.12.6.2, A.14.2.2, A.14.2.3, A.14.2.4</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a), AC-6(1), CM-7(b)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.IP-1</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FIA_UAU.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00229</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>8.3.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-271040</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258018r926041_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The GNOME Display Manager (GDM) can allow users to automatically login without
user interaction or credentials. User should always be required to authenticate themselves
to the system that they are authorized to use. To disable user ability to automatically
login to the system, set the <code>AutomaticLoginEnable</code> to <code>false</code> in the
<code>[daemon]</code> section in <code>/etc/gdm/custom.conf</code>. For example:
<pre>[daemon]
AutomaticLoginEnable=false</pre>
        </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Failure to restrict system access to authenticated users negatively impacts operating
system security.</div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notapplicable rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_gnome_disable_ctrlaltdel_reboot" id="rule-detail-idm45637211790704"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3xccdf_org.ssgproject.content_rule_dconf_gnome_disable_ctrlaltdel_reboot highCCE-88653-1 </div><div class="panel-heading"><h3 class="panel-title">Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_gnome_disable_ctrlaltdel_reboot</td></tr><tr><td>Result</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-88653-1">CCE-88653-1</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>12, 13, 14, 15, 16, 18, 3, 5</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, DSS05.04, DSS05.07, DSS06.02</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.1.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.7.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 2.1, SR 5.2</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3, A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a), AC-6(1), CM-7(b)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-4, PR.DS-5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-271105, RHEL-09-271110</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258031r926080_rule, SV-258032r926083_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">By default, <code>GNOME</code> will reboot the system if the
<code>Ctrl-Alt-Del</code> key sequence is pressed.
<br>
         <br>
To configure the system to ignore the <code>Ctrl-Alt-Del</code> key sequence
from the Graphical User Interface (GUI) instead of rebooting the system,
add or set <code>logout</code> to <code>''</code> in
<code>/etc/dconf/db/local.d/00-security-settings</code>. For example:
<pre>[org/gnome/settings-daemon/plugins/media-keys]
logout=''</pre>
Once the settings have been added, add a lock to
<code>/etc/dconf/db/local.d/locks/00-security-settings-lock</code> to prevent
user modification. For example:
<pre>/org/gnome/settings-daemon/plugins/media-keys/logout</pre>
After the settings have been set, run <code>dconf update</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">A locally logged-in user who presses Ctrl-Alt-Del, when at the console,
can reboot the system. If accidentally pressed, as could happen in
the case of mixed OS environment, this can create the risk of short-term
loss of availability of systems due to unintentional reboot.</div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notapplicable rule-detail-id-xccdf_org.ssgproject.content_rule_dconf_db_up_to_date" id="rule-detail-idm45637211863760"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Make sure that the dconf databases are up-to-date with regards to respective keyfilesxccdf_org.ssgproject.content_rule_dconf_db_up_to_date highCCE-87295-2 </div><div class="panel-heading"><h3 class="panel-title">Make sure that the dconf databases are up-to-date with regards to respective keyfiles</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_dconf_db_up_to_date</td></tr><tr><td>Result</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-87295-2">CCE-87295-2</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(B), 164.308(a)(5)(ii)(A)</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-6.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html">ccn</a></td><td>reload_dconf_db</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>reload_dconf_db</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>8.2.8</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-271090</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258028r926071_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">By default, DConf uses a binary database as a data backend.
The system-level database is compiled from keyfiles in the /etc/dconf/db/
directory by the <pre>dconf update</pre> command. More specifically, content present
in the following directories:
<pre>/etc/dconf/db/distro.d</pre>
        <pre>/etc/dconf/db/local.d</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Unlike text-based keyfiles, the binary database is impossible to check by OVAL.
Therefore, in order to evaluate dconf configuration, both have to be true at the same time -
configuration files have to be compliant, and the database needs to be more recent than those keyfiles,
which gives confidence that it reflects them.</div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" id="rule-detail-idm45637211667712"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled In Main dnf Configurationxccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated highCCE-83457-2 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled In Main dnf Configuration</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-ensure_gpgcheck_globally_activated:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83457-2">CCE-83457-2</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 2, 3, 9</td></tr><tr><td><a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">cjis</a></td><td>5.10.4.1</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, BAI03.05, BAI06.01, BAI10.01, BAI10.02, BAI10.03, BAI10.05, DSS06.02</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.4.8</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-001749</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(D), 164.312(b), 164.312(c)(1), 164.312(c)(2), 164.312(e)(2)(i)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.4.3.2, 4.3.4.3.3, 4.3.4.4.4</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 3.1, SR 3.3, SR 3.4, SR 3.8, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.11.2.4, A.12.1.2, A.12.2.1, A.12.5.1, A.12.6.2, A.14.1.2, A.14.1.3, A.14.2.2, A.14.2.3, A.14.2.4</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-5(3), SI-7, SC-12, SC-12(3), CM-6(a), SA-12, SA-12(10), CM-11(a), CM-11(b)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.DS-6, PR.DS-8, PR.IP-1</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FPT_TUD_EXT.1, FPT_TUD_EXT.2</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-6.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000366-GPOS-00153</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R59</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>1.2.2</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>6.3.3</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-214015</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257820r925447_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The <code>gpgcheck</code> option controls whether
RPM packages' signatures are always checked prior to installation.
To configure dnf to check package signatures before installing
them, ensure the following line appears in <code>/etc/dnf/dnf.conf</code> in
the <code>[main]</code> section:
<pre>gpgcheck=1</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Changes to any software components can have significant effects on the
overall security of the operating system. This requirement ensures the
software has not been tampered with and that it has been provided by a
trusted vendor.
<br>
Accordingly, patches, service packs, device drivers, or operating system
components must be signed with a certificate recognized and approved by the
organization.
<br>Verifying the authenticity of the software prior to installation
validates the integrity of the patch or upgrade received from a vendor.
This ensures the software has not been tampered with and that it has been
provided by a trusted vendor. Self-signed certificates are disallowed by
this requirement. Certificates used to verify the software must be from an
approved Certificate Authority (CA).</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check value of gpgcheck in /etc/dnf/dnf.conf</span> 
        <span class="label label-default">oval:ssg-test_ensure_gpgcheck_globally_activated:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-danger">not evaluated</span></td><td>/etc/dnf/dnf.conf</td><td>gpgcheck=1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages" id="rule-detail-idm45637211663712"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled for Local Packagesxccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages highCCE-83463-0 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled for Local Packages</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_local_packages</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-ensure_gpgcheck_local_packages:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83463-0">CCE-83463-0</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 3, 9</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>BAI10.01, BAI10.02, BAI10.03, BAI10.05</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.4.8</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-001749</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(D), 164.312(b), 164.312(c)(1), 164.312(c)(2), 164.312(e)(2)(i)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.4.3.2, 4.3.4.3.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.12.1.2, A.12.5.1, A.12.6.2, A.14.2.2, A.14.2.3, A.14.2.4</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-11(a), CM-11(b), CM-6(a), CM-5(3), SA-12, SA-12(10)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.IP-1</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FPT_TUD_EXT.1, FPT_TUD_EXT.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000366-GPOS-00153</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R59</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-214020</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257821r925450_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description"><code>dnf</code> should be configured to verify the signature(s) of local packages
prior to installation. To configure <code>dnf</code> to verify signatures of local
packages, set the <code>localpkg_gpgcheck</code> to <code>1</code> in <code>/etc/dnf/dnf.conf</code>.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Changes to any software components can have significant effects to the overall security
of the operating system. This requirement ensures the software has not been tampered and
has been provided by a trusted vendor.
<br>
        <br>
Accordingly, patches, service packs, device drivers, or operating system components must
be signed with a certificate recognized and approved by the organization.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check value of localpkg_gpgcheck in /etc/dnf/dnf.conf</span> 
        <span class="label label-default">oval:ssg-test_yum_ensure_gpgcheck_local_packages:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-danger">not evaluated</span></td><td>/etc/dnf/dnf.conf</td><td>localpkg_gpgcheck = 1
</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" id="rule-detail-idm45637211659712"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure gpgcheck Enabled for All dnf Package Repositoriesxccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled highCCE-83464-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure gpgcheck Enabled for All dnf Package Repositories</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-ensure_gpgcheck_never_disabled:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83464-8">CCE-83464-8</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 2, 3, 9</td></tr><tr><td><a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">cjis</a></td><td>5.10.4.1</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, BAI03.05, BAI06.01, BAI10.01, BAI10.02, BAI10.03, BAI10.05, DSS06.02</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.4.8</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-001749</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(D), 164.312(b), 164.312(c)(1), 164.312(c)(2), 164.312(e)(2)(i)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.4.3.2, 4.3.4.3.3, 4.3.4.4.4</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 3.1, SR 3.3, SR 3.4, SR 3.8, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.11.2.4, A.12.1.2, A.12.2.1, A.12.5.1, A.12.6.2, A.14.1.2, A.14.1.3, A.14.2.2, A.14.2.3, A.14.2.4</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-5(3), SI-7, SC-12, SC-12(3), CM-6(a), SA-12, SA-12(10), CM-11(a), CM-11(b)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.DS-6, PR.DS-8, PR.IP-1</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FPT_TUD_EXT.1, FPT_TUD_EXT.2</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-6.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000366-GPOS-00153</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R59</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>6.3.3</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-214025</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257822r925453_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">To ensure signature checking is not disabled for
any repos, remove any lines from files in <code>/etc/yum.repos.d</code> of the form:
<pre>gpgcheck=0</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Verifying the authenticity of the software prior to installation validates
the integrity of the patch or upgrade received from a vendor. This ensures
the software has not been tampered with and that it has been provided by a
trusted vendor. Self-signed certificates are disallowed by this
requirement. Certificates used to verify the software must be from an
approved Certificate Authority (CA)."</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check for existence of gpgcheck=0 in /etc/yum.repos.d/ files</span> 
        <span class="label label-default">oval:ssg-test_ensure_gpgcheck_never_disabled:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_ensure_gpgcheck_never_disabled:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Path</th><th>Filename</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/yum.repos.d</td><td>.*</td><td>^\s*gpgcheck\s*=\s*0\s*$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed" id="rule-detail-idm45637211655712"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure Red Hat GPG Key Installedxccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed highCCE-84180-9 </div><div class="panel-heading"><h3 class="panel-title">Ensure Red Hat GPG Key Installed</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-ensure_redhat_gpgkey_installed:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-84180-9">CCE-84180-9</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 2, 3, 9</td></tr><tr><td><a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">cjis</a></td><td>5.10.4.1</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, BAI03.05, BAI06.01, BAI10.01, BAI10.02, BAI10.03, BAI10.05, DSS06.02</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.4.8</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-001749</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(D), 164.312(b), 164.312(c)(1), 164.312(c)(2), 164.312(e)(2)(i)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.4.3.2, 4.3.4.3.3, 4.3.4.4.4</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 3.1, SR 3.3, SR 3.4, SR 3.8, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.11.2.4, A.12.1.2, A.12.2.1, A.12.5.1, A.12.6.2, A.14.1.2, A.14.1.3, A.14.2.2, A.14.2.3, A.14.2.4</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R4.2, CIP-003-8 R6, CIP-007-3 R4, CIP-007-3 R4.1, CIP-007-3 R4.2, CIP-007-3 R5.1</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-5(3), SI-7, SC-12, SC-12(3), CM-6(a)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.DS-6, PR.DS-8, PR.IP-1</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FPT_TUD_EXT.1, FPT_TUD_EXT.2</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-6.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000366-GPOS-00153</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R59</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>6.3.3</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-214010</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257819r925444_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">To ensure the system can cryptographically verify base software packages
come from Red Hat (and to connect to the Red Hat Network to receive them),
the Red Hat GPG key must properly be installed. To install the Red Hat GPG
key, run:
<pre>$ sudo subscription-manager register</pre>

If the system is not connected to the Internet or an RHN Satellite, then
install the Red Hat GPG key from trusted media such as the Red Hat
installation CD-ROM or DVD. Assuming the disc is mounted in
<code>/media/cdrom</code>, use the following command as the root user to import
it into the keyring:
<pre>$ sudo rpm --import /media/cdrom/RPM-GPG-KEY</pre>

Alternatively, the key may be pre-loaded during the RHEL installation. In
such cases, the key can be installed by running the following command:
<pre>sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Changes to software components can have significant effects on the overall
security of the operating system. This requirement ensures the software has
not been tampered with and that it has been provided by a trusted vendor.
The Red Hat GPG key is necessary to cryptographically verify packages are
from Red Hat.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel9_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel9_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhel9:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>redhat-release</td><td>x86_64</td><td>(none)</td><td>0.4.el9</td><td>9.4</td><td>0:9.4-0.4.el9</td><td>199e2f91fd431d51</td><td>redhat-release-0:9.4-0.4.el9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhel9:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>redhat-release</td><td>x86_64</td><td>(none)</td><td>0.4.el9</td><td>9.4</td><td>0:9.4-0.4.el9</td><td>199e2f91fd431d51</td><td>redhat-release-0:9.4-0.4.el9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel9_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel9_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel9_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel9_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel9_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">installed OS part of unix family</span> 
        <span class="label label-default">oval:ssg-test_rhel9_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhel9:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>redhat-release</td><td>x86_64</td><td>(none)</td><td>0.4.el9</td><td>9.4</td><td>0:9.4-0.4.el9</td><td>199e2f91fd431d51</td><td>redhat-release-0:9.4-0.4.el9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">redhat-release is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhel9:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>redhat-release</td><td>x86_64</td><td>(none)</td><td>0.4.el9</td><td>9.4</td><td>0:9.4-0.4.el9</td><td>199e2f91fd431d51</td><td>redhat-release-0:9.4-0.4.el9.x86_64</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">redhat-release-virtualization-host RPM package is installed</span> 
        <span class="label label-default">oval:ssg-test_rhvh4_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhvh4_version:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>redhat-release-virtualization-host</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel9_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel9_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">RHEVH base RHEL is version 9</span> 
        <span class="label label-default">oval:ssg-test_rhevh_rhel9_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_rhevh_rhel9_version:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/redhat-release</td><td>^Red Hat Enterprise Linux release (\d)\.\d+$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">Red Hat release key package is installed</span> 
        <span class="label label-default">oval:ssg-test_redhat_package_gpgkey-fd431d51-4ae0493b_installed:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>gpg-pubkey</td><td>(none)</td><td>(none)</td><td>4ae0493b</td><td>fd431d51</td><td>0:fd431d51-4ae0493b</td><td>0</td><td>gpg-pubkey-0:fd431d51-4ae0493b.(none)</td></tr><tr><td><span class="label label-danger">false</span></td><td>gpg-pubkey</td><td>(none)</td><td>(none)</td><td>6229229e</td><td>5a6340b3</td><td>0:5a6340b3-6229229e</td><td>0</td><td>gpg-pubkey-0:5a6340b3-6229229e.(none)</td></tr></tbody></table><h4><span class="label label-primary">Red Hat auxiliary key package is installed</span> 
        <span class="label label-default">oval:ssg-test_redhat_package_gpgkey-5a6340b3-6229229e_installed:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-danger">false</span></td><td>gpg-pubkey</td><td>(none)</td><td>(none)</td><td>4ae0493b</td><td>fd431d51</td><td>0:fd431d51-4ae0493b</td><td>0</td><td>gpg-pubkey-0:fd431d51-4ae0493b.(none)</td></tr><tr><td><span class="label label-success">true</span></td><td>gpg-pubkey</td><td>(none)</td><td>(none)</td><td>6229229e</td><td>5a6340b3</td><td>0:5a6340b3-6229229e</td><td>0</td><td>gpg-pubkey-0:5a6340b3-6229229e.(none)</td></tr></tbody></table><h4><span class="label label-primary">Test installed OS is part of the unix family</span> 
        <span class="label label-default">oval:ssg-test_unix_family:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Family</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>unix</td></tr></tbody></table><h4><span class="label label-primary">Check os-release ID</span> 
        <span class="label label-default">oval:ssg-test_centos9_name:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-danger">false</span></td><td>/etc/os-release</td><td>ID="rhel"</td></tr></tbody></table><h4><span class="label label-primary">Check os-release VERSION_ID</span> 
        <span class="label label-default">oval:ssg-test_centos9_version:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="Check os-release VERSION_ID">oval:ssg-obj_version_centos9:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/os-release</td><td>^VERSION_ID="(\d)"$</td><td>1</td></tr></tbody></table><h4><span class="label label-primary">CentOS9 key package is installed</span> 
        <span class="label label-default">oval:ssg-test_redhat_package_gpgkey-8483c65d-5ccc5b19_installed:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-danger">false</span></td><td>gpg-pubkey</td><td>(none)</td><td>(none)</td><td>4ae0493b</td><td>fd431d51</td><td>0:fd431d51-4ae0493b</td><td>0</td><td>gpg-pubkey-0:fd431d51-4ae0493b.(none)</td></tr><tr><td><span class="label label-danger">false</span></td><td>gpg-pubkey</td><td>(none)</td><td>(none)</td><td>6229229e</td><td>5a6340b3</td><td>0:5a6340b3-6229229e</td><td>0</td><td>gpg-pubkey-0:5a6340b3-6229229e.(none)</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction" id="rule-detail-idm45637211498688"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Ctrl-Alt-Del Burst Actionxccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction highCCE-90308-8 </div><div class="panel-heading"><h3 class="panel-title">Disable Ctrl-Alt-Del Burst Action</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-disable_ctrlaltdel_burstaction:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-90308-8">CCE-90308-8</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>12, 13, 14, 15, 16, 18, 3, 5</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, DSS05.04, DSS05.07, DSS06.02</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.4.5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(B), 164.308(a)(7)(i), 164.308(a)(7)(ii)(A), 164.310(a)(1), 164.310(a)(2)(i), 164.310(a)(2)(ii), 164.310(a)(2)(iii), 164.310(b), 164.310(c), 164.310(d)(1), 164.310(d)(2)(iii)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.7.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 2.1, SR 5.2</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3, A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R5.1.1, CIP-003-8 R5.3, CIP-004-6 R2.3, CIP-007-3 R2.1, CIP-007-3 R2.2, CIP-007-3 R2.3, CIP-007-3 R5.1, CIP-007-3 R5.1.1, CIP-007-3 R5.1.2</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a), AC-6(1), CM-6(a)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-4, PR.DS-5</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FAU_GEN.1.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-211045</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257784r925339_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
key sequence is pressed Ctrl-Alt-Delete more than 7 times in 2 seconds.
<br>
        <br>
To configure the system to ignore the <code>CtrlAltDelBurstAction</code>

setting, add or modify the following to <code>/etc/systemd/system.conf</code>:
<pre>CtrlAltDelBurstAction=none</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">A locally logged-in user who presses Ctrl-Alt-Del, when at the console,
can reboot the system. If accidentally pressed, as could happen in
the case of mixed OS environment, this can create the risk of short-term
loss of availability of systems due to unintentional reboot.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                Disabling the <code>Ctrl-Alt-Del</code> key sequence
in <code>/etc/init/control-alt-delete.conf</code> DOES NOT disable the <code>Ctrl-Alt-Del</code>
key sequence if running in <code>runlevel 6</code> (e.g. in GNOME, KDE, etc.)! The
<code>Ctrl-Alt-Del</code> key sequence will only be disabled if running in
the non-graphical <code>runlevel 3</code>.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">check if CtrlAltDelBurstAction is set to none</span> 
        <span class="label label-default">oval:ssg-test_disable_ctrlaltdel_burstaction:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-danger">not evaluated</span></td><td>/etc/systemd/system.conf</td><td>CtrlAltDelBurstAction=none</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot" id="rule-detail-idm45637211494688"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable Ctrl-Alt-Del Reboot Activationxccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot highCCE-86667-3 </div><div class="panel-heading"><h3 class="panel-title">Disable Ctrl-Alt-Del Reboot Activation</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-disable_ctrlaltdel_reboot:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-86667-3">CCE-86667-3</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>12, 13, 14, 15, 16, 18, 3, 5</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, DSS05.04, DSS05.07, DSS06.02</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.4.5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(B), 164.308(a)(7)(i), 164.308(a)(7)(ii)(A), 164.310(a)(1), 164.310(a)(2)(i), 164.310(a)(2)(ii), 164.310(a)(2)(iii), 164.310(b), 164.310(c), 164.310(d)(1), 164.310(d)(2)(iii)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.7.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 2.1, SR 5.2</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3, A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R5.1.1, CIP-003-8 R5.3, CIP-004-6 R2.3, CIP-007-3 R2.1, CIP-007-3 R2.2, CIP-007-3 R2.3, CIP-007-3 R5.1, CIP-007-3 R5.1.1, CIP-007-3 R5.1.2</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a), AC-6(1)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-4, PR.DS-5</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FAU_GEN.1.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-211050</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257785r925342_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">By default, <code>SystemD</code> will reboot the system if the <code>Ctrl-Alt-Del</code>
key sequence is pressed.
<br>
        <br>
To configure the system to ignore the <code>Ctrl-Alt-Del</code> key sequence from the

command line instead of rebooting the system, do either of the following:
<pre>ln -sf /dev/null /etc/systemd/system/ctrl-alt-del.target</pre>
or
<pre>systemctl mask ctrl-alt-del.target</pre>
        <br>
        <br>
Do not simply delete the <code>/usr/lib/systemd/system/ctrl-alt-del.service</code> file,
as this file may be restored during future system updates.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">A locally logged-in user who presses Ctrl-Alt-Del, when at the console,
can reboot the system. If accidentally pressed, as could happen in
the case of mixed OS environment, this can create the risk of short-term
loss of availability of systems due to unintentional reboot.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Disable Ctrl-Alt-Del key sequence override exists</span> 
        <span class="label label-default">oval:ssg-test_disable_ctrlaltdel_exists:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Filepath</th><th>Canonical path</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/systemd/system/ctrl-alt-del.target</td><td>/dev/null</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_no_empty_passwords" id="rule-detail-idm45637211383168"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Prevent Login to Accounts With Empty Passwordxccdf_org.ssgproject.content_rule_no_empty_passwords highCCE-83611-4 </div><div class="panel-heading"><h3 class="panel-title">Prevent Login to Accounts With Empty Password</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_no_empty_passwords</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-no_empty_passwords:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83611-4">CCE-83611-4</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>1, 12, 13, 14, 15, 16, 18, 3, 5</td></tr><tr><td><a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">cjis</a></td><td>5.5.2</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, DSS05.04, DSS05.05, DSS05.07, DSS05.10, DSS06.02, DSS06.03, DSS06.10</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.1.1, 3.1.5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(B), 164.308(a)(7)(i), 164.308(a)(7)(ii)(A), 164.310(a)(1), 164.310(a)(2)(i), 164.310(a)(2)(ii), 164.310(a)(2)(iii), 164.310(b), 164.310(c), 164.310(d)(1), 164.310(d)(2)(iii)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.2.2, 4.3.3.5.1, 4.3.3.5.2, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 5.2</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3, A.18.1.4, A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.1, A.9.2.2, A.9.2.3, A.9.2.4, A.9.2.6, A.9.3.1, A.9.4.1, A.9.4.2, A.9.4.3, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>IA-5(1)(a), IA-5(c), CM-6(a)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-1, PR.AC-4, PR.AC-6, PR.AC-7, PR.DS-5</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FIA_UAU.1</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-8.2.3</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>5.4.1</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>8.3.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-611025</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258094r926269_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">If an account is configured for password authentication
but does not have an assigned password, it may be possible to log
into the account without authentication. Remove any instances of the
<code>nullok</code> in

<code>/etc/pam.d/system-auth</code> and
<code>/etc/pam.d/password-auth</code>

to prevent logins with empty passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">If an account has an empty password, anyone could log in and
run commands with the privileges of that account. Accounts with
empty passwords should never be used in operational environments.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                If the system relies on <code>authselect</code> tool to manage PAM settings, the remediation
will also use <code>authselect</code> tool. However, if any manual modification was made in
PAM files, the <code>authselect</code> integrity check will fail and the remediation will be
aborted in order to preserve intentional changes. In this case, an informative message will
be shown in the remediation report.
Note that this rule is not applicable for systems running within a
container. Having user with empty password within a container is not
considered a risk, because it should not be possible to directly login into
a container anyway.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">make sure nullok is not used in /etc/pam.d/system-auth</span> 
        <span class="label label-default">oval:ssg-test_no_empty_passwords:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_no_empty_passwords:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>^/etc/pam.d/(system|password)-auth$</td><td>^[^#]*\bnullok\b.*$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow" id="rule-detail-idm45637211379200"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure There Are No Accounts With Blank or Null Passwordsxccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow highCCE-85972-8 </div><div class="panel-heading"><h3 class="panel-title">Ensure There Are No Accounts With Blank or Null Passwords</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_no_empty_passwords_etc_shadow</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-no_empty_passwords_etc_shadow:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-85972-8">CCE-85972-8</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(b), CM-6.1(iv)</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html">ccn</a></td><td>A.6.SEC-RHEL4</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>5.6.6, 6.2.2</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>2.2.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-611155</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258120r926347_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">Check the "/etc/shadow" file for blank passwords with the
following command:
<pre>$ sudo awk -F: '!$2 {print $1}' /etc/shadow</pre>
If the command returns any results, this is a finding.
Configure all accounts on the system to have a password or lock
the account with the following commands:
Perform a password reset:
<pre>$ sudo passwd [username]</pre>
Lock an account:
<pre>$ sudo passwd -l [username]</pre>
        </div></td></tr><tr><td>Rationale</td><td><div class="rationale">If an account has an empty password, anyone could log in and
run commands with the privileges of that account. Accounts with
empty passwords should never be used in operational environments.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                Note that this rule is not applicable for systems running within a container. Having user with empty password within a container is not considered a risk, because it should not be possible to directly login into a container anyway.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">make sure there aren't blank or null passwords in /etc/shadow</span> 
        <span class="label label-default">oval:ssg-test_no_empty_passwords_etc_shadow:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_no_empty_passwords_etc_shadow:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/shadow</td><td>^[^:]+::.*$</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero" id="rule-detail-idm45637211361712"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Verify Only Root Has UID 0xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero highCCE-83624-7 </div><div class="panel-heading"><h3 class="panel-title">Verify Only Root Has UID 0</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-accounts_no_uid_except_zero:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83624-7">CCE-83624-7</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>1, 12, 13, 14, 15, 16, 18, 3, 5</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, DSS05.04, DSS05.05, DSS05.07, DSS05.10, DSS06.02, DSS06.03, DSS06.10</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.1.1, 3.1.5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.2.2, 4.3.3.5.1, 4.3.3.5.2, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 5.2</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3, A.18.1.4, A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.1, A.9.2.2, A.9.2.3, A.9.2.4, A.9.2.6, A.9.3.1, A.9.4.1, A.9.4.2, A.9.4.3, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R5.1.1, CIP-003-8 R5.3, CIP-004-6 R2.2.3, CIP-004-6 R2.3, CIP-007-3 R5.1, CIP-007-3 R5.1.2, CIP-007-3 R5.2, CIP-007-3 R5.3.1, CIP-007-3 R5.3.2, CIP-007-3 R5.3.3</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>IA-2, AC-6(5), IA-4(b)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-1, PR.AC-4, PR.AC-6, PR.AC-7, PR.DS-5</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-8.5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>6.2.9</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>8.2.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-411100</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258059r926164_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">If any account other than root has a UID of 0, this misconfiguration should
be investigated and the accounts other than root should be removed or have
their UID changed.
<br>
If the account is associated with system commands or applications the UID
should be changed to one greater than "0" but less than "1000."
Otherwise assign a UID greater than "1000" that has not already been
assigned.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">An account has root authority if it has a UID of 0. Multiple accounts
with a UID of 0 afford more opportunity for potential intruders to
guess a password for a privileged account. Proper configuration of
sudo is recommended to afford multiple system administrators
access to root privileges in an accountable manner.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">test that there are no accounts with UID 0 except root in the /etc/passwd file</span> 
        <span class="label label-default">oval:ssg-test_accounts_no_uid_except_root:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-object_accounts_no_uid_except_root:obj:1</abbr></strong> of type
                <strong>textfilecontent54_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Filepath</th><th>Pattern</th><th>Instance</th></tr></thead><tbody><tr><td>/etc/passwd</td><td>^(?!root:)[^:]*:[^:]*:0</td><td>1</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-notapplicable rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_admin_username" id="rule-detail-idm45637211195504"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set the Boot Loader Admin Username to a Non-Default Valuexccdf_org.ssgproject.content_rule_grub2_admin_username highCCE-87370-3 </div><div class="panel-heading"><h3 class="panel-title">Set the Boot Loader Admin Username to a Non-Default Value</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_admin_username</td></tr><tr><td>Result</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-87370-3">CCE-87370-3</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>1, 11, 12, 14, 15, 16, 18, 3, 5</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>DSS05.02, DSS05.04, DSS05.05, DSS05.07, DSS05.10, DSS06.03, DSS06.06, DSS06.10</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.4.5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000213</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(B), 164.308(a)(7)(i), 164.308(a)(7)(ii)(A), 164.310(a)(1), 164.310(a)(2)(i), 164.310(a)(2)(ii), 164.310(a)(2)(iii), 164.310(b), 164.310(c), 164.310(d)(1), 164.310(d)(2)(iii)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.2.2, 4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7, 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.1, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.11, SR 1.12, SR 1.13, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.18.1.4, A.6.1.2, A.7.1.1, A.9.1.2, A.9.2.1, A.9.2.2, A.9.2.3, A.9.2.4, A.9.2.6, A.9.3.1, A.9.4.1, A.9.4.2, A.9.4.3, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-1, PR.AC-4, PR.AC-6, PR.AC-7, PR.PT-3</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FIA_UAU.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000080-GPOS-00048</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-212020</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257789r943055_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The grub2 boot loader should have a superuser account and password
protection enabled to protect boot-time settings.
<br>
        <br>
To maximize the protection, select a password-protected superuser account with unique name, and modify the
<code>/etc/grub.d/01_users</code> configuration file to reflect the account name change.
<br>
        <br>
Do not to use common administrator account names like root,
admin, or administrator for the grub2 superuser account.
<br>
        <br>
Change the superuser to a different username (The default is 'root').
<pre>$ sed -i 's/\(set superusers=\).*/\1"&lt;unique user ID&gt;"/g' /etc/grub.d/01_users</pre>
        <br>
        <br>
Once the superuser account has been added,
update the
<code>grub.cfg</code> file by running:
<pre>grubby --update-kernel=ALL</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Having a non-default grub superuser username makes password-guessing attacks less effective.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                To prevent hard-coded admin usernames, automatic remediation of this control is not available. Remediation
must be automated as a component of machine provisioning, or followed manually as outlined above.

Also, do NOT manually add the superuser account and password to the
<code>grub.cfg</code> file as the grub2-mkconfig command overwrites this file.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-notapplicable rule-detail-id-xccdf_org.ssgproject.content_rule_grub2_password" id="rule-detail-idm45637211192816"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Set Boot Loader Password in grub2xccdf_org.ssgproject.content_rule_grub2_password highCCE-83849-0 </div><div class="panel-heading"><h3 class="panel-title">Set Boot Loader Password in grub2</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_grub2_password</td></tr><tr><td>Result</td><td class="rule-result rule-result-notapplicable"><div><abbr title="The Rule was not applicable to the target of the test. For example, the Rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.">notapplicable</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-83849-0">CCE-83849-0</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>1, 11, 12, 14, 15, 16, 18, 3, 5</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>DSS05.02, DSS05.04, DSS05.05, DSS05.07, DSS05.10, DSS06.03, DSS06.06, DSS06.10</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.4.5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000213</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(B), 164.308(a)(7)(i), 164.308(a)(7)(ii)(A), 164.310(a)(1), 164.310(a)(2)(i), 164.310(a)(2)(ii), 164.310(a)(2)(iii), 164.310(b), 164.310(c), 164.310(d)(1), 164.310(d)(2)(iii)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.2.2, 4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7, 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.1, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.11, SR 1.12, SR 1.13, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.18.1.4, A.6.1.2, A.7.1.1, A.9.1.2, A.9.2.1, A.9.2.2, A.9.2.3, A.9.2.4, A.9.2.6, A.9.3.1, A.9.4.1, A.9.4.2, A.9.4.3, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-6(a)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-1, PR.AC-4, PR.AC-6, PR.AC-7, PR.PT-3</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FIA_UAU.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000080-GPOS-00048</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R5</td></tr><tr><td><a href="https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html">ccn</a></td><td>A.8.SEC-RHEL7</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>1.4.1</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-212010</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257787r925348_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The grub2 boot loader should have a superuser account and password
protection enabled to protect boot-time settings.
<br>
        <br>
Since plaintext passwords are a security risk, generate a hash for the password
by running the following command:

<pre># grub2-setpassword</pre>

When prompted, enter the password that was selected.
<br>
        <br>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Password protection on the boot loader configuration ensures
users with physical access cannot trivially alter
important bootloader settings. These include which kernel to use,
and whether to enter single-user mode.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                To prevent hard-coded passwords, automatic remediation of this control is not available. Remediation
must be automated as a component of machine provisioning, or followed manually as outlined above.

Also, do NOT manually add the superuser account and password to the
<code>grub.cfg</code> file as the grub2-mkconfig command overwrites this file.</div></div></td></tr></tbody></table></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_selinux_state" id="rule-detail-idm45637210156384"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Ensure SELinux State is Enforcingxccdf_org.ssgproject.content_rule_selinux_state highCCE-84079-3 </div><div class="panel-heading"><h3 class="panel-title">Ensure SELinux State is Enforcing</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_selinux_state</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-selinux_state:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-84079-3">CCE-84079-3</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf">bsi</a></td><td>APP.4.4.A4</td></tr><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>1, 11, 12, 13, 14, 15, 16, 18, 3, 4, 5, 6, 8, 9</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, APO11.04, APO13.01, BAI03.05, DSS01.05, DSS03.01, DSS05.02, DSS05.04, DSS05.05, DSS05.07, DSS06.02, DSS06.03, DSS06.06, MEA02.01</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.1.2, 3.7.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-001084, CCI-002165, CCI-002696</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(1)(ii)(D), 164.308(a)(3), 164.308(a)(4), 164.310(b), 164.310(c), 164.312(a), 164.312(e)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.2.3.4, 4.3.3.2.2, 4.3.3.3.9, 4.3.3.4, 4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7, 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.1, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4, 4.3.4.4.7, 4.4.2.1, 4.4.2.2, 4.4.2.4, 4.4.3.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.11, SR 1.12, SR 1.13, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 2.10, SR 2.11, SR 2.12, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7, SR 2.8, SR 2.9, SR 3.1, SR 3.5, SR 3.8, SR 4.1, SR 4.3, SR 5.1, SR 5.2, SR 5.3, SR 7.1, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.12.1.1, A.12.1.2, A.12.4.1, A.12.4.2, A.12.4.3, A.12.4.4, A.12.7.1, A.13.1.1, A.13.1.2, A.13.1.3, A.13.2.1, A.13.2.2, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3, A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.1, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx">nerc-cip</a></td><td>CIP-003-8 R5.1.1, CIP-003-8 R5.2, CIP-003-8 R5.3, CIP-004-6 R2.2.3, CIP-004-6 R2.3, CIP-004-6 R3.3, CIP-007-3 R5.1, CIP-007-3 R5.1.2, CIP-007-3 R5.2, CIP-007-3 R5.3.1, CIP-007-3 R5.3.2, CIP-007-3 R5.3.3, CIP-007-3 R6.5</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>AC-3, AC-3(3)(a), AU-9, SC-7(21)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>DE.AE-1, ID.AM-3, PR.AC-4, PR.AC-5, PR.AC-6, PR.DS-5, PR.PT-1, PR.PT-3, PR.PT-4</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000445-GPOS-00199, SRG-OS-000134-GPOS-00068</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R37, R79</td></tr><tr><td><a href="https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html">ccn</a></td><td>A.6.SEC-RHEL1</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>1.6.1.5</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>1.2.6</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-431010</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-258078r926221_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The SELinux state should be set to <code><abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_state">enforcing</abbr></code> at
system boot time.  In the file <code>/etc/selinux/config</code>, add or correct the
following line to configure the system to boot into enforcing mode:
<pre>SELINUX=<abbr title="from TestResult: xccdf_org.ssgproject.content_value_var_selinux_state">enforcing</abbr>
       </pre>
      </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Setting the SELinux state to enforcing ensures SELinux is able to confine
potentially compromised processes to the security policy, which is designed to
prevent them from causing damage to the system or further elevating their
privileges.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">/selinux/enforce is 1</span> 
        <span class="label label-default">oval:ssg-test_etc_selinux_config:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/selinux/config</td><td>SELINUX=enforcing</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_vsftpd_removed" id="rule-detail-idm45637209385184"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Uninstall vsftpd Packagexccdf_org.ssgproject.content_rule_package_vsftpd_removed highCCE-84159-3 </div><div class="panel-heading"><h3 class="panel-title">Uninstall vsftpd Package</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_vsftpd_removed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-package_vsftpd_removed:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-84159-3">CCE-84159-3</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 14, 3, 9</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>BAI10.01, BAI10.02, BAI10.03, BAI10.05, DSS05.02, DSS05.05, DSS06.06</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000197, CCI-000366, CCI-000381</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7, 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.1, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4, 4.3.4.3.2, 4.3.4.3.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.11, SR 1.12, SR 1.13, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.12.1.2, A.12.5.1, A.12.6.2, A.14.2.2, A.14.2.3, A.14.2.4, A.9.1.2</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-7(a), CM-7(b), CM-6(a), IA-5(1)(c), IA-5(1).1(v), CM-7, CM-7.1(ii)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.IP-1, PR.PT-3</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000074-GPOS-00042, SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html">ccn</a></td><td>A.8.SEC-RHEL4</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>2.2.6</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-215015</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257826r925465_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The <code>vsftpd</code> package can be removed with the following command: <pre> $ sudo dnf erase vsftpd</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Removing the <code>vsftpd</code> package decreases the risk of its
accidental activation.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package vsftpd is removed</span> 
        <span class="label label-default">oval:ssg-test_package_vsftpd_removed:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_test_package_vsftpd_removed:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>vsftpd</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_ypserv_removed" id="rule-detail-idm45637209229264"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Uninstall ypserv Packagexccdf_org.ssgproject.content_rule_package_ypserv_removed highCCE-84152-8 </div><div class="panel-heading"><h3 class="panel-title">Uninstall ypserv Package</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_ypserv_removed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-package_ypserv_removed:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-84152-8">CCE-84152-8</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 12, 14, 15, 3, 8, 9</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO13.01, BAI10.01, BAI10.02, BAI10.03, BAI10.05, DSS01.04, DSS05.02, DSS05.03, DSS05.05, DSS06.06</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000381</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(4)(i), 164.308(b)(1), 164.308(b)(3), 164.310(b), 164.312(e)(1), 164.312(e)(2)(ii)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7, 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.1, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4, 4.3.4.3.2, 4.3.4.3.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.11, SR 1.12, SR 1.13, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7, SR 3.1, SR 3.5, SR 3.8, SR 4.1, SR 4.3, SR 5.1, SR 5.2, SR 5.3, SR 7.1, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.11.2.6, A.12.1.2, A.12.5.1, A.12.6.2, A.13.1.1, A.13.2.1, A.14.1.3, A.14.2.2, A.14.2.3, A.14.2.4, A.6.2.1, A.6.2.2, A.9.1.2</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-7(a), CM-7(b), CM-6(a), IA-5(1)(c)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-3, PR.IP-1, PR.PT-3, PR.PT-4</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-2.2.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000095-GPOS-00049</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R62</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>2.2.4</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-215030</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257829r925474_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The <code>ypserv</code> package can be removed with the following command:
<pre>
$ sudo dnf erase ypserv</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">The NIS service provides an unencrypted authentication service which does
not provide for the confidentiality and integrity of user passwords or the
remote session.

Removing the <code>ypserv</code> package decreases the risk of the accidental
(or intentional) activation of NIS or NIS+ services.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                The package is not available in Red Hat Enterprise Linux 9.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package ypserv is removed</span> 
        <span class="label label-default">oval:ssg-test_package_ypserv_removed:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_test_package_ypserv_removed:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>ypserv</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_rsh-server_removed" id="rule-detail-idm45637209222576"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Uninstall rsh-server Packagexccdf_org.ssgproject.content_rule_package_rsh-server_removed highCCE-84143-7 </div><div class="panel-heading"><h3 class="panel-title">Uninstall rsh-server Package</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_rsh-server_removed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-package_rsh-server_removed:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:44+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-84143-7">CCE-84143-7</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 12, 14, 15, 3, 8, 9</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO13.01, BAI10.01, BAI10.02, BAI10.03, BAI10.05, DSS01.04, DSS05.02, DSS05.03, DSS05.05, DSS06.06</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000381</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(4)(i), 164.308(b)(1), 164.308(b)(3), 164.310(b), 164.312(e)(1), 164.312(e)(2)(ii)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7, 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.1, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4, 4.3.4.3.2, 4.3.4.3.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.11, SR 1.12, SR 1.13, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7, SR 3.1, SR 3.5, SR 3.8, SR 4.1, SR 4.3, SR 5.1, SR 5.2, SR 5.3, SR 7.1, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.11.2.6, A.12.1.2, A.12.5.1, A.12.6.2, A.13.1.1, A.13.2.1, A.14.1.3, A.14.2.2, A.14.2.3, A.14.2.4, A.6.2.1, A.6.2.2, A.9.1.2</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-7(a), CM-7(b), CM-6(a), IA-5(1)(c)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-3, PR.IP-1, PR.PT-3, PR.PT-4</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000095-GPOS-00049</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R62</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>2.2.4</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-215035</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257830r925477_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The <code>rsh-server</code> package can be removed with the following command:
<pre>
$ sudo dnf erase rsh-server</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">The <code>rsh-server</code> service provides unencrypted remote access service which does not
provide for the confidentiality and integrity of user passwords or the remote session and has very weak
authentication. If a privileged user were to login using this service, the privileged user password
could be compromised. The <code>rsh-server</code> package provides several obsolete and insecure
network services. Removing it decreases the risk of those services' accidental (or intentional)
activation.</div></td></tr><tr><td>Warnings</td><td><div class="panel panel-warning"><div class="panel-heading"><span class="label label-warning">warning</span> 
                                The package is not available in Red Hat Enterprise Linux 9.</div></div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package rsh-server is removed</span> 
        <span class="label label-default">oval:ssg-test_package_rsh-server_removed:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_test_package_rsh-server_removed:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>rsh-server</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_no_host_based_files" id="rule-detail-idm45637209213184"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Remove Host-Based Authentication Filesxccdf_org.ssgproject.content_rule_no_host_based_files highCCE-90208-0 </div><div class="panel-heading"><h3 class="panel-title">Remove Host-Based Authentication Files</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_no_host_based_files</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-no_host_based_files:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:45+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-90208-0">CCE-90208-0</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-252070</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257955r925852_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The <code>shosts.equiv</code> file lists remote hosts and users that are trusted by the local
system. To remove these files, run the following command to delete them from any location:
<pre>$ sudo rm /[path]/[to]/[file]/shosts.equiv</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">The shosts.equiv files are used to configure host-based authentication for the system via SSH.
Host-based authentication is not sufficient for preventing unauthorized access to the system,
as it does not require interactive identification and authentication of a connection request,
or for the use of two-factor authentication.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">look for shosts.equiv in /</span> 
        <span class="label label-default">oval:ssg-test_no_shosts_equiv:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="look for any shosts.equiv file on the system">oval:ssg-object_no_shosts_equiv_files_root:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Behaviors</th><th>Path</th><th>Filename</th></tr></thead><tbody><tr><td>no value</td><td>/</td><td>shosts.equiv</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_no_user_host_based_files" id="rule-detail-idm45637209206528"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Remove User Host-Based Authentication Filesxccdf_org.ssgproject.content_rule_no_user_host_based_files highCCE-86532-9 </div><div class="panel-heading"><h3 class="panel-title">Remove User Host-Based Authentication Files</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_no_user_host_based_files</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-no_user_host_based_files:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:46+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-86532-9">CCE-86532-9</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-252075</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257956r925855_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The <code>~/.shosts</code> (in each user's home directory) files
list remote hosts and users that are trusted by the
local system. To remove these files, run the following command
to delete them from any location:
<pre>$ sudo find / -name '.shosts' -type f -delete</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">The .shosts files are used to configure host-based authentication for
individual users or the system via SSH. Host-based authentication is not
sufficient for preventing unauthorized access to the system, as it does not
require interactive identification and authentication of a connection request,
or for the use of two-factor authentication.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">look for .shosts in /</span> 
        <span class="label label-default">oval:ssg-test_no_shosts:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr title="look for any .shosts file on the system">oval:ssg-object_no_shosts_files_root:obj:1</abbr></strong> of type
                <strong>file_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Behaviors</th><th>Path</th><th>Filename</th></tr></thead><tbody><tr><td>no value</td><td>/</td><td>.shosts</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_telnet-server_removed" id="rule-detail-idm45637209197152"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Uninstall telnet-server Packagexccdf_org.ssgproject.content_rule_package_telnet-server_removed highCCE-84149-4 </div><div class="panel-heading"><h3 class="panel-title">Uninstall telnet-server Package</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_telnet-server_removed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-package_telnet-server_removed:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:46+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-84149-4">CCE-84149-4</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 12, 14, 15, 3, 8, 9</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO13.01, BAI10.01, BAI10.02, BAI10.03, BAI10.05, DSS01.04, DSS05.02, DSS05.03, DSS05.05, DSS06.06</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000381</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(4)(i), 164.308(b)(1), 164.308(b)(3), 164.310(b), 164.312(e)(1), 164.312(e)(2)(ii)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7, 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.1, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4, 4.3.4.3.2, 4.3.4.3.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.11, SR 1.12, SR 1.13, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7, SR 3.1, SR 3.5, SR 3.8, SR 4.1, SR 4.3, SR 5.1, SR 5.2, SR 5.3, SR 7.1, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.11.2.6, A.12.1.2, A.12.5.1, A.12.6.2, A.13.1.1, A.13.2.1, A.14.1.3, A.14.2.2, A.14.2.3, A.14.2.4, A.6.2.1, A.6.2.2, A.9.1.2</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-7(a), CM-7(b), CM-6(a)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-3, PR.IP-1, PR.PT-3, PR.PT-4</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-2.2.2</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000095-GPOS-00049</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R62</td></tr><tr><td><a href="https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html">ccn</a></td><td>A.8.SEC-RHEL4</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>2.2.13</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>2.2.4</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-215040</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257831r925480_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The <code>telnet-server</code> package can be removed with the following command:
<pre>
$ sudo dnf erase telnet-server</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">It is detrimental for operating systems to provide, or install by default,
functionality exceeding requirements or mission objectives. These
unnecessary capabilities are often overlooked and therefore may remain
unsecure. They increase the risk to the platform by providing additional
attack vectors.
<br>
The telnet service provides an unencrypted remote access service which does
not provide for the confidentiality and integrity of user passwords or the
remote session. If a privileged user were to login using this service, the
privileged user password could be compromised.
<br>
Removing the <code>telnet-server</code> package decreases the risk of the
telnet service's accidental (or intentional) activation.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package telnet-server is removed</span> 
        <span class="label label-default">oval:ssg-test_package_telnet-server_removed:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_test_package_telnet-server_removed:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>telnet-server</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_package_tftp-server_removed" id="rule-detail-idm45637209187744"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Uninstall tftp-server Packagexccdf_org.ssgproject.content_rule_package_tftp-server_removed highCCE-84154-4 </div><div class="panel-heading"><h3 class="panel-title">Uninstall tftp-server Package</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_package_tftp-server_removed</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-package_tftp-server_removed:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:46+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-84154-4">CCE-84154-4</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 12, 14, 15, 3, 8, 9</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO13.01, BAI10.01, BAI10.02, BAI10.03, BAI10.05, DSS01.04, DSS05.02, DSS05.03, DSS05.05, DSS06.06</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000318, CCI-000366, CCI-000368, CCI-001812, CCI-001813, CCI-001814</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7, 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.1, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4, 4.3.4.3.2, 4.3.4.3.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.11, SR 1.12, SR 1.13, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7, SR 3.1, SR 3.5, SR 3.8, SR 4.1, SR 4.3, SR 5.1, SR 5.2, SR 5.3, SR 7.1, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.11.2.6, A.12.1.2, A.12.5.1, A.12.6.2, A.13.1.1, A.13.2.1, A.14.1.3, A.14.2.2, A.14.2.3, A.14.2.4, A.6.2.1, A.6.2.2, A.9.1.2</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>CM-7(a), CM-7(b), CM-6(a)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-3, PR.IP-1, PR.PT-3, PR.PT-4</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf">anssi</a></td><td>R62</td></tr><tr><td><a href="https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html">ccn</a></td><td>A.8.SEC-RHEL4</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>2.2.7</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>2.2.4</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-215060</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257835r952171_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">The <code>tftp-server</code> package can be removed with the following command: <pre> $ sudo dnf erase tftp-server</pre>
       </div></td></tr><tr><td>Rationale</td><td><div class="rationale">Removing the <code>tftp-server</code> package decreases the risk of the accidental
(or intentional) activation of tftp services.
<br>
        <br>
If TFTP is required for operational support (such as transmission of router
configurations), its use must be documented with the Information Systems
Securty Manager (ISSM), restricted to only authorized personnel, and have
access control rules established.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">package tftp-server is removed</span> 
        <span class="label label-default">oval:ssg-test_package_tftp-server_removed:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>No items have been found conforming to the following objects:</h5><h5>Object <strong><abbr>oval:ssg-obj_test_package_tftp-server_removed:obj:1</abbr></strong> of type
                <strong>rpminfo_object</strong></h5><table class="table table-striped table-bordered"><thead><tr><th>Name</th></tr></thead><tbody><tr><td>tftp-server</td></tr></tbody></table></div></div></div></div></div><div class="panel panel-default rule-detail rule-detail-pass rule-detail-id-xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" id="rule-detail-idm45637209074880"><div class="keywords sr-only"><!--This allows OpenSCAP JS to search the report rules-->Disable SSH Access via Empty Passwordsxccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords highCCE-90799-8 </div><div class="panel-heading"><h3 class="panel-title">Disable SSH Access via Empty Passwords</h3></div><div class="panel-body"><table class="table table-striped table-bordered"><tbody><tr><td class="col-md-3">Rule ID</td><td class="rule-id col-md-9">xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords</td></tr><tr><td>Result</td><td class="rule-result rule-result-pass"><div><abbr title="The target system or system component satisfied all the conditions of the rule.">pass</abbr></div></td></tr><tr><td>Multi-check rule</td><td>no</td></tr><tr><td>OVAL Definition ID</td><td>oval:ssg-sshd_disable_empty_passwords:def:1</td></tr><tr><td>Time</td><td>2024-07-25T20:42:46+00:00</td></tr><tr><td>Severity</td><td>high</td></tr><tr><td><span class="label label-info" title="A globally meaningful identifiers for this rule. MAY be the name or identifier of a security configuration issue or vulnerability that the rule remediates. By setting an identifier on a rule, the benchmark author effectively declares that the rule instantiates, implements, or remediates the issue for which the name was assigned.">Identifiers:</span></td><td class="identifiers"><p><abbr title="https://ncp.nist.gov/cce: CCE-90799-8">CCE-90799-8</abbr></p></td></tr><tr><td><span class="label label-default" title="Provide a reference to a document or resource where the user can learn more about the subject of the Rule or Group.">References:</span></td><td class="identifiers"><table class="table table-striped table-bordered"><tr><td><a href="https://www.cisecurity.org/controls/">cis-csc</a></td><td>11, 12, 13, 14, 15, 16, 18, 3, 5, 9</td></tr><tr><td><a href="https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf">cjis</a></td><td>5.5.6</td></tr><tr><td><a href="https://www.isaca.org/resources/cobit">cobit5</a></td><td>APO01.06, BAI10.01, BAI10.02, BAI10.03, BAI10.05, DSS05.02, DSS05.04, DSS05.05, DSS05.07, DSS06.02, DSS06.03, DSS06.06</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf">cui</a></td><td>3.1.1, 3.1.5</td></tr><tr><td><a href="https://public.cyber.mil/stigs/cci/">disa</a></td><td>CCI-000366, CCI-000766</td></tr><tr><td><a href="https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf">hipaa</a></td><td>164.308(a)(4)(i), 164.308(b)(1), 164.308(b)(3), 164.310(b), 164.312(e)(1), 164.312(e)(2)(ii)</td></tr><tr><td><a href="https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat">isa-62443-2009</a></td><td>4.3.3.2.2, 4.3.3.5.1, 4.3.3.5.2, 4.3.3.5.3, 4.3.3.5.4, 4.3.3.5.5, 4.3.3.5.6, 4.3.3.5.7, 4.3.3.5.8, 4.3.3.6.1, 4.3.3.6.2, 4.3.3.6.3, 4.3.3.6.4, 4.3.3.6.5, 4.3.3.6.6, 4.3.3.6.7, 4.3.3.6.8, 4.3.3.6.9, 4.3.3.7.1, 4.3.3.7.2, 4.3.3.7.3, 4.3.3.7.4, 4.3.4.3.2, 4.3.4.3.3</td></tr><tr><td><a href="https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu">isa-62443-2013</a></td><td>SR 1.1, SR 1.10, SR 1.11, SR 1.12, SR 1.13, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.6, SR 1.7, SR 1.8, SR 1.9, SR 2.1, SR 2.2, SR 2.3, SR 2.4, SR 2.5, SR 2.6, SR 2.7, SR 5.2, SR 7.6</td></tr><tr><td><a href="https://www.iso.org/contents/data/standard/05/45/54534.html">iso27001-2013</a></td><td>A.10.1.1, A.11.1.4, A.11.1.5, A.11.2.1, A.12.1.2, A.12.5.1, A.12.6.2, A.13.1.1, A.13.1.3, A.13.2.1, A.13.2.3, A.13.2.4, A.14.1.2, A.14.1.3, A.14.2.2, A.14.2.3, A.14.2.4, A.6.1.2, A.7.1.1, A.7.1.2, A.7.3.1, A.8.2.2, A.8.2.3, A.9.1.1, A.9.1.2, A.9.2.1, A.9.2.3, A.9.4.1, A.9.4.4, A.9.4.5</td></tr><tr><td><a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">nist</a></td><td>AC-17(a), CM-7(a), CM-7(b), CM-6(a)</td></tr><tr><td><a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">nist-csf</a></td><td>PR.AC-4, PR.AC-6, PR.DS-5, PR.IP-1, PR.PT-3</td></tr><tr><td><a href="https://www.niap-ccevs.org/Profile/PP.cfm">ospp</a></td><td>FIA_UAU.1</td></tr><tr><td><a href="https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf">pcidss</a></td><td>Req-2.2.4</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">os-srg</a></td><td>SRG-OS-000106-GPOS-00053, SRG-OS-000480-GPOS-00229, SRG-OS-000480-GPOS-00227</td></tr><tr><td><a href="https://www.cisecurity.org/benchmark/red_hat_linux/">cis</a></td><td>5.2.9</td></tr><tr><td><a href="https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf">pcidss4</a></td><td>2.2.6</td></tr><tr><td><a href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux">stigid</a></td><td>RHEL-09-255040</td></tr><tr><td><a href="https://public.cyber.mil/stigs/srg-stig-tools/">stigref</a></td><td>SV-257984r952179_rule</td></tr></table></td></tr><tr><td>Description</td><td><div class="description">Disallow SSH login with empty passwords.
The default SSH configuration disables logins with empty passwords. The appropriate
configuration is used if no value is set for <code>PermitEmptyPasswords</code>.
<br>
To explicitly disallow SSH login from accounts with empty passwords,
add or correct the following line in


<code>/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf</code>:

<br>
        <pre>PermitEmptyPasswords no</pre>
Any accounts with empty passwords should be disabled immediately, and PAM configuration
should prevent users from being able to assign themselves empty passwords.</div></td></tr><tr><td>Rationale</td><td><div class="rationale">Configuring this setting for the SSH daemon provides additional assurance
that remote login via SSH will require a password, even in the event of
misconfiguration elsewhere.</div></td></tr></tbody></table><div class="check-system-details"><span class="label label-default"><abbr title="OVAL details taken from arf:report with id='oval0'">OVAL test results details</abbr></span><div class="panel panel-default"><div class="panel-body"><h4><span class="label label-primary">Verify if Profile set Value sshd_required as not required</span> 
        <span class="label label-default">oval:ssg-test_sshd_not_required:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-danger">false</span></td><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span> 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is removed</span> 
        <span class="label label-default">oval:ssg-test_package_openssh-server_removed:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-danger">not evaluated</span></td><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>38.el9_4.4</td><td>8.7p1</td><td>0:8.7p1-38.el9_4.4</td><td>199e2f91fd431d51</td><td>openssh-server-0:8.7p1-38.el9_4.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">Verify if Profile set Value sshd_required as required</span> 
        <span class="label label-default">oval:ssg-test_sshd_required:tst:1</span> 
        <span class="label label-danger">false</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-danger">false</span></td><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">Verify if Value of sshd_required is the default</span> 
        <span class="label label-default">oval:ssg-test_sshd_requirement_unset:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Var ref</th><th>Value</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>oval:ssg-sshd_required:var:1</td><td>0</td></tr></tbody></table><h4><span class="label label-primary">package openssh-server is installed</span> 
        <span class="label label-default">oval:ssg-test_package_openssh-server_installed:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Name</th><th>Arch</th><th>Epoch</th><th>Release</th><th>Version</th><th>Evr</th><th>Signature keyid</th><th>Extended name</th></tr></thead><tbody><tr><td><span class="label label-danger">not evaluated</span></td><td>openssh-server</td><td>x86_64</td><td>(none)</td><td>38.el9_4.4</td><td>8.7p1</td><td>0:8.7p1-38.el9_4.4</td><td>199e2f91fd431d51</td><td>openssh-server-0:8.7p1-38.el9_4.4.x86_64</td></tr></tbody></table><h4><span class="label label-primary">tests the value of PermitEmptyPasswords setting in the /etc/ssh/sshd_config file</span> 
        <span class="label label-default">oval:ssg-test_sshd_disable_empty_passwords:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/ssh/sshd_config</td><td>PermitEmptyPasswords no</td></tr></tbody></table><h4><span class="label label-primary">tests the value of PermitEmptyPasswords setting in the /etc/ssh/sshd_config.d file</span> 
        <span class="label label-default">oval:ssg-test_sshd_disable_empty_passwords_config_dir:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-success">true</span></td><td>/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf</td><td>PermitEmptyPasswords no</td></tr><tr><td><span class="label label-success">true</span></td><td>/etc/ssh/sshd_config.d/50-redhat.conf</td><td>PermitEmptyPasswords no</td></tr></tbody></table><h4><span class="label label-primary">Verify that the value of PermitEmptyPasswords is present</span> 
        <span class="label label-default">oval:ssg-test_PermitEmptyPasswords_present_sshd_disable_empty_passwords:tst:1</span> 
        <span class="label label-success">true</span></h4><h5>Following items have been found on the system:</h5><table class="table table-striped table-bordered"><thead><tr><th>Result of item-state comparison</th><th>Path</th><th>Content</th></tr></thead><tbody><tr><td><span class="label label-danger">not evaluated</span></td><td>/etc/ssh/sshd_config</td><td>PermitEmptyPasswords no</td></tr><tr><td><span class="label label-danger">not evaluated</span></td><td>/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf</td><td>PermitEmptyPasswords no</td></tr><tr><td><span class="label label-danger">not evaluated</span></td><td>/etc/ssh/sshd_config.d/50-redhat.conf</td><td>PermitEmptyPasswords no</td></tr></tbody></table></div></div></div></div></div><a href="#result-details" class="btn btn-info noprint">Scroll back to the first rule</a></div><div id="rear-matter"><div class="row top-spacer-10"><div class="col-md-12 well well-lg"><div class="rear-matter">Red Hat and Red Hat Enterprise Linux are either registered
trademarks or trademarks of Red Hat, Inc. in the United States and other
countries. All other names are registered trademarks or trademarks of their
respective companies.</div></div></div></div></div></div><footer id="footer"><div class="container"><p class="muted credit">
                Generated using <a href="http://open-scap.org">OpenSCAP</a> 1.3.10</p></div></footer></body></html>