Rename of categories, introduction of groups

2016-07-24 17:22:00 +02:00 · 2016-07-24 17:22:00 +02:00 · 2f4c854ba7
parent 0b5af4ed38
commit 2f4c854ba7
46 changed files with 451 additions and 401 deletions
--- a/extras/bash_completion.d/lynis
+++ b/extras/bash_completion.d/lynis
@ -16,7 +16,7 @@ _lynis()
        # first parameter on line
        case $cur in
            -*)
-                COMPREPLY=( $( compgen -W '--check-all --help --info --version' -- "$cur" ) )
+                COMPREPLY=( $( compgen -W '--help --info --version' -- "$cur" ) )
                ;;
            *)
                COMPREPLY=( $( compgen -W 'audit --help --info --version' -- "$cur" ) )
@ -58,14 +58,18 @@ _lynis()
            COMPREPLY=( '"TEST-0001 TEST-0002 TEST-0003"' )
            return 0
            ;;
-        --tests-category)
+        --tests-from-category)
            COMPREPLY=( '"performance privacy security"' )
            return 0
            ;;
        --tests-from-groups)
            COMPREPLY=( '"accounting authentication"' )
            return 0
            ;;
        *)
            COMPREPLY=( $( compgen -W ' \
                --auditor --cronjob --debug --quick --quiet --logfile --no-colors --no-log --pentest --reverse-colors \
-                --tests --tests-category --upload --verbose --view-categories' -- "$cur" ) )
+                --tests --tests-category --upload --verbose' -- "$cur" ) )
            ;;
    esac
--- a/include/consts
+++ b/include/consts
@ -178,7 +178,9 @@ unset LANG
    TEMP_FILE=""
    TEMP_FILES=""
    TEST_SKIP_ALWAYS=""
-    TESTS_CATEGORY_TO_PERFORM=""
+    TEST_AVAILABLE_CATEGORIES="performance privacy security"
    TEST_CATEGORY_TO_CHECK="all"
    TEST_GROUP_TO_CHECK="all"
    TESTS_EXECUTED=""
    TESTS_SKIPPED=""
    TMPFILE=""
--- a/include/functions
+++ b/include/functions
@ -83,7 +83,8 @@
 #    ShowSymlinkPath            Show a path behind a symlink
 #    SkipAtomicTest             Test if a subtest needs to be skipped
 #    TestValue                  Evaluate a value in a string or key
-#    ViewCategories             Display tests categories
+#    ViewCategories             Show available category of tests
 #    ViewGroups                 Display test groups
 #    WaitForKeyPress            Wait for user to press a key to continue
 #
 #################################################################################
@ -1743,10 +1744,14 @@
        # Do not insert a log break, if previous test was not logged
        if [ ${SKIPLOGTEST} -eq 0 ]; then LogTextBreak; fi
        ROOT_ONLY=0; SKIPTEST=0; SKIPLOGTEST=0; TEST_NEED_OS=""; PREQS_MET=""
-        TEST_NEED_NETWORK=""; TEST_NEED_PLATFORM=""
+        TEST_CATEGORY=""; TEST_NEED_NETWORK=""; TEST_NEED_PLATFORM=""
        TOTAL_TESTS=$((TOTAL_TESTS + 1))
        while [ $# -ge 1 ]; do
            case $1 in
                --category)
                    shift
                    TEST_CATEGORY=$1
                ;;
                --description)
                    shift
                    TEST_DESCRIPTION=$1
@ -1837,6 +1842,11 @@
            fi
        fi
        # Skip test when it belongs to another category (default is 'all')
        if [ ${SKIPTEST} -eq 0 -a ! -z "${TEST_CATEGORY_TO_CHECK}" -a ! "${TEST_CATEGORY_TO_CHECK}" = "all" -a ! "${TEST_CATEGORY}" = "${TEST_CATEGORY_TO_CHECK}" ]; then
            SKIPTEST=1; SKIPREASON="Incorrect category (${TEST_CATEGORY_TO_CHECK} only)"
        fi
        # Check for correct hardware platform
        if [ ${SKIPTEST} -eq 0 -a ! -z "${TEST_NEED_PLATFORM}" -a ! "${HARDWARE}" = "${TEST_NEED_PLATFORM}" ]; then SKIPTEST=1; SKIPREASON="Incorrect hardware platform"; fi
@ -2529,8 +2539,24 @@
    ################################################################################
    ViewCategories() {
        for CATEGORY in ${TEST_AVAILABLE_CATEGORIES}; do echo "${CATEGORY}"; done
        echo ""
        ExitClean
    }
    ################################################################################
    # Name        : ViewGroups()
    # Description : Show what group of tests are available
    #
    # Input       : <nothing>
    # Returns     : <nothing>
    # Usage       : ViewGroups
    ################################################################################
    ViewGroups() {
        if [ ! "${INCLUDEDIR}" = "" ]; then
-            InsertSection "Available test categories"
+            InsertSection "Available test groups"
            for I in `ls ${INCLUDEDIR}/tests_* | xargs -n 1 basename | sed 's/tests_//' | grep -v "custom.template"`; do
              echo "${I}"
            done
--- a/include/helper_show
+++ b/include/helper_show
@ -30,13 +30,14 @@
 COMMANDS="audit show update"
 HELPERS="audit configure show update"
-OPTIONS="--auditor\n--check-all (-c)\n--config\n--cronjob (--cron)\n--debug\n--developer\n--help (-h)\n--info\n--license-key --log-file\n--manpage (--man)\n--no-colors --no-log\n--pentest\n--profile\n--plugins-dir\n--quiet (-q)\n--quick (-Q)\n--report-file\n--reverse-colors\n--tests\n--tests-category\n--upload\n--verbose\n--version (-V)\n--view-categories"
+OPTIONS="--auditor\n--check-all (-c)\n--config\n--cronjob (--cron)\n--debug\n--developer\n--help (-h)\n--info\n--license-key --log-file\n--manpage (--man)\n--no-colors --no-log\n--pentest\n--profile\n--plugins-dir\n--quiet (-q)\n--quick (-Q)\n--report-file\n--reverse-colors\n--tests\n--tests-category\n--upload\n--verbose\n--version (-V)"
-SHOW_ARGS="categories changelog commands dbdir help hostids includedir language license logfile man options pidfile plugindir profiles release releasedate report settings tests version workdir"
+SHOW_ARGS="categories changelog commands dbdir groups help hostids includedir language license logfile man options pidfile plugindir profiles release releasedate report settings tests version workdir"
 SHOW_HELP="lynis show ${BROWN}categories${NORMAL}              (display test categories)
 lynis show ${BROWN}changelog${NORMAL} ${GRAY}[version]${NORMAL}     (release details)
 lynis show ${BROWN}commands${NORMAL}                (all available commands)
 lynis show ${BROWN}dbdir${NORMAL}                   (database directory)
 lynis show ${BROWN}groups${NORMAL}                  (test groups)
 lynis show ${BROWN}help${NORMAL}                    (detailed information about arguments)
 lynis show ${BROWN}hostids${NORMAL}                 (unique IDs for this system)
 lynis show ${BROWN}includedir${NORMAL}              (include directory for tests and functions)
@ -204,6 +205,9 @@ if [ $# -gt 0 ]; then
        "dbdir")
            ${ECHOCMD} "${DBDIR}"
            ;;
        "groups")
            ViewGroups
            ;;
        "help" | "--help" | "-h")
            if [ $# -eq 1 ]; then
                ${ECHOCMD} "${PROGRAM_NAME} ${PROGRAM_VERSION} - Help"
--- a/include/parameters
+++ b/include/parameters
@ -155,12 +155,12 @@
            # Perform tests (deprecated, use audit system)
            --check-all | --checkall | -c)
-                # echo "Usage of option -c is deprecated. Please use: lynis audit system [options]"
+                DisplayToolTip "Usage of option -c is deprecated. Please use: lynis audit system [options]"
                CHECK=1
            ;;
            # Cronjob support
-            --cronjob | --cron)
+            --cron-job | --cronjob | --cron)
                CRONJOB=1
                CHECK=1; QUICKMODE=1; COLORS=0; NEVERBREAK=1 # Use some defaults (-c, -Q, no colors)
                RemoveColors
@ -189,9 +189,9 @@
                         --pentest --profile --plugins-dir
                         --quiet_(-q) --quick_(-Q)
                         --report-file --reverse-colors
-                         --tests --tests-category
+                         --tests
                         --upload
-                         --version_(-V) --view-categories"
+                         --version_(-V)"
                for I in ${OPTIONS}; do
                    echo "${I}" | tr '_' ' '
                done
@ -298,10 +298,16 @@
                TESTS_TO_PERFORM=$1
            ;;
-            # Scan one or more categories only
+            # Scan one or more tests from just one category (e.g. security)
-            --tests-category)
+            --tests-from-category)
                shift
-                TESTS_CATEGORY_TO_PERFORM=$1
+                TEST_CATEGORY_TO_CHECK=$1
            ;;
            # Scan one or more tests from just on group
            --tests-from-group)
                shift
                TEST_GROUP_TO_CHECK=$1
            ;;
            # Lynis Enterprise: upload data to central node
@ -319,11 +325,6 @@
                exit 0
            ;;
            --view-categories | --list-categories | --show-categories)
                ViewCategories
                exit 0
            ;;
            # View man page
            --view-manpage | --man-page | --manpage | --man)
                if [ -f lynis.8 ]; then
@ -343,6 +344,11 @@
                QUIET=1
            ;;
            --tests-category | --tests-categories | --view-categories | --list-categories | --show-categories)
                ShowError "Deprecated option"
                ExitFatal
            ;;
            # Drop out when using wrong option(s)
            *)
                # Wrong option used, we bail out later
--- a/include/tests_accounting
+++ b/include/tests_accounting
@ -32,7 +32,7 @@
 #
    # Test        : ACCT-2754
    # Description : Check availability FreeBSD accounting data
-    Register --test-no ACCT-2754 --os FreeBSD --weight L --network NO --description "Check for available FreeBSD accounting information"
+    Register --test-no ACCT-2754 --os FreeBSD --weight L --network NO --category security --description "Check for available FreeBSD accounting information"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /var/account/acct ]; then
            Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN
@ -51,7 +51,7 @@
 #
    # Test        : ACCT-2760
    # Description : Check availability OpenBSD accounting data
-    Register --test-no ACCT-2760 --os OpenBSD --weight L --network NO --description "Check for available OpenBSD accounting information"
+    Register --test-no ACCT-2760 --os OpenBSD --weight L --network NO --category security --description "Check for available OpenBSD accounting information"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /var/account/acct ]; then
            Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN
@ -71,7 +71,7 @@
    # Test        : ACCT-9622
    # Description : Check availability Linux accounting data
    # Notes       : /var/log/pacct (Slackware)
-    Register --test-no ACCT-9622 --os Linux --weight L --network NO --description "Check for available Linux accounting information"
+    Register --test-no ACCT-9622 --os Linux --weight L --network NO --category security --description "Check for available Linux accounting information"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check accounting information"
        if [ -f /var/account/pacct ]; then
@ -99,7 +99,7 @@
 #
    # Test        : ACCT-9626
    # Description : Check sysstat accounting data
-    Register --test-no ACCT-9626 --os Linux --weight L --network NO --description "Check for sysstat accounting data"
+    Register --test-no ACCT-9626 --os Linux --weight L --network NO --category security --description "Check for sysstat accounting data"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check /etc/default/sysstat presence"
        if [ -f /etc/default/sysstat ]; then
@ -135,7 +135,7 @@
    # Test        : ACCT-9628
    # Description : Check auditd status
    if [ ! "${AUDITDBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no ACCT-9628 --os Linux --weight L --network NO --description "Check for auditd"
+    Register --test-no ACCT-9628 --os Linux --weight L --network NO --category security --description "Check for auditd"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check auditd status"
        # Should not get kauditd
@ -164,7 +164,7 @@
    # Test        : ACCT-9630
    # Description : Check auditd rules
    if [ ! "${AUDITDBINARY}" = "" -a ! "${AUDITCTLBINARY}" = "" -a ${LINUX_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no ACCT-9630 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --description "Check for auditd rules"
+    Register --test-no ACCT-9630 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check for auditd rules"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking auditd rules"
        FIND=`${AUDITCTLBINARY} -l | grep -v "No rules"`
@ -190,7 +190,7 @@
    # Test        : ACCT-9632
    # Description : Check auditd configuration file
    if [ ! "${AUDITDBINARY}" = "" -a ${LINUX_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no ACCT-9632 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for auditd configuration file"
+    Register --test-no ACCT-9632 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking auditd configuration file"
        for I in ${AUDITD_CONF_LOCS}; do
@ -216,7 +216,7 @@
    # Test        : ACCT-9634
    # Description : Check auditd log file
    if [ ! "${AUDITDBINARY}" = "" -a ${LINUX_AUDITD_RUNNING} -eq 1 -a ! "${AUDITD_CONF_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for auditd log file"
+    Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd log file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking auditd log file"
        FIND=`grep "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }'`
@ -243,7 +243,7 @@
 #
    # Test        : ACCT-9636
    # Description : Check for Snoopy (wrapper for execve() and logger)
-    Register --test-no ACCT-9636 --os Linux --weight L --network NO --description "Check for Snoopy wrapper and logger"
+    Register --test-no ACCT-9636 --os Linux --weight L --network NO --category security --description "Check for Snoopy wrapper and logger"
    if [ ${SKIPTEST} -eq 0 ]; then
        FILE="/lib/snoopy.so"
        if [ -f ${FILE} ]; then
@ -274,7 +274,7 @@
 #
    # Test        : ACCT-9650
    # Description : Check Solaris audit daemon presence
-    Register --test-no ACCT-9650 --os Solaris --weight L --network NO --description "Check Solaris audit daemon"
+    Register --test-no ACCT-9650 --os Solaris --weight L --network NO --category security --description "Check Solaris audit daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check if audit daemon is running"
        IsRunning auditd
@ -294,7 +294,7 @@
    # Test        : ACCT-9652
    # Description : Check Solaris auditd service status
    if [ -x /usr/bin/svcs -a ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no ACCT-9652 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check auditd SMF status"
+    Register --test-no ACCT-9652 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check auditd SMF status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check if auditd service is enabled and online"
        FIND=`/usr/bin/svcs svc:/system/auditd:default | grep "^online"`
@ -312,7 +312,7 @@
    # Test        : ACCT-9654
    # Description : Check Solaris Basic Security Mode (BSM) in /etc/system
    if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no ACCT-9654 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BSM auditing in /etc/system"
+    Register --test-no ACCT-9654 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check BSM auditing in /etc/system"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check if BSM is enabled in /etc/system"
        if [ -f /etc/system ]; then
@ -333,7 +333,7 @@
    # Test        : ACCT-9656
    # Description : Check Solaris BSM (c2audit) module status
    if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no ACCT-9656 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BSM auditing in module list"
+    Register --test-no ACCT-9656 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check BSM auditing in module list"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check if c2audit module is active"
        if [ -x /usr/sbin/modinfo ]; then
@ -355,7 +355,7 @@
    # Test        : ACCT-9662
    # Description : Check location for audit events
    if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no ACCT-9660 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check location of audit events"
+    Register --test-no ACCT-9660 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check location of audit events"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check /etc/security/audit_control for event logging location"
        if [ -f /etc/security/audit_control ]; then
@ -388,7 +388,7 @@
    # Test        : ACCT-9672
    # Description : check auditstat
    if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no ACCT-9662 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Solaris auditing stats"
+    Register --test-no ACCT-9662 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Solaris auditing stats"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check auditing statistics"
        if [ -x /usr/sbin/auditstat ]; then
--- a/include/tests_authentication
+++ b/include/tests_authentication
@ -36,7 +36,7 @@
    # Test        : AUTH-9204
    # Description : Check users with UID zero (0)
    # Notes       : Ignores :0: in file if match is in NIS related line
-    Register --test-no AUTH-9204 --weight L --network NO --description "Check users with an UID of zero"
+    Register --test-no AUTH-9204 --weight L --network NO --category security --description "Check users with an UID of zero"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Search accounts with UID 0
        LogText "Test: Searching accounts with UID 0"
@ -63,7 +63,7 @@
 #
    # Test        : AUTH-9208
    # Description : Check non-unique accounts
-    Register --test-no AUTH-9208 --weight L --network NO --description "Check non-unique accounts in passwd file"
+    Register --test-no AUTH-9208 --weight L --network NO --category security --description "Check non-unique accounts in passwd file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for non-unique accounts"
        if  [ "${OS}" = "DragonFly" -o "${OS}" = "FreeBSD" -o "${OS}" = "NetBSD" -o "${OS}" = "OpenBSD" ]; then
@ -95,7 +95,7 @@
    # Test        : AUTH-9212
    # Description : Test group file with chkgrp tool (ie FreeBSD)
    if [ -f /usr/sbin/chkgrp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9212 --preqs-met ${PREQS_MET} --weight L --network NO --description "Test group file"
+    Register --test-no AUTH-9212 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test group file"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 2 --text "- Checking chkgrp tool" --result "${STATUS_FOUND}" --color GREEN
        LogText "Result: /usr/sbin/chkgrp binary found. Using this to perform next test(s)."
@ -117,7 +117,7 @@
    # Test        : AUTH-9216
    # Description : Check /etc/group and shadow group files
    if [ ! "${GRPCKBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9216 --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --description "Check group and shadow group files"
+    Register --test-no AUTH-9216 --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check group and shadow group files"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Test            : run grpck to test group files (most likely /etc/group and shadow group files)
        # Expected result : 0 (exit code)
@ -153,7 +153,7 @@
    # Test        : AUTH-9218
    # Description : Check login shells for passwordless accounts
    # Notes       : Results should be checked
-    Register --test-no AUTH-9218 --os FreeBSD --weight L --network NO --description "Check harmful login shells"
+    Register --test-no AUTH-9218 --os FreeBSD --weight L --network NO --category security --description "Check harmful login shells"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        LogText "Test: Checking login shells"
@ -195,7 +195,7 @@
 #
    # Test        : AUTH-9222
    # Description : Check for non unique groups
-    Register --test-no AUTH-9222 --weight L --network NO --description "Check for non unique groups"
+    Register --test-no AUTH-9222 --weight L --network NO --category security --description "Check for non unique groups"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for non unique group ID's in /etc/group"
        FIND=`grep -v '^#' /etc/group | grep -v '^$' | awk -F: '{ print $3 }' | sort | uniq -d`
@ -216,7 +216,7 @@
    # Test        : AUTH-9226
    # Description : Check non unique group names
    if [ -f /etc/group ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9226 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check non unique group names"
+    Register --test-no AUTH-9226 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check non unique group names"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for non unique group names in /etc/group"
        FIND=`grep -v '^#' /etc/group | grep -v '^$' | awk -F: '{ print $1 }' | sort | uniq -d`
@ -238,7 +238,7 @@
    # Description : Check password file consistency with pwck
    # Notes       : Operating systems include Linux, Solaris
    if [ -x /usr/sbin/pwck ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9228 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check password file consistency with pwck"
+    Register --test-no AUTH-9228 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check password file consistency with pwck"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking password file consistency (pwck)"
        TESTED=0
@ -278,7 +278,7 @@
    #               Mac OS X: needs to be improved (just reading passwd file is not enough)
    #               OpenBSD/NetBSD: unknown
    #               Arch Linux / CentOS / Ubuntu: 1000+
-    Register --test-no AUTH-9234 --weight L --network NO --description "Query user accounts"
+    Register --test-no AUTH-9234 --weight L --network NO --category security --description "Query user accounts"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Read system users (including root user) from /etc/passwd"
        FIND=""
@ -338,7 +338,7 @@
 #
    # Test        : AUTH-9240
    # Description : Query NIS+ authentication support
-    Register --test-no AUTH-9240 --weight L --network NO --description "Query NIS+ authentication support"
+    Register --test-no AUTH-9240 --weight L --network NO --category security --description "Query NIS+ authentication support"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /etc/nsswitch.conf ]; then
            FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nisplus"`
@ -365,7 +365,7 @@
 #
    # Test        : AUTH-9242
    # Description : Query NIS authentication support
-    Register --test-no AUTH-9242 --weight L --network NO --description "Query NIS authentication support"
+    Register --test-no AUTH-9242 --weight L --network NO --category security --description "Query NIS authentication support"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /etc/nsswitch.conf ]; then
            FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nis" | grep -v "nisplus"`
@ -392,7 +392,7 @@
 #
    # Test        : AUTH-9250
    # Description : Check for sudoers file
-    Register --test-no AUTH-9250 --weight L --network NO --description "Checking sudoers file"
+    Register --test-no AUTH-9250 --weight L --network NO --category security --description "Checking sudoers file"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        for I in ${SUDOERS_LOCATIONS}; do
@ -419,7 +419,7 @@
    # Test        : AUTH-9252
    # Description : Check for sudoers file permissions
    if [ ! "${SUDOERS_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9252 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check sudoers file"
+    Register --test-no AUTH-9252 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check sudoers file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking sudoers file (${SUDOERS_FILE}) permissions"
        FIND=`ls -l ${SUDOERS_FILE} | cut -c 2-10`
@ -437,7 +437,7 @@
 #
    # Test        : AUTH-9254
    # Description : Solaris test to check passwordless accounts
-    Register --test-no AUTH-9254 --os Solaris --weight L --network NO --root-only YES --description "Solaris passwordless accounts"
+    Register --test-no AUTH-9254 --os Solaris --weight L --network NO --root-only YES --category security --description "Solaris passwordless accounts"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`logins -p | awk '{ print $1 }'`
        if [ "${FIND}" = "" ]; then
@ -455,7 +455,7 @@
 #
    # Test        : AUTH-9262
    # Description : Search for PAM password strength testing libraries
-    Register --test-no AUTH-9262 --weight L --network NO --description "Checking presence password strength testing tools (PAM)"
+    Register --test-no AUTH-9262 --weight L --network NO --category security --description "Checking presence password strength testing tools (PAM)"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        FOUND_CRACKLIB=0
@ -525,7 +525,7 @@
 #
    # Test        : AUTH-9264
    # Description : Scan /etc/pam.conf file
-    Register --test-no AUTH-9264 --weight L --network NO --description "Checking presence pam.conf"
+    Register --test-no AUTH-9264 --weight L --network NO --category security --description "Checking presence pam.conf"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking file /etc/pam.conf"
        if [ -f /etc/pam.conf ]; then
@ -552,7 +552,7 @@
 #
    # Test        : AUTH-9266
    # Description : Searching available PAM configurations (/etc/pam.d)
-    Register --test-no AUTH-9266 --weight L --network NO --description "Checking presence pam.d files"
+    Register --test-no AUTH-9266 --weight L --network NO --category security --description "Checking presence pam.d files"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking directory /etc/pam.d"
        if [ -d /etc/pam.d ]; then
@ -575,7 +575,7 @@
    # Description : Searching available PAM files
    # Notes       : PAM is used on AIX, FreeBSD, Linux, HPUX, Solaris
    if [ ${OS} = "AIX" -o ${OS} = "Linux" -o ${OS} = "HPUX" -o ${OS} = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9268 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking presence pam.d files"
+    Register --test-no AUTH-9268 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking presence pam.d files"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        LogText "Test: Searching pam modules"
@ -607,7 +607,7 @@
 #
    # Test        : AUTH-9278
    # Description : Search LDAP support in PAM files
-    Register --test-no AUTH-9278 --weight L --network NO --description "Checking LDAP pam status"
+    Register --test-no AUTH-9278 --weight L --network NO --category security --description "Checking LDAP pam status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking presence /etc/pam.d/common-auth"
        if [ -f /etc/pam.d/common-auth ]; then
@ -661,7 +661,7 @@
    # Test        : AUTH-9282
    # Description : Search password protected accounts without expire (Linux)
-    Register --test-no AUTH-9282 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking password protected account without expire date"
+    Register --test-no AUTH-9282 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking password protected account without expire date"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking Linux version and password expire date status"
            if [ "${FIND}" = "" ]; then
@ -678,7 +678,7 @@
    fi
    # Test        : AUTH-9283
    # Description : Search passwordless accounts
-    Register --test-no AUTH-9283 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking accounts without password"
+    Register --test-no AUTH-9283 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking accounts without password"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking passwordless accounts"
            if [ "${FIND2}" = "" ]; then
@ -702,7 +702,7 @@
    # Notes       : MIN = minimum age, avoid rotation of passwords too quickly
    #             : MAX = maximum age, ensure regular change of passwords
    if [ -f /etc/login.defs ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9286 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking user password aging"
+    Register --test-no AUTH-9286 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking user password aging"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking PASS_MIN_DAYS option in /etc/login.defs "
        FIND=`grep "^PASS_MIN_DAYS" /etc/login.defs | awk '{ if ($1=="PASS_MIN_DAYS") { print $2 } }'`
@ -739,7 +739,7 @@
    # Description : Determine which accounts have an expired password
    # Notes       : This test might not work (yet) on all platforms
    if [ -f /etc/shadow ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9288 --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --description "Checking for expired passwords"
+    Register --test-no AUTH-9288 --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Checking for expired passwords"
    if [ ${SKIPTEST} -eq 0 ]; then
        if FileIsReadable /etc/shadow; then
            DAYS_SINCE_EPOCH=$((`date --utc +%s`/86400))
@ -770,7 +770,7 @@
    # Test        : AUTH-9304
    # Description : Check if single user mode login is properly configured in Solaris
    # Notes       : sulogin should be called from svm script (Solaris <10) in /etc/rcS.d
-    Register --test-no AUTH-9304 --os Solaris --weight L --network NO --description "Check single user login configuration"
+    Register --test-no AUTH-9304 --os Solaris --weight L --network NO --category security --description "Check single user login configuration"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check if file exists (Solaris 10 does not have this file by default)
        if [ -f /etc/default/sulogin ]; then
@ -799,7 +799,7 @@
    # Notes       : :d_boot_authenticate: is a good option for production machines to
    #               avoid unauthorized booting of systems. Option :d_boot_autentication@:
    #               disabled a required login.
-    Register --test-no AUTH-9306 --os HP-UX --weight L --network NO --description "Check single boot authentication"
+    Register --test-no AUTH-9306 --os HP-UX --weight L --network NO --category security --description "Check single boot authentication"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check if file exists
        LogText "Test: Searching /tcb/files/auth/system/default"
@ -826,7 +826,7 @@
 #
    # Test        : AUTH-9308
    # Description : Check single user mode login for Linux
-    Register --test-no AUTH-9308 --os Linux --weight L --network NO --description "Check single user login configuration"
+    Register --test-no AUTH-9308 --os Linux --weight L --network NO --category security --description "Check single user login configuration"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        TEST_PERFORMED=0
@ -913,7 +913,7 @@
    # Notes:        This test should be moved later to shells section
    # /etc/login.defs
    # pam_umask
-    Register --test-no AUTH-9328 --weight L --network NO --description "Default umask values"
+    Register --test-no AUTH-9328 --weight L --network NO --category security --description "Default umask values"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 2 --text "- Determining default umask"
@ -1133,7 +1133,7 @@
 #
    # Test        : AUTH-9340
    # Description : Solaris account locking
-    Register --test-no AUTH-9340 --os Solaris --weight L --network NO --description "Solaris account locking"
+    Register --test-no AUTH-9340 --os Solaris --weight L --network NO --category security --description "Solaris account locking"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        if [ -f /etc/security/policy.conf ]; then
@ -1183,7 +1183,7 @@
 #
    # Test        : AUTH-9402
    # Description : Query LDAP authentication support
-    Register --test-no AUTH-9402 --weight L --network NO --description "Query LDAP authentication support"
+    Register --test-no AUTH-9402 --weight L --network NO --category security --description "Query LDAP authentication support"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /etc/nsswitch.conf ]; then
            FIND=`egrep "^passwd" /etc/nsswitch.conf | grep "ldap"`
@ -1205,7 +1205,7 @@
    # Test        : AUTH-9406
    # Description : Check LDAP servers in client configuration
    if [ ${LDAP_AUTH_ENABLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9406 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query LDAP servers in client configuration"
+    Register --test-no AUTH-9406 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Query LDAP servers in client configuration"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking ldap.conf options"
        for I in ${LDAP_CONF_LOCATIONS}; do
@ -1231,7 +1231,7 @@
    # Test        : AUTH-9408
    # Description : Logging of failed login attempts
    if [ -f /etc/login.defs ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no AUTH-9408 --preqs-met ${PREQS_MET} --weight L --network NO --description "Logging of failed login attempts via /etc/login.defs"
+    Register --test-no AUTH-9408 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Logging of failed login attempts via /etc/login.defs"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking FAILLOG_ENAB option in /etc/login.defs "
        FIND=`grep "^FAILLOG_ENAB" /etc/login.defs | awk '{ if ($1=="FAILLOG_ENAB") { print $2 } }'`
--- a/include/tests_banners
+++ b/include/tests_banners
@ -33,7 +33,7 @@
 #
    # Test        : BANN-7113
    # Description : Check FreeBSD COPYRIGHT banner file
-    Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --description "Check COPYRIGHT banner file"
+    Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --category security --description "Check COPYRIGHT banner file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT"
        if [ -f /COPYRIGHT ]; then
@ -65,7 +65,7 @@
 #
    # Test        : BANN-7119
    # Description : Check MOTD banner file
-    #Register --test-no BANN-7119 --weight L --network NO --description "Check MOTD banner file"
+    #Register --test-no BANN-7119 --weight L --network NO --category security --description "Check MOTD banner file"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #    LogText "Test: Testing existence /etc/motd"
    #    if [ -f /etc/motd  ]; then
@ -95,7 +95,7 @@
    # Description : Check motd file to see if it contains some form of message
    #               to discourage unauthorized users to leave the system alone
    #if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    #Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/motd banner file contents"
+    #Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/motd banner file contents"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #    N=0
    #    LogText "Test: Checking file /etc/motd contents for legal key words"
@ -123,7 +123,7 @@
 #
    # Test        : BANN-7124
    # Description : Check issue banner file
-    Register --test-no BANN-7124 --weight L --network NO --description "Check issue banner file"
+    Register --test-no BANN-7124 --weight L --network NO --category security --description "Check issue banner file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking file /etc/issue"
        if [ -f /etc/issue ]; then
@ -146,7 +146,7 @@
    # Description : Check issue file to see if it contains some form of message
    #               to discourage unauthorized users to leave the system alone
    if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue banner file contents"
+    Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue banner file contents"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: Checking file /etc/issue contents for legal key words"
@ -174,7 +174,7 @@
 #
    # Test        : BANN-7128
    # Description : Check issue.net banner file
-    Register --test-no BANN-7128 --weight L --network NO --description "Check issue.net banner file"
+    Register --test-no BANN-7128 --weight L --network NO --category security --description "Check issue.net banner file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking file /etc/issue.net"
        if [ -f /etc/issue.net ]; then
@ -198,7 +198,7 @@
    # Description : Check issue.net file to see if it contains some form of message
    #               to discourage unauthorized users to leave the system alone
    if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue.net banner file contents"
+    Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue.net banner file contents"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: Checking file /etc/issue.net contents for legal key words"
--- a/include/tests_boot_services
+++ b/include/tests_boot_services
@ -37,7 +37,7 @@
    # Test        : BOOT-5102
    # Description : Check for AIX boot device
    # Notes       : The AIX bootstrap is called as software ROS. Bootstrap contains IPL (Initial Program loader)
-    Register --test-no BOOT-5102 --os AIX --weight L --network NO --root-only YES --description "Check for AIX boot device"
+    Register --test-no BOOT-5102 --os AIX --weight L --network NO --root-only YES --category security --description "Check for AIX boot device"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        LogText "Test: Query bootinfo for AIX boot device"
@ -64,7 +64,7 @@
    # initscripts     - Used by Arch before
    # systemd         - Common option with more Linux distros implementing it
    # upstart         - Used by Debian/Ubuntu
-    Register --test-no BOOT-5104 --weight L --network NO --description "Determine service manager"
+    Register --test-no BOOT-5104 --weight L --network NO --category security --description "Determine service manager"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        case ${OS} in
@ -136,7 +136,7 @@
 #
    # Test        : BOOT-5106
    # Description : Check if boot.efi is found on Mac OS X
-    Register --test-no BOOT-5106 --os "MacOS" --weight L --network NO --root-only YES --description "Check EFI boot file on Mac OS X"
+    Register --test-no BOOT-5106 --os "MacOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X"
    if [ ${SKIPTEST} -eq 0 ]; then
        FileExists /System/Library/CoreServices/boot.efi
        if [ ${FILE_FOUND} -eq 1 ]; then
@ -150,7 +150,7 @@
 #
    # Test        : BOOT-5116
    # Description : Check if system is booted in UEFI mode
-    Register --test-no BOOT-5116 --weight L --network NO --root-only YES --description "Check if system is booted in UEFI mode"
+    Register --test-no BOOT-5116 --weight L --network NO --root-only YES --category security --description "Check if system is booted in UEFI mode"
    if [ ${SKIPTEST} -eq 0 ]; then
        UEFI_TESTS_PERFORMED=0
        case ${OS} in
@ -210,7 +210,7 @@
 #
    # Test        : BOOT-5121
    # Description : Check for GRUB boot loader
-    Register --test-no BOOT-5121 --weight L --network NO --description "Check for GRUB boot loader presence"
+    Register --test-no BOOT-5121 --weight L --network NO --category security --description "Check for GRUB boot loader presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        FOUND=0
@ -259,7 +259,7 @@
    # Test        : BOOT-5122
    # Description : Check for GRUB boot loader configuration
    if [ ! "${GRUBCONFFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no BOOT-5122 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for GRUB boot password"
+    Register --test-no BOOT-5122 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for GRUB boot password"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        LogText "Found file ${GRUBCONFFILE}, proceeding with tests."
@ -296,7 +296,7 @@
 #
    # Test        : BOOT-5124
    # Description : Check for FreeBSD boot loader
-    Register --test-no BOOT-5124 --os FreeBSD --weight L --network NO --description "Check for FreeBSD boot loader presence"
+    Register --test-no BOOT-5124 --os FreeBSD --weight L --network NO --category security --description "Check for FreeBSD boot loader presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        if [ -f /boot/boot1 -a -f /boot/boot2 -a -f /boot/loader ]; then
@ -313,7 +313,7 @@
 #
    # Test        : BOOT-5126
    # Description : Check for NetBSD boot loader
-    Register --test-no BOOT-5126 --os NetBSD --weight L --network NO --description "Check for NetBSD boot loader presence"
+    Register --test-no BOOT-5126 --os NetBSD --weight L --network NO --category security --description "Check for NetBSD boot loader presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        if [ -f /boot.${HARDWARE} -o -f /boot -o -f /ofwboot ]; then
@ -332,7 +332,7 @@
    # Test        : BOOT-5139
    # Description : Check for LILO boot loader
    # Notes       : password= or password =
-    Register --test-no BOOT-5139 --weight L --network NO --description "Check for LILO boot loader presence"
+    Register --test-no BOOT-5139 --weight L --network NO --category security --description "Check for LILO boot loader presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        LILOCONFFILE="/etc/lilo.conf"
@ -369,7 +369,7 @@
 #
    # Test        : BOOT-5142
    # Description : Check for SILO boot loader
-    Register --test-no BOOT-5142 --weight L --network NO --description "Check SPARC Improved boot loader (SILO)"
+    Register --test-no BOOT-5142 --weight L --network NO --category security --description "Check SPARC Improved boot loader (SILO)"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        if [ -f /etc/silo.conf ]; then
@ -387,7 +387,7 @@
    # Test        : BOOT-5144
    # Description : Check for SILO boot loader consistency
    # Notes       : To be tested on Gentoo
-#    Register --test-no BOOT-5144 --weight L --network NO --description "Check SPARC Improved boot loader (SILO)"
+#    Register --test-no BOOT-5144 --weight L --network NO --category security --description "Check SPARC Improved boot loader (SILO)"
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #        if [ -f /etc/silo.conf -a -x /sbin/silo ]; then
 #            FIND=`/sbin/silo | grep "appears to be valid"`
@ -406,7 +406,7 @@
 #
    # Test        : BOOT-5155
    # Description : Check for YABOOT boot loader
-    Register --test-no BOOT-5155 --weight L --network NO --description "Check for YABOOT boot loader configuration file"
+    Register --test-no BOOT-5155 --weight L --network NO --category security --description "Check for YABOOT boot loader configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        LogText "Test: Check for /etc/yaboot.conf"
@ -425,7 +425,7 @@
    # Test        : BOOT-5159
    # Description : Check for OpenBSD boot loader
    # More info   : Only OpenBSD
-    Register --test-no BOOT-5159 --os OpenBSD --weight L --network NO --description "Check for OpenBSD boot loader presence"
+    Register --test-no BOOT-5159 --os OpenBSD --weight L --network NO --category security --description "Check for OpenBSD boot loader presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        BOOT_LOADER_SEARCHED=1
        FOUND=0
@ -475,7 +475,7 @@
 #
    # Test        : BOOT-5165
    # Description : Check for FreeBSD boot services
-    Register --test-no BOOT-5165 --os FreeBSD --weight L --network NO --description "Check for FreeBSD boot services"
+    Register --test-no BOOT-5165 --os FreeBSD --weight L --network NO --category security --description "Check for FreeBSD boot services"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${SERVICEBINARY}" = "" ]; then
            # FreeBSD (Ask services(8) for enabled services)
@ -502,7 +502,7 @@
    # Test        : BOOT-5177
    # Description : Check for Linux boot services (systemd and chkconfig)
    # Notes       : We skip using chkconfig if systemd is being used.
-    Register --test-no BOOT-5177 --os Linux --weight L --network NO --description "Check for Linux boot and running services"
+    Register --test-no BOOT-5177 --os Linux --weight L --network NO --category security --description "Check for Linux boot and running services"
    if [ ${SKIPTEST} -eq 0 ]; then
        CHECKED=0
        LogText "Test: checking presence systemctl binary"
@ -568,7 +568,7 @@
    # Description : Check for Linux boot services (Debian style)
    # Notes       : Debian 8+ shows runlevel 5
    if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no BOOT-5180 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for Linux boot services (Debian style)"
+    Register --test-no BOOT-5180 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for Linux boot services (Debian style)"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Runlevel check
        sRUNLEVEL=`${RUNLEVELBINARY} | grep "N [0-9]" | awk '{ print $2} '`
@ -597,7 +597,7 @@
 #
    # Test        : BOOT-5184
    # Description : Check world writable startup scripts
-    Register --test-no BOOT-5184 --os Linux --weight L --network NO --description "Check permissions for boot files/scripts"
+    Register --test-no BOOT-5184 --os Linux --weight L --network NO --category security --description "Check permissions for boot files/scripts"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        CHECKDIRS="/etc/init.d /etc/rc.d /etc/rcS.d"
@ -682,7 +682,7 @@
 #
    # Test        : BOOT-5202
    # Description : Check uptime of system
-    Register --test-no BOOT-5202 --weight L --network NO --description "Check uptime of system"
+    Register --test-no BOOT-5202 --weight L --network NO --category security --description "Check uptime of system"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        FIND=""
@ -755,7 +755,7 @@
 #
    # Test        : BOOT-5260
    # Description : Check single user mode for systemd
-    Register --test-no BOOT-5260 --weight L --network NO --description "Check single user mode for systemd"
+    Register --test-no BOOT-5260 --weight L --network NO --category security --description "Check single user mode for systemd"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check if file exists
        LogText "Test: Searching /usr/lib/systemd/system/rescue.service"
--- a/include/tests_containers
+++ b/include/tests_containers
@ -33,7 +33,7 @@
    # Test        : CONT-8004
    # Description : Query running Solaris zones
    if [ -x /usr/sbin/zoneadm ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no CONT-8004 --os Solaris --weight L --network NO --description "Query running Solaris zones"
+    Register --test-no CONT-8004 --os Solaris --weight L --network NO --category security --description "Query running Solaris zones"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: query zoneadm to list all running zones"
        FIND=`/usr/sbin/zoneadm list -p | awk -F: '{ if ($2!="global") print $0 }'`
@ -59,7 +59,7 @@
    # Test        : CONT-1906
    # Description : Query running Xen zones
    #if [ -x /usr/bin/xm ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    #Register --test-no CONT-1906 --weight L --network NO --description "Query Xen guests"
+    #Register --test-no CONT-1906 --weight L --network NO --category security --description "Query Xen guests"
    #if [ ${SKIPTEST} -eq 0 ]; then
        # Show Xen guests
        #FIND=`xm list | awk '$1 != "Name|Domain-0" {print $1","$2}'`
@ -74,7 +74,7 @@
 #
    # Test        : CONT-8102
    # Description : Checking Docker daemon status and basic information for later tests
-    Register --test-no CONT-8102 --weight L --network NO --description "Checking Docker status and information"
+    Register --test-no CONT-8102 --weight L --network NO --category security --description "Checking Docker status and information"
    if [ ${SKIPTEST} -eq 0 ]; then
        IsRunning "docker -d"
        if [ ${RUNNING} -eq 1 ]; then
@ -92,7 +92,7 @@
    # Description : Checking Docker info for any warnings
    # Notes       : Hardening points are awarded, as usually warnings are the result of missing controls to restrict boundaries like memory
    if [ ! "${DOCKERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no CONT-8104 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking Docker info for any warnings"
+    Register --test-no CONT-8104 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking Docker info for any warnings"
    if [ ${SKIPTEST} -eq 0 ]; then
        COUNT=0
        LogText "Test: Check for any warnings"
@ -120,7 +120,7 @@
    # Description : Checking Docker containers (basic stats)
    # Notes       : Hardening points are awarded, if there aren't a lot of stopped containers
    if [ ! "${DOCKERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no CONT-8106 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather basic stats from Docker"
+    Register --test-no CONT-8106 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Gather basic stats from Docker"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 6 --text "- Containers"
@ -173,7 +173,7 @@
    # Description : Checking Docker file permissions
    # Notes       : /var/run/docker.sock - Usually root as owner, docker as group - should not be world writable
    if [ ! "${DOCKERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no CONT-8108 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check file permissions for Docker files"
+    Register --test-no CONT-8108 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check file permissions for Docker files"
    if [ ${SKIPTEST} -eq 0 ]; then
        NOT_WORLD_WRITABLE="/var/run/docker.sock"
        for I in ${NOT_WORLD_WRITABLE}; do
--- a/include/tests_crypto
+++ b/include/tests_crypto
@ -29,7 +29,7 @@
    # Test        : CRYP-7902
    # Description : check for expired SSL certificates
    if [ ! -z "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no CRYP-7902 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check expire date of SSL certificates"
+    Register --test-no CRYP-7902 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check expire date of SSL certificates"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUNDPROBLEM=0
        sSSL_PATHS=$(echo ${SSL_CERTIFICATE_PATHS} | sed 's/:/ /g')
--- a/include/tests_custom.template
+++ b/include/tests_custom.template
@ -16,7 +16,7 @@
    # Register our first custom test
    # We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
-    Register --test-no CUST-0001 --weight L --network NO --description "A test case for colors and text display"
+    Register --test-no CUST-0001 --weight L --network NO --category security --description "A test case for colors and text display"
    if [ ${SKIPTEST} -eq 0 ]; then
        # The Display function makes it easy to show something on screen, with colors.
        # --indent  defines amount of spaces
@ -81,7 +81,7 @@
 #
    # First check if OPENSSLBINARY is known as a prerequisite for this test.
    if [ ! "${OPENSSLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight M --network NO --description "Description of custom test"
+    Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight M --network NO --category security --description "Description of custom test"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUNDPROBLEM=0
        DIR="/my/path"
--- a/include/tests_databases
+++ b/include/tests_databases
@ -33,7 +33,7 @@
    # Test        : DBS-1804
    # Description : Check if MySQL is being used
-    Register --test-no DBS-1804 --weight L --network NO --description "Checking active MySQL process"
+    Register --test-no DBS-1804 --weight L --network NO --category security --description "Checking active MySQL process"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${PSBINARY} ax | egrep "mysqld|mysqld_safe" | grep -v "grep"`
        if [ "${FIND}" = "" ]; then
@ -51,7 +51,7 @@
 #
    # Test        : DBS-1808
    # Description : Check MySQL data directory
-    #Register --test-no DBS-1808 --weight L --network NO --description "Checking MySQL data directory"
+    #Register --test-no DBS-1808 --weight L --network NO --category security --description "Checking MySQL data directory"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #fi
 #
@ -59,7 +59,7 @@
 #
    # Test        : DBS-1812
    # Description : Check data directory permissions
-    #Register --test-no DBS-1812 --weight L --network NO --description "Checking MySQL data directory permissions"
+    #Register --test-no DBS-1812 --weight L --network NO --category security --description "Checking MySQL data directory permissions"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #fi
 #
@ -69,7 +69,7 @@
    # Description : Check empty MySQL root password
    # Notes       : Only perform test when MySQL is running and client is available
    if [ ! "${MYSQLCLIENTBINARY}" = "" -a ${MYSQL_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no DBS-1816 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking MySQL root password"
+    Register --test-no DBS-1816 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking MySQL root password"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Trying to login to local MySQL server without password"
        FIND=`${MYSQLCLIENTBINARY} -u root --password= --silent --batch --execute="" 2> /dev/null; echo $?`
@ -91,7 +91,7 @@
 #
    # Test        : DBS-1826
    # Description : Check if PostgreSQL is being used
-    Register --test-no DBS-1826 --weight L --network NO --description "Checking active PostgreSQL processes"
+    Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes"
    if [ ${SKIPTEST} -eq 0 ]; then
        if IsRunning "postgres:"; then
            Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN
@ -116,7 +116,7 @@
    #               arch: archiver (optional)
    #               ckpt: checkpoint (optional)
    #               reco: recovery (optional)
-    Register --test-no DBS-1840 --weight L --network NO --description "Checking active Oracle processes"
+    Register --test-no DBS-1840 --weight L --network NO --category security --description "Checking active Oracle processes"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${PSBINARY} ax | egrep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"`
        if [ "${FIND}" = "" ]; then
@ -134,7 +134,7 @@
 #
    # Test        : DBS-1842
    # Description : Check Oracle home paths from oratab
-    #Register --test-no DBS-1842 --weight L --network NO --description "Checking Oracle home paths"
+    #Register --test-no DBS-1842 --weight L --network NO --category security --description "Checking Oracle home paths"
    #if [ ${SKIPTEST} -eq 0 ]; then
    # if [ -f /etc/oratab ]; then
    #  FIND=`grep -v "#" /etc/oratab | awk -F: "{ print $2 }"`
@ -145,7 +145,7 @@
 #
    # Test        : DBS-1860
    # Description : Checks if a DB2 instance is currently runnigng
-    Register --test-no DBS-1860 --weight L --network NO --description "Checking active DB2 instances"
+    Register --test-no DBS-1860 --weight L --network NO --category security --description "Checking active DB2 instances"
    if [ ${SKIPTEST} -eq 0 ]; then
        if IsRunning db2sysc; then
            Display --indent 2 --text "- DB2 instance running" --result "${STATUS_FOUND}" --color GREEN
--- a/include/tests_file_integrity
+++ b/include/tests_file_integrity
@ -31,7 +31,7 @@
 #
    # Test        : FINT-4310
    # Description : Check if AFICK is installed
-    Register --test-no FINT-4310 --weight L --network NO --description "AFICK availability"
+    Register --test-no FINT-4310 --weight L --network NO --category security --description "AFICK availability"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking AFICK binary"
        if [ ! "${AFICKBINARY}" = "" ]; then
@ -50,7 +50,7 @@
 #
    # Test        : FINT-4314
    # Description : Check if AIDE is installed
-    Register --test-no FINT-4314 --weight L --network NO --description "AIDE availability"
+    Register --test-no FINT-4314 --weight L --network NO --category security --description "AIDE availability"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking AIDE binary"
        if [ ! "${AIDEBINARY}" = "" ]; then
@ -70,7 +70,7 @@
    # Test        : FINT-4315
    # Description : Check AIDE configuration file
    if [ ! "${AIDEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FINT-4315 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check AIDE configuration file"
+    Register --test-no FINT-4315 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check AIDE configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        AIDE_CONFIG_LOCS="/etc /etc/aide /usr/local/etc"
        LogText "Test: search for aide.conf in ${AIDE_CONFIG_LOCS}"
@ -98,7 +98,7 @@
 #
    # Test        : FINT-4318
    # Description : Check if Osiris is installed
-    Register --test-no FINT-4318 --weight L --network NO --description "Osiris availability"
+    Register --test-no FINT-4318 --weight L --network NO --category security --description "Osiris availability"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking Osiris binary"
        if [ ! "${OSIRISBINARY}" = "" ]; then
@ -117,7 +117,7 @@
 #
    # Test        : FINT-4322
    # Description : Check if Samhain is installed
-    Register --test-no FINT-4322 --weight L --network NO --description "Samhain availability"
+    Register --test-no FINT-4322 --weight L --network NO --category security --description "Samhain availability"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking Samhain binary"
        if [ ! "${SAMHAINBINARY}" = "" ]; then
@ -136,7 +136,7 @@
 #
    # Test        : FINT-4326
    # Description : Check if Tripwire is installed
-    Register --test-no FINT-4326 --weight L --network NO --description "Tripwire availability"
+    Register --test-no FINT-4326 --weight L --network NO --category security --description "Tripwire availability"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking Tripwire binary"
        if [ ! "${TRIPWIREBINARY}" = "" ]; then
@ -155,7 +155,7 @@
 #
    # Test        : FINT-4328
    # Description : Check if OSSEC system integrity tool is running
-    Register --test-no FINT-4328 --weight L --network NO --description "OSSEC syscheck daemon running"
+    Register --test-no FINT-4328 --weight L --network NO --category security --description "OSSEC syscheck daemon running"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking if OSSEC syscheck daemon is running"
        IsRunning ossec-syscheckd
@ -176,7 +176,7 @@
    # Test        : FINT-4330
    # Description : Check if mtree is installed
    # Note        : Usually on BSD and similar
-    Register --test-no FINT-4330 --weight L --network NO --description "mtree availability"
+    Register --test-no FINT-4330 --weight L --network NO --category security --description "mtree availability"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking mtree binary"
        if [ ! "${MTREEBINARY}" = "" ]; then
@ -196,7 +196,7 @@
    # Test        : FINT-4334
    # Description : Check if LFD is used (part of CSF suite)
    if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FINT-4334 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check lfd daemon status"
+    Register --test-no FINT-4334 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check lfd daemon status"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 4 --text "- lfd (CSF)" --result "${STATUS_FOUND}" --color GREEN
        IsRunning 'lfd '
@ -216,7 +216,7 @@
    # Test        : FINT-4336
    # Description : Check if LFD is enabled (part of CSF suite)
    if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FINT-4336 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check lfd configuration status"
+    Register --test-no FINT-4336 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check lfd configuration status"
    if [ ${SKIPTEST} -eq 0 ]; then
        # LFD configuration parameters
        ENABLED=`grep "^LF_DAEMON = \"1\"" ${CSF_CONFIG}`
@ -247,7 +247,7 @@
 #
    # Test        : FINT-4338
    # Description : Check if osquery system integrity tool is running
-    Register --test-no FINT-4338 --weight L --network NO --description "osqueryd syscheck daemon running"
+    Register --test-no FINT-4338 --weight L --network NO --category security --description "osqueryd syscheck daemon running"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking if osqueryd syscheck daemon is running"
        IsRunning osqueryd
@ -268,7 +268,7 @@
    # Test        : FINT-4402 (was FINT-4316)
    # Description : Check if AIDE is configured to use SHA256 or SHA512 checksums
    if [ ! "${AIDEBINARY}" = "" -a ! "${AIDECONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FINT-4402 --preqs-met ${PREQS_MET} --weight L --network NO --description "AIDE configuration: Checksums (SHA256 or SHA512)"
+    Register --test-no FINT-4402 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "AIDE configuration: Checksums (SHA256 or SHA512)"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${GREPBINARY} -v "^#" ${AIDECONFIG} | ${EGREPBINARY} "= .*(sha256|sha512)"`
        if [ "${FIND2}" = "" ]; then
@ -287,7 +287,7 @@
 #
    # Test        : FINT-4350
    # Description : Check if at least one file integrity tool is installed
-    Register --test-no FINT-4350 --weight L --network NO --description "File integrity software installed"
+    Register --test-no FINT-4350 --weight L --network NO --category security --description "File integrity software installed"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check if at least on file integrity tool is available/installed"
        if [ ${FILE_INT_TOOL_FOUND} -eq 1 ]; then
--- a/include/tests_file_permissions
+++ b/include/tests_file_permissions
@ -28,7 +28,7 @@
 #
    # Test        : FILE-7524
    # Description : Perform file permissions check
-    Register --test-no FILE-7524 --weight L --network NO --description "Perform file permissions check"
+    Register --test-no FILE-7524 --weight L --network NO --category security --description "Perform file permissions check"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 2 --text "- Starting file permissions check"
        LogText "Test: Checking file permissions"
--- a/include/tests_filesystems
+++ b/include/tests_filesystems
@ -35,7 +35,7 @@
    # Test        : FILE-6310
    # Description : Checking if some mount points are separated from /
    # Goal        : Users should not be able to fill their home directory or temporary directory and creating a Denial of Service
-    Register --test-no FILE-6310 --weight L --network NO --description "Checking /tmp, /home and /var directory"
+    Register --test-no FILE-6310 --weight L --network NO --category security --description "Checking /tmp, /home and /var directory"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 2 --text "- Checking mount points"
        SEPARATED_FILESYTEMS="/home /tmp /var"
@ -71,7 +71,7 @@
    # Description : Checking LVM Volume Groups
    # Notes       : No volume groups found is sent to STDERR for unclear reasons. Filtering both STDERR redirecting and grep.
    if [ ! "${VGDISPLAYBINARY}" = "" -o ! "${LSVGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FILE-6311 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking LVM volume groups"
+    Register --test-no FILE-6311 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking LVM volume groups"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for LVM volume groups"
        case ${OS} in
@ -104,7 +104,7 @@
    # Test        : FILE-6312
    # Description : Checking LVM volumes
    if [ ${LVM_VG_USED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FILE-6312 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking LVM volumes"
+    Register --test-no FILE-6312 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking LVM volumes"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for LVM volumes"
        case ${OS} in
@ -136,7 +136,7 @@
 #
    # Test        : FILE-6316
    # Description : Checking /etc/fstab file permissions
-    #Register --test-no FILE-6316 --os Linux --weight L --network NO --description "Checking /etc/fstab"
+    #Register --test-no FILE-6316 --os Linux --weight L --network NO --category security --description "Checking /etc/fstab"
    #if [ ${SKIPTEST} -eq 0 ]; then
    # 644
 #
@ -144,7 +144,7 @@
 #
    # Test        : FILE-6323
    # Description : Checking Linux EXT2, EXT3, EXT4 file systems
-    Register --test-no FILE-6323 --os Linux --weight L --network NO --description "Checking EXT file systems"
+    Register --test-no FILE-6323 --os Linux --weight L --network NO --category security --description "Checking EXT file systems"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for Linux EXT file systems"
        FIND=`mount -t ext2,ext3,ext4 | awk '{ print $3","$5 }'`
@ -167,7 +167,7 @@
    # Test        : FILE-6329
    # Description : Query all FFS/UFS mounts from /etc/fstab
    if [ -f /etc/fstab ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FILE-6329 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking FFS/UFS file systems"
+    Register --test-no FILE-6329 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking FFS/UFS file systems"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Query /etc/fstab for available FFS/UFS mount points"
        FIND=`awk '{ if ($3 == "ufs" || $3 == "ffs" ) { print $1":"$2":"$3":"$4":" }}' /etc/fstab`
@ -188,7 +188,7 @@
 #
    # Test        : FILE-6330
    # Description : Query all ZFS mounts from /etc/fstab
-    Register --test-no FILE-6330 --os FreeBSD --weight L --network NO --description "Checking ZFS file systems"
+    Register --test-no FILE-6330 --os FreeBSD --weight L --network NO --category security --description "Checking ZFS file systems"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Query /etc/fstab for available ZFS mount points"
        FIND=`mount -p | awk '{ if ($3 == "zfs") { print $1":"$2":"$3":"$4":" }}'`
@ -210,7 +210,7 @@
    # Test        : FILE-6332
    # Description : Check swap partitions
    if [ -f /etc/fstab ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FILE-6332 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking swap partitions"
+    Register --test-no FILE-6332 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking swap partitions"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        LogText "Test: query swap partitions from /etc/fstab file"
@ -271,7 +271,7 @@
    # Examples    : [partition] swap swap defaults 0 0
    #               [partition] none swap sw 0 0
    if [ -f /etc/fstab ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FILE-6336 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking swap mount options"
+    Register --test-no FILE-6336 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking swap mount options"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Swap partitions should be mounted with 'sw' or 'swap'
        LogText "Test: check swap partitions with incorrect mount options"
@ -304,7 +304,7 @@
            PREQS_MET="NO";
        fi
    fi
-    Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking proc mount options"
+    Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking proc mount options"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least
        LogText "Test: check proc mount with incorrect mount options"
@ -327,7 +327,7 @@
    # Test        : FILE-6354
    # Description : Search files within /tmp which are older than 3 months
    if [ -d /tmp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FILE-6354 --preqs-met ${PREQS_MET} --weight L --network NO --description "Searching for old files in /tmp"
+    Register --test-no FILE-6354 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Searching for old files in /tmp"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for old files in /tmp"
        # Search for files only in /tmp, with an access time older than X days
@ -357,7 +357,7 @@
    # Test        : FILE-6362
    # Description : Check for sticky bit on /tmp
    if [ -d /tmp -a ! -L /tmp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FILE-6362 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking /tmp sticky bit"
+    Register --test-no FILE-6362 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking /tmp sticky bit"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Depending on OS, number of field with 'tmp' differs
        FIND=`ls -l / | tr -s ' ' | awk -F" " '{ if ( $8 == "tmp" || $9 == "tmp" ) { print $1 } }' | cut -c 10`
@ -388,7 +388,7 @@
 #
    # Test        : FILE-6368
    # Description : Checking Linux root file system ACL support
-    Register --test-no FILE-6368 --os Linux --weight L --network NO --root-only YES --description "Checking ACL support on root file system"
+    Register --test-no FILE-6368 --os Linux --weight L --network NO --root-only YES --category security --description "Checking ACL support on root file system"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        LogText "Test: Checking acl option on ext[2-4] root file system"
@ -449,7 +449,7 @@
    # Test        : FILE-6372
    # Description : Check / mount options for Linux
    # Notes       :
-    Register --test-no FILE-6372 --os Linux --weight L --network NO --description "Checking / mount options"
+    Register --test-no FILE-6372 --os Linux --weight L --network NO --category security --description "Checking / mount options"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /etc/fstab ]; then
            FIND=`cat /etc/fstab | grep -v "^#" | awk '{ if ($2=="/") { print $4 } }'`
@ -493,7 +493,7 @@
    #            ---------------------------------------------------------
    FILESYSTEMS_TO_CHECK="/boot:nodev,noexec,nosuid /dev/shm:nosuid,nodev,noexec /home:nodev,nosuid /tmp:nodev,noexec,nosuid /var:nosuid /var/log:nodev,noexec,nosuid /var/log/audit:nodev,noexec,nosuid /var/tmp:nodev,noexec,nosuid"
-    Register --test-no FILE-6374 --os Linux --weight L --network NO --description "Checking /boot mount options"
+    Register --test-no FILE-6374 --os Linux --weight L --network NO --category security --description "Checking /boot mount options"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /etc/fstab ]; then
            for I in ${FILESYSTEMS_TO_CHECK}; do
@ -547,7 +547,7 @@
 #
    # Test        : FILE-6376
    # Description : Bind mount the /var/tmp directory to /tmp
-    Register --test-no FILE-6376 --os Linux --weight L --network NO --description "Determine if /var/tmp is bound to /tmp"
+    Register --test-no FILE-6376 --os Linux --weight L --network NO --category security --description "Determine if /var/tmp is bound to /tmp"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /etc/fstab ]; then
            FIND=`awk '{ if ($2=="/var/tmp") { print $4 } }' /etc/fstab`
@ -617,7 +617,7 @@
    #                       or /var/cache/locate/locatedb
    #               FreeBSD /var/db/locate.database
    if [ ! "${LOCATEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FILE-6410 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Checking Locate database"
+    Register --test-no FILE-6410 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Checking Locate database"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking locate database"
        FOUND=0
@ -681,7 +681,7 @@
    # Description : Disable mounting of some filesystems
    # Rationale   : Unless there is a specific reason to use a particular file system, disable it.
    # Data        : cramfs freevxfs hfs hfsplus jffs2 squashfs udf 
-    Register --test-no FILE-6430 --weight L --network NO --description "Disable mounting of some filesystems"
+    Register --test-no FILE-6430 --weight L --network NO --category security --description "Disable mounting of some filesystems"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${LSMODBINARY}" = "" -a -f /proc/modules ]; then
            Display --indent 2 --text "- Disable kernel support of some filesystems"
--- a/include/tests_firewalls
+++ b/include/tests_firewalls
@ -38,7 +38,7 @@
 #
    # Test        : FIRE-4502
    # Description : Check iptables kernel module
-    Register --test-no FIRE-4502 --os Linux --weight L --network NO --description "Check iptables kernel module"
+    Register --test-no FIRE-4502 --os Linux --weight L --network NO --category security --description "Check iptables kernel module"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${LSMODBINARY} | awk '{ print $1 }' | grep "^ip*_tables"`
        if [ ! "${FIND}" = "" ]; then
@ -100,7 +100,7 @@
    # Description : Check iptables chain policies
    # Notes       : Suggestions are currently disabled, until related page and documentation is available
    if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4508 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --description "Check used policies of iptables chains"
+    Register --test-no FIRE-4508 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check used policies of iptables chains"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 4 --text "- Checking iptables policies of chains" --result "${STATUS_FOUND}" --color GREEN
        TABLES="filter"
@ -146,7 +146,7 @@
    # Test        : FIRE-4512
    # Description : Check iptables for empty ruleset (should have at least 10 or more rules)
    if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --description "Check iptables for empty ruleset"
+    Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for empty ruleset"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${IPTABLESBINARY} --list --numeric 2> /dev/null | egrep -v "^(Chain|target|$)" | wc -l | tr -d ' '`
        if [ ! "${FIND}" = "" ]; then
@ -169,7 +169,7 @@
    # Test        : FIRE-4513
    # Description : Check iptables for unused rules
    if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4513 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --description "Check iptables for unused rules"
+    Register --test-no FIRE-4513 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for unused rules"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${IPTABLESBINARY} --list --numeric --line-numbers --verbose | awk '{ if ($2=="0") print $1 }' | xargs`
        if [ "${FIND}" = "" ]; then
@ -191,7 +191,7 @@
 #
    # Test        : FIRE-4518
    # Description : Checking status of pf firewall components
-    Register --test-no FIRE-4518 --weight L --network NO --description "Check pf firewall components"
+    Register --test-no FIRE-4518 --weight L --network NO --category security --description "Check pf firewall components"
    if [ ${SKIPTEST} -eq 0 ]; then
        PFFOUND=0; PFLOGDFOUND=0
@ -258,7 +258,7 @@
    # Test        : FIRE-4520
    # Description : Check pf configuration consistency
    if [ ${PFFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4520 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check pf configuration consistency"
+    Register --test-no FIRE-4520 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check pf configuration consistency"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check /etc/pf.conf"
        # Test for warnings (-n don't load the rules)
@ -289,7 +289,7 @@
 #
    # Test        : FIRE-4524
    # Description : Check for CSF (ConfigServer Security & Firewall)
-    Register --test-no FIRE-4524 --weight L --network NO --description "Check for CSF presence"
+    Register --test-no FIRE-4524 --weight L --network NO --category security --description "Check for CSF presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        FILE="/etc/csf/csf.conf"
        LogText "Test: check ${FILE}"
@ -309,7 +309,7 @@
    # Test        : FIRE-4526
    # Description : Check ipf (Solaris)
    if [ ! "${IPFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4526 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check ipf status"
+    Register --test-no FIRE-4526 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check ipf status"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${IPFBINARY} -n -V | grep "^Running" | awk '{ print $2 }'`
        if [ "${FIND}" = "yes" ]; then
@ -328,7 +328,7 @@
 #
    # Test        : FIRE-4530
    # Description : Check IPFW (FreeBSD)
-    Register --test-no FIRE-4530 --os FreeBSD --weight L --network NO --description "Check IPFW status"
+    Register --test-no FIRE-4530 --os FreeBSD --weight L --network NO --category security --description "Check IPFW status"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${SYSCTLBINARY}" = "" ]; then
            # For now, only check for IPv4.
@ -362,7 +362,7 @@
    # Test        : FIRE-4532
    # Description : Check Application Firewall in Mac OS X
    if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --description "Check Mac OS X application firewall"
+    Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check Mac OS X application firewall"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | grep "Firewall is enabled"`
        if [ ! "${FIND}" = "" ]; then
@ -383,7 +383,7 @@
    # Test        : FIRE-4536
    # Description : Check nftables kernel module
    if [ ! "${NFTBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4536 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nftables status"
+    Register --test-no FIRE-4536 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nftables status"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${LSMODBINARY} | awk '{ print $1 }' | grep "^nf*_tables"`
        if [ ! "${FIND}" = "" ]; then
@ -398,7 +398,7 @@
    # Test        : FIRE-4538
    # Description : Check nftables configuration
    if [ ! "${NFTBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4538 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nftables basic configuration"
+    Register --test-no FIRE-4538 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nftables basic configuration"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Retrieve nft version
        NFT_VERSION=`${NFTBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="nftables") { print $2 }}' | tr -d 'v'`
@ -419,7 +419,7 @@
 #
    # Test        : FIRE-4590
    # Description : Check if at least one firewall if active
-    Register --test-no FIRE-4590 --weight L --network NO --description "Check firewall status"
+    Register --test-no FIRE-4590 --weight L --network NO --category security --description "Check firewall status"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ${FIREWALL_ACTIVE} -eq 1 ]; then
            Display --indent 2 --text "- Checking host based firewall" --result "ACTIVE" --color GREEN
--- a/include/tests_hardening
+++ b/include/tests_hardening
@ -28,7 +28,7 @@
    # Test        : HRDN-7220
    # Description : Check for installed compilers
    # Notes       : No suggestion for hardening compilers, as HRDN-7222 will take care of that
-    Register --test-no HRDN-7220 --weight L --network NO --description "Check if one or more compilers are installed"
+    Register --test-no HRDN-7220 --weight L --network NO --category security --description "Check if one or more compilers are installed"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check if one or more compilers can be found on the system"
        if [ ${COMPILER_INSTALLED} -eq 0 ]; then
@ -46,7 +46,7 @@
 #
    # Test        : HRDN-7222
    # Description : Check for permissions of installed compilers
-    Register --test-no HRDN-7222 --weight L --network NO --description "Check compiler permissions"
+    Register --test-no HRDN-7222 --weight L --network NO --category security --description "Check compiler permissions"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check if one or more compilers can be found on the system"
        HARDEN_COMPILERS_NEEDED=0
@ -96,7 +96,7 @@
 #
    # Test        : HRDN-7230
    # Description : Check for installed malware scanners
-    Register --test-no HRDN-7230 --weight L --network NO --description "Check for malware scanner"
+    Register --test-no HRDN-7230 --weight L --network NO --category security --description "Check for malware scanner"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check if a malware scanner is installed"
        if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then
--- a/include/tests_homedirs
+++ b/include/tests_homedirs
@ -34,7 +34,7 @@
 #
    # Test        : HOME-9302
    # Description : Create list with home directories
-    Register --test-no HOME-9302 --weight L --network NO --description "Create list with home directories"
+    Register --test-no HOME-9302 --weight L --network NO --category security --description "Create list with home directories"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Read sixth field of /etc/passwd
        LogText "Test: query /etc/passwd to obtain home directories"
@ -53,7 +53,7 @@
 #
    # Test        : HOME-9310
    # Description : Check for suspicious shell history files
-    Register --test-no HOME-9310 --weight L --network NO --description "Checking for suspicious shell history files"
+    Register --test-no HOME-9310 --weight L --network NO --category security --description "Checking for suspicious shell history files"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${HOMEDIRS}" = "" ]; then
            if [ "${OS}" = "Solaris" ]; then
@ -84,7 +84,7 @@
    # Test        : HOME-9314
    # Description : Check if non local paths are found in PATH, which can be a risk, but also bad for performance
    #               (like searching on a filer, instead of local disk)
-    #Register --test-no HOME-9314 --weight L --network NO --description "Create list with home directories"
+    #Register --test-no HOME-9314 --weight L --network NO --category security --description "Create list with home directories"
 #
 #################################################################################
 #
@ -94,7 +94,7 @@
    #               as much as possible for every find command
    # Profile opt : ignore_home_dir (multiple lines allowed), ignores home directory
    if [ ! "${REPORTFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HOME-9350 --preqs-met ${PREQS_MET} --weight L --network NO --description "Collecting information from home directories"
+    Register --test-no HOME-9350 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Collecting information from home directories"
    if [ ${SKIPTEST} -eq 0 ]; then
        IGNORE_HOME_DIRS=`grep "^config:ignore_home_dir:" ${PROFILE} | awk -F: '{ print $3 }'`
        if [ "${IGNORE_HOME_DIRS}" = "" ]; then
--- a/include/tests_insecure_services
+++ b/include/tests_insecure_services
@ -33,7 +33,7 @@
 #
    # Test        : INSE-8002
    # Description : Check for inetd status
-    Register --test-no INSE-8002 --weight L --network NO --description "Check for enabled inet daemon"
+    Register --test-no INSE-8002 --weight L --network NO --category security --description "Check for enabled inet daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check running processes
        LogText "Test: Searching for active inet daemon"
@ -53,7 +53,7 @@
    # Test        : INSE-8004
    # Description : Check for inetd configuration file
    if [ ${INETD_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no INSE-8004 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for enabled inet daemon"
+    Register --test-no INSE-8004 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for enabled inet daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check configuration file
        LogText "Test: Searching for file ${INETD_CONFIG_FILE}"
@ -71,7 +71,7 @@
    # Test        : INSE-8006
    # Description : Check for inetd configuration file contents if inetd is NOT active
    if [ ${INETD_ACTIVE} -eq 0 -a -f ${INETD_CONFIG_FILE} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no INSE-8006 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check configuration of inetd when disabled"
+    Register --test-no INSE-8006 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check configuration of inetd when disabled"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check if any service is enabled in /etc/inetd.conf (inetd is not active, see test 8002)
        LogText "Test: check if all services are disabled if inetd is disabled"
@ -89,7 +89,7 @@
    # Test        : INSE-8016
    # Description : Check for telnet enabled via inetd
    if [ ${INETD_ACTIVE} -eq 1 -a -f ${INETD_CONFIG_FILE} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no INSE-8016 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for telnet via inetd"
+    Register --test-no INSE-8016 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for telnet via inetd"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking telnet presence in inetd configuration"
        FIND=`grep "^telnet" ${INETD_CONFIG_FILE}`
--- a/include/tests_kernel
+++ b/include/tests_kernel
@ -36,7 +36,7 @@
 #
    # Test        : KRNL-5622
    # Description : Check default run level on Linux machines
-    Register --test-no KRNL-5622 --os Linux --weight L --network NO --description "Determine Linux default run level"
+    Register --test-no KRNL-5622 --os Linux --weight L --network NO --category security --description "Determine Linux default run level"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Checking if we can find the systemd default target
        LogText "Test: Checking for systemd default.target"
@ -102,7 +102,7 @@
    # Test        : KRNL-5677
    # Description : Check CPU options and support (PAE, No eXecute, eXecute Disable)
    # More info   : pae and nx bit are both visible on AMD and Intel CPU's if supported
-    Register --test-no KRNL-5677 --os Linux --weight L --network NO --description "Check CPU options and support"
+    Register --test-no KRNL-5677 --os Linux --weight L --network NO --category security --description "Check CPU options and support"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 2 --text "- Checking CPU support (NX/PAE)"
        LogText "Test: Checking /proc/cpuinfo"
@ -162,7 +162,7 @@
 #
    # Test        : KRNL-5695
    # Description : Determining Linux kernel version and release number
-    Register --test-no KRNL-5695 --os Linux --weight L --network NO --description "Determine Linux kernel version and release number"
+    Register --test-no KRNL-5695 --os Linux --weight L --network NO --category security --description "Determine Linux kernel version and release number"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Kernel number (and suffix)
        LINUX_KERNEL_RELEASE=`uname -r`
@ -179,7 +179,7 @@
 #
    # Test        : KRNL-5723
    # Description : Check if Linux is build as a monolithic kernel or not
-    Register --test-no KRNL-5723 --os Linux --weight L --network NO --description "Determining if Linux kernel is monolithic"
+    Register --test-no KRNL-5723 --os Linux --weight L --network NO --category security --description "Determining if Linux kernel is monolithic"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${LSMODBINARY}" = "" -a -f /proc/modules ]; then
            LogText "Test: checking if kernel is monolithic or modular"
@ -204,7 +204,7 @@
 #
    # Test        : KRNL-5726
    # Description : Checking Linux loaded kernel modules
-    Register --test-no KRNL-5726 --os Linux --weight L --network NO --description "Checking Linux loaded kernel modules"
+    Register --test-no KRNL-5726 --os Linux --weight L --network NO --category security --description "Checking Linux loaded kernel modules"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${LSMODBINARY}" = "" -a -f /proc/modules ]; then
            FIND=`${LSMODBINARY} | awk '{ if ($1!="Module") print $1 }' | sort`
@ -231,7 +231,7 @@
 #
    # Test        : KRNL-5728
    # Description : Checking for available Linux kernel configuration file in /boot
-    Register --test-no KRNL-5728 --os Linux --weight L --network NO --description "Checking Linux kernel config"
+    Register --test-no KRNL-5728 --os Linux --weight L --network NO --category security --description "Checking Linux kernel config"
    if [ ${SKIPTEST} -eq 0 ]; then
        CHECKFILE="/boot/config-`uname -r`"
        if [ -f ${CHECKFILE} ]; then
@ -262,7 +262,7 @@
    if [ ! "${LINUXCONFIGFILE}" = "" ]; then
        if [ -f ${LINUXCONFIGFILE} ]; then PREQS_MET="YES"; fi
    fi
-    Register --test-no KRNL-5730 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking disk I/O kernel scheduler"
+    Register --test-no KRNL-5730 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking disk I/O kernel scheduler"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ${LINUXCONFIGFILE_ZIPPED} -eq 1 ]; then GREPTOOL="${ZGREPBINARY}"; else GREPTOOL="${GREPBINARY}"; fi
        if [ ! "${GREPTOOL}" = "" ]; then
@ -285,7 +285,7 @@
 #
    # Test        : KRNL-5745
    # Description : Checking FreeBSD loaded kernel modules
-    Register --test-no KRNL-5745 --os FreeBSD --weight L --network NO --description "Checking FreeBSD loaded kernel modules"
+    Register --test-no KRNL-5745 --os FreeBSD --weight L --network NO --category security --description "Checking FreeBSD loaded kernel modules"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 2 --text "- Checking active kernel modules"
        LogText "Test: Active kernel modules (KLDs)"
@ -316,7 +316,7 @@
 #
    # Test        : KRNL-5770
    # Description : Checking Solaris load modules
-    Register --test-no KRNL-5770 --os Solaris --weight L --network NO --description "Checking active kernel modules"
+    Register --test-no KRNL-5770 --os Solaris --weight L --network NO --category security --description "Checking active kernel modules"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: searching loaded kernel modules"
        FIND=`modinfo -c -w | grep -v "UNLOADED" | grep LOADED | awk '{ print $3 }' | sort`
@ -337,7 +337,7 @@
    # Test        : KRNL-5788
    # Description : Checking availability new kernel
    if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no KRNL-5788 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking availability new Linux kernel"
+    Register --test-no KRNL-5788 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking availability new Linux kernel"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching apt-cache, to determine if a newer kernel is available"
        if [ -x /usr/bin/apt-cache ]; then
@ -393,7 +393,7 @@
 #
    # Test        : KRNL-5820
    # Description : Checking core dumps configuration (Linux)
-    Register --test-no KRNL-5820 --os Linux --weight L --network NO --description "Checking core dumps configuration"
+    Register --test-no KRNL-5820 --os Linux --weight L --network NO --category security --description "Checking core dumps configuration"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking presence /etc/security/limits.conf"
        if [ -f /etc/security/limits.conf ]; then
@ -446,14 +446,14 @@
 #
    # Test        : KRNL-5826
    # Description : Checking core dumps configuration (Solaris)
-    #Register --test-no KRNL-5826 --os Linux --weight L --network NO --description "Checking core dumps configuration"
+    #Register --test-no KRNL-5826 --os Linux --weight L --network NO --category security --description "Checking core dumps configuration"
    #if [ ${SKIPTEST} -eq 0 ]; then
 #
 #################################################################################
 #
    # Test        : KRNL-5830
    # Description : Check if system needs a reboot (Linux only)
-    Register --test-no KRNL-5830 --os Linux --weight L --network NO --description "Checking if system is running on the latest installed kernel"
+    Register --test-no KRNL-5830 --os Linux --weight L --network NO --category security --description "Checking if system is running on the latest installed kernel"
    if [ ${SKIPTEST} -eq 0 ]; then
        REBOOT_NEEDED=2
        FILE="/var/run/reboot-required.pkgs"
--- a/include/tests_kernel_hardening
+++ b/include/tests_kernel_hardening
@ -30,7 +30,7 @@
    # Description : Check sysctl parameters
    # Sysctl      : net.ipv4.icmp_ingore_bogus_error_responses (=1)
    if [ ! "${SYSCTL_READKEY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no KRNL-6000 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check sysctl key pairs in scan profile"
+    Register --test-no KRNL-6000 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check sysctl key pairs in scan profile"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        N=0
--- a/include/tests_ldap
+++ b/include/tests_ldap
@ -34,7 +34,7 @@
 #
    # Test        : LDAP-2219
    # Description : Check running OpenLDAP instance
-    Register --test-no LDAP-2219 --weight L --network NO --description "Check running OpenLDAP instance"
+    Register --test-no LDAP-2219 --weight L --network NO --category security --description "Check running OpenLDAP instance"
    if [ ${SKIPTEST} -eq 0 ]; then
        #YYY add additional slash
        IsRunning slapd
@ -54,7 +54,7 @@
    # Test        : LDAP-2224
    # Description : Search slapd.conf
    if [ ${SLAPD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no LDAP-2224 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check presence slapd.conf"
+    Register --test-no LDAP-2224 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check presence slapd.conf"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching slapd.conf"
        for I in ${SLAPD_CONF_LOCS}; do
--- a/include/tests_logging
+++ b/include/tests_logging
@ -40,7 +40,7 @@
    # Test        : LOGG-2130
    # Description : Check for a running syslog daemon
-    Register --test-no LOGG-2130 --weight L --network NO --description "Check for running syslog daemon"
+    Register --test-no LOGG-2130 --weight L --network NO --category security --description "Check for running syslog daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for a logging daemon"
        FIND=`${PSBINARY} ax | egrep "syslogd|syslog-ng|metalog|systemd-journal" | grep -v "grep"`
@ -63,7 +63,7 @@
 #
    # Test        : LOGG-2132
    # Description : Check for a running syslog-ng daemon
-    Register --test-no LOGG-2132 --weight L --network NO --description "Check for running syslog-ng daemon"
+    Register --test-no LOGG-2132 --weight L --network NO --category security --description "Check for running syslog-ng daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for syslog-ng daemon in process list"
        IsRunning syslog-ng
@ -83,7 +83,7 @@
    # Test        : LOGG-2134
    # Description : Check for Syslog-NG configuration file consistency
    if [ ! "${SYSLOGNGBINARY}" = "" -a ${SYSLOG_NG_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no LOGG-2134 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking Syslog-NG configuration file consistency"
+    Register --test-no LOGG-2134 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking Syslog-NG configuration file consistency"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${SYSLOGNGBINARY} -s; echo $?`
        if [ "${FIND}" = "0" ]; then
@ -101,7 +101,7 @@
 #
    # Test        : LOGG-2136
    # Description : Check for a running systemd-journal daemon
-    Register --test-no LOGG-2136 --weight L --network NO --description "Check for running systemd journal daemon"
+    Register --test-no LOGG-2136 --weight L --network NO --category security --description "Check for running systemd journal daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for systemd journal daemon in process list"
        IsRunning systemd-journal
@ -117,7 +117,7 @@
 #
    # Test        : LOGG-2210
    # Description : Check for a running metalog daemon
-    Register --test-no LOGG-2210 --weight L --network NO --description "Check for running metalog daemon"
+    Register --test-no LOGG-2210 --weight L --network NO --category security --description "Check for running metalog daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for metalog daemon in process list"
        IsRunning metalog
@ -136,7 +136,7 @@
 #
    # Test        : LOGG-2230
    # Description : Check for a running rsyslog daemon
-    Register --test-no LOGG-2230 --weight L --network NO --description "Check for running RSyslog daemon"
+    Register --test-no LOGG-2230 --weight L --network NO --category security --description "Check for running RSyslog daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for RSyslog daemon in process list"
        IsRunning rsyslogd
@ -155,7 +155,7 @@
 #
    # Test        : LOGG-2240
    # Description : Check for a running RFC 3195 compliant daemon (syslog via TCP)
-    Register --test-no LOGG-2240 --weight L --network NO --description "Check for running RFC 3195 compliant daemon"
+    Register --test-no LOGG-2240 --weight L --network NO --category security --description "Check for running RFC 3195 compliant daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for RFC 3195 daemon (alias syslog reliable) in process list"
        IsRunning rfc3195d
@ -178,7 +178,7 @@
    #               * In combination with syslog-ng, klogd is still an addition to it, since it
    #                 captures kernel related events and send them to syslog-ng.
    #               * This test should be below all other logging daemons
-    Register --test-no LOGG-2138 --os Linux --weight L --network NO --description "Checking kernel logger daemon on Linux"
+    Register --test-no LOGG-2138 --os Linux --weight L --network NO --category security --description "Checking kernel logger daemon on Linux"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching kernel logger daemon (klogd)"
        if [ ${RSYSLOG_RUNNING} -eq 0 -a ${SYSTEMD_JOURNAL_RUNNING} -eq 0 ]; then
@ -202,7 +202,7 @@
 #
    # Test        : LOGG-2142
    # Description : Check for minilogd presence on Linux systems
-    Register --test-no LOGG-2142 --os Linux --weight L --network NO --description "Checking minilog daemon"
+    Register --test-no LOGG-2142 --os Linux --weight L --network NO --category security --description "Checking minilog daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Result: Checking for unkilled minilogd instances"
        # Search for minilogd. It shouldn't be running normally, if another syslog daemon is started
@ -222,7 +222,7 @@
 #
    # Test        : LOGG-2146
    # Description : Check for logrotate (/etc/logrotate.conf and logrotate.d)
-    Register --test-no LOGG-2146 --weight L --os Linux --network NO --description "Checking logrotate.conf and logrotate.d"
+    Register --test-no LOGG-2146 --weight L --os Linux --network NO --category security --description "Checking logrotate.conf and logrotate.d"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for /etc/logrotate.conf"
        if [ -f /etc/logrotate.conf ]; then
@ -255,7 +255,7 @@
    # Test        : LOGG-2148
    # Description : Checking log files rotated with logrotate
    if [ ! "${LOGROTATEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no LOGG-2148 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking logrotated files"
+    Register --test-no LOGG-2148 --weight L --preqs-met ${PREQS_MET} --network NO --category security --description "Checking logrotated files"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking which files are rotated with logrotate and if they exist"
        FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort -u | awk '{ if ($2!="log") { print "File:"$2":does_not_exist" } else { print "File:"$3":exists" } }'`
@ -274,7 +274,7 @@
    # Test        : LOGG-2150
    # Description : Checking log directories rotated with logrotate
    if [ ! "${LOGROTATEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no LOGG-2150 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking directories in logrotate configuration"
+    Register --test-no LOGG-2150 --weight L --preqs-met ${PREQS_MET} --network NO --category security --description "Checking directories in logrotate configuration"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking which directories can be found in logrotate configuration"
        FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort -u | awk '{ if ($2=="log") { print $3 } }' | sed 's@/[^/]*$@@g' | sort -u`
@ -298,7 +298,7 @@
    # Test        : LOGG-2152
    # Description : Check for Solaris 'loghost' entry in /etc/inet/hosts, or
    #               succesful resolving via DNS or any other name service.
-    Register --test-no LOGG-2152 --weight L --os Solaris --network NO --description "Checking loghost"
+    Register --test-no LOGG-2152 --weight L --os Solaris --network NO --category security --description "Checking loghost"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Try local hosts file
        LogText "Result: Checking for loghost in /etc/inet/hosts"
@ -338,7 +338,7 @@
    # Description : Check to see if remote logging is enabled
    # Notes       : prevent lines showing up with commands in it (like |mail)
    if [ ${SYSLOG_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no LOGG-2154 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking syslog configuration file"
+    Register --test-no LOGG-2154 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking syslog configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ${SYSLOG_NG_RUNNING} -eq 1 ]; then
            SYSLOGD_CONF="/etc/syslog-ng/syslog-ng.conf"
@ -381,7 +381,7 @@
    # Test        : LOGG-2160
    # Description : Check for /etc/newsyslog.conf (FreeBSD/OpenBSD)
    if [ -f /etc/newsyslog.conf ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no LOGG-2160 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking /etc/newsyslog.conf"
+    Register --test-no LOGG-2160 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking /etc/newsyslog.conf"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Result: /etc/newsyslog.conf found"
        Display --indent 2 --text "- Checking /etc/newsyslog.conf" --result "${STATUS_FOUND}" --color GREEN
@ -394,7 +394,7 @@
    # Test        : LOGG-2162
    # Description : Check for directories in /etc/newsyslog.conf
    if [ -f /etc/newsyslog.conf ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no LOGG-2162 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking directories in /etc/newsyslog.conf"
+    Register --test-no LOGG-2162 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking directories in /etc/newsyslog.conf"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: parsing directories from /etc/newsyslog.conf file"
        FIND=`awk '/^\// { print $1 }' /etc/newsyslog.conf | sed 's/\/*[a-zA-Z_.-]*$//g' | sort -u`
@ -414,7 +414,7 @@
    # Test        : LOGG-2164
    # Description : Check for files in /etc/newsyslog.conf
    if [ -f /etc/newsyslog.conf ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no LOGG-2164 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking files specified /etc/newsyslog.conf"
+    Register --test-no LOGG-2164 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking files specified /etc/newsyslog.conf"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: parsing files from /etc/newsyslog.conf file"
        FIND=`awk '/^\// { print $1 }' /etc/newsyslog.conf | sort -u`
@ -432,7 +432,7 @@
 #
    # Test        : LOGG-2170
    # Description : Search available log paths
-    Register --test-no LOGG-2170 --weight L --network NO --description "Checking log paths"
+    Register --test-no LOGG-2170 --weight L --network NO --category security --description "Checking log paths"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching log paths"
        for I in ${LOG_FILES_LOCS}; do
@ -450,7 +450,7 @@
 #
    # Test        : LOGG-2180
    # Description : Search open log file
-    Register --test-no LOGG-2180 --weight L --network NO --description "Checking open log files"
+    Register --test-no LOGG-2180 --weight L --network NO --category security --description "Checking open log files"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking open log files with lsof"
        if [ ! "${LSOFBINARY}" = "" ]; then
@ -472,7 +472,7 @@
    # Test        : LOGG-2190
    # Description : Checking deleted files
    if [ ! "${LSOFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking for deleted files in use"
+    Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for deleted files in use"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking deleted files that are still in use"
--- a/include/tests_mac_frameworks
+++ b/include/tests_mac_frameworks
@ -29,7 +29,7 @@
 #
    # Test        : MACF-6204
    # Description : Check if AppArmor is installed
-    Register --test-no MACF-6204 --weight L --network NO --description "Check AppArmor presence"
+    Register --test-no MACF-6204 --weight L --network NO --category security --description "Check AppArmor presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ "${AASTATUSBINARY}" = "" ]; then
            APPARMORFOUND=0
@ -47,7 +47,7 @@
    # Test        : MACF-6208
    # Description : Check AppArmor active status
    if [ ${APPARMORFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no MACF-6208 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check if AppArmor is enabled"
+    Register --test-no MACF-6208 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check if AppArmor is enabled"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${AASTATUSBINARY}" = "" ]; then
            # Checking AppArmor status
@ -85,7 +85,7 @@
 #
    # Test        : MACF-6232
    # Description : Check SELINUX for installation
-    Register --test-no MACF-6232 --weight L --network NO --description "Check SELINUX presence"
+    Register --test-no MACF-6232 --weight L --network NO --category security --description "Check SELINUX presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking if we have sestatus binary"
        if [ ! "${SESTATUSBINARY}" = "" ]; then
@ -102,7 +102,7 @@
    # Test        : MACF-6234
    # Description : Check SELINUX status
    if [ ! "${SESTATUSBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no MACF-6234 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SELINUX status"
+    Register --test-no MACF-6234 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check SELINUX status"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Status: Enabled/Disabled
        FIND=`${SESTATUSBINARY} | grep "^SELinux status" | awk '{ print $3 }'`
@ -137,7 +137,7 @@
    # Test        : RBAC-6272
    # Description : Check if grsecurity is installed
    # Notes       : We already checked grsecurity in osdetection
-    Register --test-no RBAC-6272 --weight L --network NO --description "Check grsecurity presence"
+    Register --test-no RBAC-6272 --weight L --network NO --category security --description "Check grsecurity presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check Linux kernel configuration
        if [ ! "${LINUXCONFIGFILE}" = "" -a -f "${LINUXCONFIGFILE}" ]; then
@ -161,7 +161,7 @@
 #
    # Test        : MACF-6290
    # Description : Check if at least one MAC framework is implemented
-    Register --test-no MACF-6290 --weight L --network NO --description "Check for implemented MAC framework"
+    Register --test-no MACF-6290 --weight L --network NO --category security --description "Check for implemented MAC framework"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ${MAC_FRAMEWORK_ACTIVE} -eq 1 ]; then
            Display --indent 2 --text "- Checking for implemented MAC framework" --result "${STATUS_OK}" --color GREEN
--- a/include/tests_mail_messaging
+++ b/include/tests_mail_messaging
@ -38,7 +38,7 @@
 #
    # Test        : MAIL-8802
    # Description : Check Exim process status
-    Register --test-no MAIL-8802 --weight L --network NO --description "Check Exim status"
+    Register --test-no MAIL-8802 --weight L --network NO --category security --description "Check Exim status"
    if [ ${SKIPTEST} -eq 0  ]; then
        LogText "Test: check Exim status"
        IsRunning exim
@ -58,7 +58,7 @@
    # Test        : MAIL-8814
    # Description : Check Postfix process
    # Notes       : qmgr and pickup run under postfix uid, without full path to binary
-    Register --test-no MAIL-8814 --weight L --network NO --description "Check postfix process status"
+    Register --test-no MAIL-8814 --weight L --network NO --category security --description "Check postfix process status"
    if [ ${SKIPTEST} -eq 0  ]; then
        LogText "Test: check Postfix status"
        # Some other processes also use master, therefore it should include both master and postfix
@ -81,7 +81,7 @@
    # Test        : MAIL-8816
    # Description : Check Postfix configuration
    if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no MAIL-8816 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Postfix configuration"
+    Register --test-no MAIL-8816 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Postfix configuration"
    if [ ${SKIPTEST} -eq 0  ]; then
        Display --indent 2 --text "- Checking Postfix configuration" --result "${STATUS_FOUND}" --color GREEN
        POSTFIX_CONFIGDIR=`${POSTCONFBINARY} 2> /dev/null | grep '^config_directory' | awk '{ print $3 }'`
@ -95,7 +95,7 @@
    # Test        : MAIL-8818
    # Description : Check Postfix configuration
    if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no MAIL-8818 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Postfix configuration: banner"
+    Register --test-no MAIL-8818 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Postfix configuration: banner"
    if [ ${SKIPTEST} -eq 0  ]; then
        LogText "Test: Checking Postfix banner"
        FIND1=`${POSTCONFBINARY} 2> /dev/null | grep '^smtpd_banner' | grep 'postfix'`
@ -125,7 +125,7 @@
 #
    # Test        : MAIL-8838
    # Description : Check Dovecot process
-    Register --test-no MAIL-8838 --weight L --network NO --description "Check dovecot process"
+    Register --test-no MAIL-8838 --weight L --network NO --category security --description "Check dovecot process"
    if [ ${SKIPTEST} -eq 0  ]; then
        LogText "Test: check dovecot status"
        IsRunning dovecot
@ -145,7 +145,7 @@
 #
    # Test        : MAIL-8860
    # Description : Check Qmail process status
-    Register --test-no MAIL-8860 --weight L --network NO --description "Check Qmail status"
+    Register --test-no MAIL-8860 --weight L --network NO --category security --description "Check Qmail status"
    if [ ${SKIPTEST} -eq 0  ]; then
        LogText "Test: check Qmail status"
        IsRunning qmail-smtpd
@ -164,7 +164,7 @@
 #
    # Test        : MAIL-8880
    # Description : Check Sendmail process status
-    Register --test-no MAIL-8880 --weight L --network NO --description "Check Sendmail status"
+    Register --test-no MAIL-8880 --weight L --network NO --category security --description "Check Sendmail status"
    if [ ${SKIPTEST} -eq 0  ]; then
        LogText "Test: check sendmail status"
        IsRunning sendmail
@ -184,7 +184,7 @@
    # Test        : MAIL-8920
    # Description : Check OpenSMTPD process status
    if [ ! "${SMTPCTLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no MAIL-8920 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check OpenSMTPD status"
+    Register --test-no MAIL-8920 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check OpenSMTPD status"
    if [ ${SKIPTEST} -eq 0  ]; then
        LogText "Test: check smtpd status"
        FIND=`${PSBINARY} ax | egrep "(/smtpd|smtpd: \[priv\]|smtpd: smtp)" | grep -v "grep"`
--- a/include/tests_malware
+++ b/include/tests_malware
@ -38,7 +38,7 @@
 #
    # Test        : MALW-3275
    # Description : Check for installed tool (chkrootkit)
-    Register --test-no MALW-3275 --weight L --network NO --description "Check for chkrootkit"
+    Register --test-no MALW-3275 --weight L --network NO --category security --description "Check for chkrootkit"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking presence chkrootkit"
        if [ ! "${CHKROOTKITBINARY}" = "" ]; then
@ -56,7 +56,7 @@
 #
    # Test        : MALW-3276
    # Description : Check for installed tool (Rootkit Hunter)
-    Register --test-no MALW-3276 --weight L --network NO --description "Check for Rootkit Hunter"
+    Register --test-no MALW-3276 --weight L --network NO --category security --description "Check for Rootkit Hunter"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking presence Rootkit Hunter"
        if [ ! "${RKHUNTERBINARY}" = "" ]; then
@ -74,7 +74,7 @@
 #
    # Test        : MALW-3278
    # Description : Check for installed tool (Linux Malware Detect or LMD)
-    Register --test-no MALW-3278 --weight L --network NO --description "Check for LMD"
+    Register --test-no MALW-3278 --weight L --network NO --category security --description "Check for LMD"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking presence LMD"
        if [ ! "${LMDBINARY}" = "" ]; then
@ -92,7 +92,7 @@
 #
    # Test        : MALW-3280
    # Description : Check if an anti-virus tool is installed
-    Register --test-no MALW-3280 --weight L --network NO --description "Check if anti-virus tool is installed"
+    Register --test-no MALW-3280 --weight L --network NO --category security --description "Check if anti-virus tool is installed"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
@ -158,7 +158,7 @@
 #
    # Test        : MALW-3282
    # Description : Check if clamscan is installed
-    Register --test-no MALW-3282 --weight L --network NO --description "Check for clamscan"
+    Register --test-no MALW-3282 --weight L --network NO --category security --description "Check for clamscan"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking presence clamscan"
        if [ ! "${CLAMSCANBINARY}" = "" ]; then
@ -176,7 +176,7 @@
 #
    # Test        : MALW-3284
    # Description : Check running clamd process
-    Register --test-no MALW-3284 --weight L --network NO --description "Check for clamd"
+    Register --test-no MALW-3284 --weight L --network NO --category security --description "Check for clamd"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking running ClamAV daemon (clamd)"
        IsRunning clamd
@ -195,7 +195,7 @@
    # Test        : MALW-3286
    # Description : Check running freshclam if clamd process is running
    if [ ${CLAMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no MALW-3286 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for freshclam"
+    Register --test-no MALW-3286 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for freshclam"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking running freshclam daemon"
        IsRunning freshclam
@ -216,7 +216,7 @@
    # Test        : MALW-3288
    # Description : Check for ClamXav (Mac OS X)
    if [ -d /Applications/ClamXav.app/Contents/Resources/ScanningEngine/bin/ ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no MALW-3288 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for ClamXav"
+    Register --test-no MALW-3288 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for ClamXav"
    if [ ${SKIPTEST} -eq 0 ]; then
        CLAMSCANBINARY=`ls /Applications/ClamXav.app/Contents/Resources/ScanningEngine/bin/ 2> /dev/null | grep 'clamscan'`
        if [ ! "${CLAMSCANBINARY}" = "" ]; then
--- a/include/tests_memory_processes
+++ b/include/tests_memory_processes
@ -28,7 +28,7 @@
 #
    # Test        : PROC-3602
    # Description : Query /proc/meminfo
-    Register --test-no PROC-3602 --os Linux --weight L --network NO --description "Checking /proc/meminfo for memory details"
+    Register --test-no PROC-3602 --os Linux --weight L --network NO --category security --description "Checking /proc/meminfo for memory details"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f /proc/meminfo ]; then
            LogText "Result: found /proc/meminfo"
@ -48,7 +48,7 @@
 #
    # Test        : PROC-3604
    # Description : Query /proc/meminfo
-    Register --test-no PROC-3604 --os Solaris --weight L --network NO --description "Query prtconf for memory details"
+    Register --test-no PROC-3604 --os Solaris --weight L --network NO --category security --description "Query prtconf for memory details"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching /usr/sbin/prtconf"
        if [ -x /usr/sbin/prtconf ]; then
@ -70,7 +70,7 @@
    # Description : Searching for dead and zombie processes
    # Notes       : Don't perform test on Solaris
    if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PROC-3612 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check dead or zombie processes"
+    Register --test-no PROC-3612 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check dead or zombie processes"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ "${OS}" = "AIX" ]; then
            FIND=`${PSBINARY} -Ae -o pid,stat,comm | awk '{ if ($2 ~ /Z|X/) print $1 }' | xargs`
@ -94,7 +94,7 @@
    # Description : Searching for heavy IO based waiting processes
    # Notes       : Don't perform test on Solaris
    if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PROC-3614 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check heavy IO waiting based processes"
+    Register --test-no PROC-3614 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check heavy IO waiting based processes"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ "${OS}" = "AIX" ]; then
            FIND=`${PSBINARY} -Ae -o pid,stat,comm | awk '{ if ($2=="D") print $1 }' | xargs`
--- a/include/tests_nameservices
+++ b/include/tests_nameservices
@ -41,7 +41,7 @@
 #
    # Test        : NAME-4016
    # Description : Check main domain (domain <domain name> in /etc/resolv.conf)
-    Register --test-no NAME-4016 --weight L --network NO --description "Check /etc/resolv.conf default domain"
+    Register --test-no NAME-4016 --weight L --network NO --category security --description "Check /etc/resolv.conf default domain"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check /etc/resolv.conf for default domain"
        if [ -f /etc/resolv.conf ]; then
@ -65,7 +65,7 @@
    # Test        : NAME-4018
    # Description : Check search domains in /etc/resolv.conf
    # Notes       : Maximum of one search keyword is allowed in /etc/resolv.conf
-    Register --test-no NAME-4018 --weight L --network NO --description "Check /etc/resolv.conf search domains"
+    Register --test-no NAME-4018 --weight L --network NO --category security --description "Check /etc/resolv.conf search domains"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: check /etc/resolv.conf for search domains"
@ -110,7 +110,7 @@
 #
    # Test        : NAME-4020
    # Description : Check non default resolv.conf options
-    Register --test-no NAME-4020 --weight L --network NO --description "Check non default options"
+    Register --test-no NAME-4020 --weight L --network NO --category security --description "Check non default options"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check /etc/resolv.conf for non default options"
        if [ -f /etc/resolv.conf ]; then
@ -138,7 +138,7 @@
 #
    # Test        : NAME-4024
    # Description : Check Solaris uname -n output
-    Register --test-no NAME-4024 --os Solaris --weight L --network NO --description "Solaris uname -n output"
+    Register --test-no NAME-4024 --os Solaris --weight L --network NO --category security --description "Solaris uname -n output"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`uname -n`
        LogText "Result: 'uname -n' returned ${FIND}"
@ -150,7 +150,7 @@
    # Test        : NAME-4026
    # Description : Check Solaris /etc/nodename
    # Notes       : If a system is standalone, /etc/nodename should contain a system name only, not FQDN
-    Register --test-no NAME-4026 --os Solaris --weight L --network NO --description "Check /etc/nodename"
+    Register --test-no NAME-4026 --os Solaris --weight L --network NO --category security --description "Check /etc/nodename"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking /etc/nodename"
        if [ -f /etc/nodename ]; then
@ -169,7 +169,7 @@
    # Test        : NAME-4028
    # Description : Check DNS domain name
    # To Do       : grep ^DOMAINNAME /etc/conf.d/domainname (remove "'s)
-    Register --test-no NAME-4028 --weight L --network NO --description "Check domain name"
+    Register --test-no NAME-4028 --weight L --network NO --category security --description "Check domain name"
    if [ ${SKIPTEST} -eq 0 ]; then
        DOMAINNAME=""
        # NIS
@ -228,7 +228,7 @@
 #
    # Test        : NAME-4032
    # Description : Check name service caching daemon (NSCD) status
-    Register --test-no NAME-4032 --weight L --network NO --description "Check nscd status"
+    Register --test-no NAME-4032 --weight L --network NO --category security --description "Check nscd status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking nscd status"
        IsRunning nscd
@ -246,7 +246,7 @@
 #
    # Test        : NAME-4034
    # Description : Check name service caching daemon (Unbound) status
-    Register --test-no NAME-4034 --weight L --network NO --description "Check Unbound status"
+    Register --test-no NAME-4034 --weight L --network NO --category security --description "Check Unbound status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking Unbound (unbound) status"
        IsRunning unbound
@ -266,7 +266,7 @@
    # Test        : NAME-4036
    # Description : Checking Unbound configuration file
    if [ ${UNBOUND_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4036 --preqs-met ${PREQS_MET}  --weight L --network NO --description "Check Unbound configuration file"
+    Register --test-no NAME-4036 --preqs-met ${PREQS_MET}  --weight L --network NO --category security --description "Check Unbound configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`which unbound-checkconf`
        if [ ! "${FIND}" = "" ]; then
@ -291,7 +291,7 @@
 #
    # Test        : NAME-4202
    # Description : Check if BIND is running
-    Register --test-no NAME-4202 --weight L --network NO --description "Check BIND status"
+    Register --test-no NAME-4202 --weight L --network NO --category security --description "Check BIND status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for running BIND instance"
        IsRunning named
@ -310,7 +310,7 @@
    # Test        : NAME-4204
    # Description : Check configuration file of BIND
    if [ ${BIND_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4204 --preqs-met ${PREQS_MET} --weight L --network NO --description "Search BIND configuration file"
+    Register --test-no NAME-4204 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Search BIND configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Search BIND configuration file"
        for I in ${BIND_CONFIG_LOCS}; do
@ -331,7 +331,7 @@
    # Test        : NAME-4206
    # Description : Check BIND configuration file consistency
    if [ ${BIND_RUNNING} -eq 1 -a ! "${BIND_CONFIG_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4206 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BIND configuration consistency"
+    Register --test-no NAME-4206 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check BIND configuration consistency"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: searching for named-checkconf binary"
        if [ ! "${NAMEDCHECKCONFBINARY}" = "" ]; then
@ -354,7 +354,7 @@
 #
    # Test        : NAME-4208
    # Description : Check DNS server type (master, slave, caching, forwarding)
-    #Register --test-no NAME-4050 --weight L --network NO --description "Check nscd status"
+    #Register --test-no NAME-4050 --weight L --network NO --category security --description "Check nscd status"
    #if [ ${SKIPTEST} -eq 0 ]; then
 #
 #################################################################################
@ -362,7 +362,7 @@
    # Test        : NAME-4210
    # Description : Check if we can determine useful information from banner
    if [ ${BIND_RUNNING} -eq 1 -a ! "${BIND_CONFIG_LOCATION}" = "" -a ! "${DIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4210 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check DNS banner"
+    Register --test-no NAME-4210 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check DNS banner"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Trying to determine version from banner"
        FIND=`${DIGBINARY} @localhost version.bind chaos txt | grep "^version.bind" | grep TXT | egrep "[0-9].[0-9].[0-9]*"`
@ -384,27 +384,27 @@
    # Test        : NAME-4212
    # Description : Check version option in BIND configuration
    #if [ ${BIND_RUNNING} -eq 1 -a ! "${BIND_CONFIG_LOCATION}" = "" -a ! "${DIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    #Register --test-no NAME-4212 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check version setting in configuration"
+    #Register --test-no NAME-4212 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check version setting in configuration"
 #
 #################################################################################
 #
    # Test        : NAME-4220
    # Description : Check if we can perform a zone transfer of primary domain
-    #Register --test-no NAME-4220 --weight L --network NO --description "Check zone transfer"
+    #Register --test-no NAME-4220 --weight L --network NO --category security --description "Check zone transfer"
    #if [ ${SKIPTEST} -eq 0 ]; then
 #
 #################################################################################
 #
    # Test        : NAME-4222
    # Description : Check if we can perform a zone transfer of PTR (of primary domain)
-    #Register --test-no NAME-4222 --weight L --network NO --description "Check zone transfer"
+    #Register --test-no NAME-4222 --weight L --network NO --category security --description "Check zone transfer"
    #if [ ${SKIPTEST} -eq 0 ]; then
 #
 #################################################################################
 #
    # Test        : NAME-4230
    # Description : Check if PowerDNS is running
-    Register --test-no NAME-4230 --weight L --network NO --description "Check PowerDNS status"
+    Register --test-no NAME-4230 --weight L --network NO --category security --description "Check PowerDNS status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for running PowerDNS instance"
        IsRunning pdns_server
@ -423,7 +423,7 @@
    # Test        : NAME-4232
    # Description : Check PowerDNS configuration file
    if [ ${POWERDNS_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4232 --preqs-met ${PREQS_MET} --weight L --network NO --description "Search PowerDNS configuration file"
+    Register --test-no NAME-4232 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Search PowerDNS configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Search PowerDNS configuration file"
        for I in ${POWERDNS_CONFIG_LOCS}; do
@ -444,7 +444,7 @@
 #    # Test        : NAME-4234
 #    # Description : Check PowerDNS configuration file consistency
 #    if [ ${POWERDNS_RUNNING} -eq 1 -a ! "${POWERDNS_AUTH_CONFIG_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-#    Register --test-no NAME-4234 --weight L --network NO --description "Check PowerDNS configuration consistency"
+#    Register --test-no NAME-4234 --weight L --network NO --category security --description "Check PowerDNS configuration consistency"
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #    fi
 #
@ -453,7 +453,7 @@
    # Test        : NAME-4236
    # Description : Check PowerDNS server backends
    if [ ${POWERDNS_RUNNING} -eq 1 -a ! "${POWERDNS_AUTH_CONFIG_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4236 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PowerDNS backends"
+    Register --test-no NAME-4236 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PowerDNS backends"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for PowerDNS backends"
        FIND=`awk -F= '/^launch/ { print $2 }' ${POWERDNS_AUTH_CONFIG_LOCATION}`
@ -473,7 +473,7 @@
    # Test        : NAME-4238
    # Description : Check PowerDNS authoritive status
    if [ ${POWERDNS_RUNNING} -eq 1 -a ! "${POWERDNS_AUTH_CONFIG_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4238 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PowerDNS authoritive status"
+    Register --test-no NAME-4238 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PowerDNS authoritive status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for PowerDNS master status"
        FIND=`grep "^master=yes" ${POWERDNS_AUTH_CONFIG_LOCATION}`
@ -501,7 +501,7 @@
 #
    # Test        : NAME-4302
    # Description : Check NIS ypbind daemon status
-    Register --test-no NAME-4304 --weight L --network NO --description "Check NIS ypbind status"
+    Register --test-no NAME-4304 --weight L --network NO --category security --description "Check NIS ypbind status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking status of ypbind daemon"
        IsRunning ypbind
@ -528,7 +528,7 @@
    # Description : Check NIS domain
    # Notes       : FreeBSD: sysctl kern.domainname
    if [ ${YPBIND_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4306 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check NIS domain"
+    Register --test-no NAME-4306 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check NIS domain"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking `domainname` for NIS domain value"
        FIND=`${DOMAINNAMEBINARY} | grep -v "(none)"`
@ -594,7 +594,7 @@
    # Test        : NAME-4402
    # Description : Check /etc/hosts configuration
-    Register --test-no NAME-4402 --weight L --network NO --description "Check duplicate line in /etc/hosts"
+    Register --test-no NAME-4402 --weight L --network NO --category security --description "Check duplicate line in /etc/hosts"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check duplicate line in /etc/hosts"
        if [ -f /etc/hosts ]; then
@ -619,7 +619,7 @@
    # Test        : NAME-4404
    # Description : Check /etc/hosts contains an entry for this server name
    if [ ! "${HOSTNAME}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4404 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/hosts contains an entry for this server name"
+    Register --test-no NAME-4404 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/hosts contains an entry for this server name"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check /etc/hosts contains an entry for this server name"
        if [ -f /etc/hosts ]; then
@ -641,7 +641,7 @@
    # Test        : NAME-4406
    # Description : Check server hostname mapping
    if [ ! "${HOSTNAME}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NAME-4406 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check server hostname mapping"
+    Register --test-no NAME-4406 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check server hostname mapping"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check server hostname not locally mapped in /etc/hosts"
        sFIND=`egrep -v '^(#|$)' /etc/hosts | egrep '^(localhost|::1)\s' | grep -w ${HOSTNAME}`
--- a/include/tests_networking
+++ b/include/tests_networking
@ -36,7 +36,7 @@
 #
    # Test        : NETW-2600
    # Description : Gather IPv6 configuration
-    Register --test-no NETW-2600 --os "Linux" --weight L --network YES --description "Checking IPv6 configuration"
+    Register --test-no NETW-2600 --os "Linux" --weight L --network YES --category security --description "Checking IPv6 configuration"
    if [ ${SKIPTEST} -eq 0 ]; then
        IPV6_CONFIGURED=0
        IPV6_ACCEPT_RA=255
@ -116,7 +116,7 @@
 #
    # Test        : NETW-2704
    # Description : Basic nameserver configuration tests (connectivity)
-    Register --test-no NETW-2704 --weight L --network YES --description "Basic nameserver configuration tests"
+    Register --test-no NETW-2704 --weight L --network YES --category security --description "Basic nameserver configuration tests"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 2 --text "- Checking configured nameservers"
        LogText "Test: Checking /etc/resolv.conf file"
@ -163,7 +163,7 @@
    # Test        : NETW-2705
    # Description : Basic nameserver configuration tests (connectivity)
    if [ ${LOCAL_DNSRESOLVER_FOUND} -eq 0  ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NETW-2705 --preqs-met ${PREQS_MET} --weight L --network YES --description "Check availability two nameservers"
+    Register --test-no NETW-2705 --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check availability two nameservers"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${DIGBINARY}" = "" ]; then
            if [ ${NUMBERACTIVENS} -lt 2 ]; then
@ -192,7 +192,7 @@
    # Description : Find default gateway (route)
    # More info   : BSD: ^default   Linux: 0.0.0.0
    if [ ! "${NETSTATBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NETW-3001 --preqs-met ${PREQS_MET} --weight L --network NO --description "Find default gateway (route)"
+    Register --test-no NETW-3001 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Find default gateway (route)"
    if [ $SKIPTEST -eq 0 ]; then
        LogText "Test: Searching default gateway(s)"
        FIND=`${NETSTATBINARY} -rn | egrep "^0.0.0.0|default" | tr -s ' ' | cut -d ' ' -f2`
@ -212,7 +212,7 @@
 #
    # Test        : NETW-3004
    # Description : Find available network interfaces on FreeBSD and others
-    Register --test-no NETW-3004 --weight L --network NO --description "Search available network interfaces"
+    Register --test-no NETW-3004 --weight L --network NO --category security --description "Search available network interfaces"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=""
        N=0
@ -254,7 +254,7 @@
 #
    # Test        : NETW-3006
    # Description : Get network MAC addresses
-    Register --test-no NETW-3006 --weight L --network NO --description "Get network MAC addresses"
+    Register --test-no NETW-3006 --weight L --network NO --category security --description "Get network MAC addresses"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=""
        case ${OS} in
@ -305,7 +305,7 @@
 #
    # Test        : NETW-3008
    # Description : Get network IPv4/6 addresses
-    Register --test-no NETW-3008 --weight L --network NO --description "Get network IP addresses"
+    Register --test-no NETW-3008 --weight L --network NO --category security --description "Get network IP addresses"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=""; FIND2=""
        case ${OS} in
@ -369,7 +369,7 @@
 #
    # Test        : NETW-3012
    # Description : Check listening ports
-    Register --test-no NETW-3012 --weight L --network NO --description "Check listening ports"
+    Register --test-no NETW-3012 --weight L --network NO --category security --description "Check listening ports"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=""; FIND2=""
        N=0
@ -468,7 +468,7 @@
    # Description : Checking promiscuous interfaces (BSD)
    # Note        : FreeBSD and others
    if [ "${OS}" = "DragonFly" -o "${OS}" = "FreeBSD" -o "${OS}" = "NetBSD" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NETW-3014 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking promiscuous interfaces (BSD)"
+    Register --test-no NETW-3014 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking promiscuous interfaces (BSD)"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking promiscuous interfaces (FreeBSD)"
        FIND=`${IFCONFIGBINARY} | grep PROMISC | cut -d ':' -f1`
@ -510,7 +510,7 @@
    # Description : Checking promiscuous interfaces (Linux)
    # Note        : Need ifconfig binary at this moment (does not work on Arch Linux)
    if [ ! "${IFCONFIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NETW-3015 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking promiscuous interfaces (Linux)"
+    Register --test-no NETW-3015 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking promiscuous interfaces (Linux)"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking promiscuous interfaces (Linux)"
        NETWORK=`${IFCONFIGBINARY} | grep Link | tr -s ' ' | cut -d ' ' -f1`
@ -569,7 +569,7 @@
    # Type        : Performance
    # Notes       : It is common to see a healthy web server seeing to have several thousands of TCP connections in WAIT state
    if [ ! "${NETSTATBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no NETW-3028 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking connections in WAIT state"
+    Register --test-no NETW-3028 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking connections in WAIT state"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Using netstat for check for connections in WAIT state"
        FIND=`${NETSTATBINARY} -an | grep WAIT | wc -l | awk '{ print $1 }'`
@ -588,7 +588,7 @@
 #
    # Test        : NETW-3030
    # Description : Checking for DHCP client
-    Register --test-no NETW-3030 --weight L --network NO --description "Checking DHCP client status"
+    Register --test-no NETW-3030 --weight L --network NO --category security --description "Checking DHCP client status"
    if [ ${SKIPTEST} -eq 0 ]; then
        IsRunning dhclient
        if [ ${RUNNING} -eq 1 ]; then
@ -603,7 +603,7 @@
 #
    # Test        : NETW-3032
    # Description : Checking for ARP spoofing and related monitoring software
-    Register --test-no NETW-3032 --os Linux --weight L --network NO --description "Checking for ARP monitoring software"
+    Register --test-no NETW-3032 --os Linux --weight L --network NO --category security --description "Checking for ARP monitoring software"
    if [ ${SKIPTEST} -eq 0 ]; then
        IsRunning arpwatch
        if [ ${RUNNING} -eq 1 ]; then
--- a/include/tests_php
+++ b/include/tests_php
@ -45,7 +45,7 @@
 #
    # Test        : PHP-2211
    # Description : Check php.ini presence
-    Register --test-no PHP-2211 --weight L --network NO --description "Check php.ini presence"
+    Register --test-no PHP-2211 --weight L --network NO --category security --description "Check php.ini presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for presence php.ini"
        PHPINIFILE=""
@ -93,7 +93,7 @@
    # Test        : PHP-2320
    # Description : Check php disable functions option
    if [ ! "${PHPINI_ALLFILES}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PHP-2320 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP disabled functions"
+    Register --test-no PHP-2320 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP disabled functions"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        for I in ${PHPINI_ALLFILES}; do
@ -149,7 +149,7 @@
      Debug "php.ini: ${PHPINIFILE}"
      Debug "version: ${PHPVERSION}"
    fi
-    Register --test-no PHP-2368 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP register_globals option"
+    Register --test-no PHP-2368 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP register_globals option"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking PHP register_globals option"
        FIND=`egrep -i 'register_globals.*(on|yes|1)' ${PHPINIFILE} | grep -v '^;'`
@ -173,7 +173,7 @@
    # Description : Check php expose_php option
    # Notes       : Extend test to check all PHP files YYY
    if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PHP-2372 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP expose_php option"
+    Register --test-no PHP-2372 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP expose_php option"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking expose_php option"
        FIND=`egrep -i 'expose_php.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
@ -197,7 +197,7 @@
    # Description : Check PHP enable_dl option
    # Notes       : Extend test to check all PHP files
    if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PHP-2374 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP enable_dl option"
+    Register --test-no PHP-2374 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP enable_dl option"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking PHP enable_dl option"
        FIND=$(egrep -i 'enable_dl.*(on|yes|1)' ${PHPINIFILE} | grep -v '^;')
@ -219,7 +219,7 @@
    # Description : Check PHP allow_url_fopen option
    # Notes       : Extend test to check all PHP files YYY
    if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PHP-2376 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_fopen option"
+    Register --test-no PHP-2376 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP allow_url_fopen option"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking PHP allow_url_fopen option"
        FIND=`egrep -i 'allow_url_fopen.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
@ -242,7 +242,7 @@
    # Description : Check PHP allow_url_include option
    # Notes       : Extend test to check all PHP files YYY
    if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PHP-2378 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_include option"
+    Register --test-no PHP-2378 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP allow_url_include option"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking PHP allow_url_include option"
        FIND=`egrep -i 'allow_url_include.*(off|no|0)' ${PHPINIFILE} | grep -v '^;'`
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@ -38,7 +38,7 @@
    # Test        : PKGS-7301
    # Description : Query FreeBSD pkg
    if [ -x /usr/sbin/pkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7301 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query NetBSD pkg"
+    Register --test-no PKGS-7301 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Query NetBSD pkg"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`pkg -N 2>&1; echo $?`
        if [ "${FIND}" = "0" ]; then
@ -64,7 +64,7 @@
    # Test        : PKGS-7302
    # Description : Query FreeBSD/NetBSD pkg_info
    if [ -x /usr/sbin/pkg_info ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7302 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query FreeBSD/NetBSD pkg_info"
+    Register --test-no PKGS-7302 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Query FreeBSD/NetBSD pkg_info"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        Display --indent 4 --text "- Checking pkg_info" --result "${STATUS_FOUND}" --color GREEN
@ -91,7 +91,7 @@
    # Description : Query brew package manager
    FIND=`which brew 2> /dev/null`
    if [ ! "${FIND}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7303 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query brew package manager"
+    Register --test-no PKGS-7303 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Query brew package manager"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 4 --text "- Searching brew" --result "${STATUS_FOUND}" --color GREEN
        LogText "Result: Found brew"
@ -113,7 +113,7 @@
    # Test        : PKGS-7304
    # Description : Gentoo packages
    if [ -x /usr/bin/emerge -a -x /usr/bin/equery ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7304 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Gentoo packages"
+    Register --test-no PKGS-7304 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Querying Gentoo packages"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 4 --text "- Searching emerge" --result "${STATUS_FOUND}" --color GREEN
        LogText "Result: Found Gentoo emerge"
@ -136,7 +136,7 @@
    # Test        : PKGS-7306
    # Description : Solaris packages
    if [ -x /usr/bin/pkginfo ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7306 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Solaris packages"
+    Register --test-no PKGS-7306 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Querying Solaris packages"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 4 --text "- Searching pkginfo" --result "${STATUS_FOUND}" --color GREEN
            LogText "Result: Found Solaris pkginfo"
@ -159,7 +159,7 @@
    # Test        : PKGS-7308
    # Description : RPM package based systems
    if [ ! "${RPMBINARY}" = "" -a "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7308 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking package list with RPM"
+    Register --test-no PKGS-7308 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking package list with RPM"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        Display --indent 4 --text "- Searching RPM package manager" --result "${STATUS_FOUND}" --color GREEN
@ -192,7 +192,7 @@
    # Test        : PKGS-7310
    # Description : pacman package based systems
    if [ ! "${PACMANBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7310 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking package list with pacman"
+    Register --test-no PKGS-7310 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking package list with pacman"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        Display --indent 4 --text "- Searching pacman package manager" --result "${STATUS_FOUND}" --color GREEN
@ -222,7 +222,7 @@
    # Test        : PKGS-7312
    # Description : Check for available package updates when pacman package is used (Arch Linux)
    if [ ! "${PACMANBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7312 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking available updates for pacman based system"
+    Register --test-no PKGS-7312 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking available updates for pacman based system"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        FIND=`which checkupdates`
@ -252,7 +252,7 @@
    # Description : Check pacman.conf options
    PACMANCONF="/etc/pacman.conf"
    if [ ! "${PACMANBINARY}" = "" -a -f ${PACMANCONF} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7314 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking pacman configuration options"
+    Register --test-no PKGS-7314 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking pacman configuration options"
    if [ ${SKIPTEST} -eq 0 ]; then
        COUNT=0
        # Check configuration options (options start with a capital)
@ -280,7 +280,7 @@
    # Test        : PKGS-7328
    # Description : Check installed packages with Zypper
    if [ ! "${ZYPPERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7328 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Zypper for installed packages"
+    Register --test-no PKGS-7328 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Querying Zypper for installed packages"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        PACKAGE_AUDIT_TOOL_FOUND=1
@ -304,7 +304,7 @@
    # Test        : PKGS-7330
    # Description : Check vulnerable packages with Zypper
    if [ ! "${ZYPPERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7330 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Zypper for vulnerable packages"
+    Register --test-no PKGS-7330 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Querying Zypper for vulnerable packages"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`${ZYPPERBINARY} -n pchk | grep "(0 security patches)"`
            if [ ! "${FIND}" = "" ]; then
@ -332,7 +332,7 @@
    # Test        : PKGS-7345
    # Description : Debian package based systems (dpkg)
    if [ -x /usr/bin/dpkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7345 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying dpkg"
+    Register --test-no PKGS-7345 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Querying dpkg"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        Display --indent 4 --text "- Searching dpkg package manager" --result "${STATUS_FOUND}" --color GREEN
@ -360,7 +360,7 @@
    # Description : Check packages which are removed, but still own configuration files, cron jobs etc
    # Notes       : Cleanup: for pkg in `dpkg -l | grep "^rc" | cut -d' ' -f3`; do aptitude purge ${pkg}; done
    if [ -x /usr/bin/dpkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7346 --preqs-met ${PREQS_MET} --weight L --network NO --description "Search unpurged packages on system"
+    Register --test-no PKGS-7346 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Search unpurged packages on system"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: Querying dpkg -l to get unpurged packages"
@ -389,7 +389,7 @@
    # Notes       : Portsclean seems to be gone from the ports, so no suggestion or warning is
    #               issued when it's missing.
    #               Add portmaster --clean-distfiles-all
-    Register --test-no PKGS-7348 --os FreeBSD --weight L --network NO --description "Check for old distfiles"
+    Register --test-no PKGS-7348 --os FreeBSD --weight L --network NO --category security --description "Check for old distfiles"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -x /usr/local/sbin/portsclean ]; then
            FIND=`/usr/local/sbin/portsclean -n -DD | grep 'Delete' | wc -l | tr -d ' '`
@ -410,7 +410,7 @@
    # Description : Use Dandified YUM to gather installed packages
    # Notes       : Possible replacement for YUM in the long term
    if [ ! "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no "PKGS-7350" --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking for installed packages with DNF utility"
+    Register --test-no "PKGS-7350" --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for installed packages with DNF utility"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 4 --text "- Searching DNF package manager" --result "${STATUS_FOUND}" --color GREEN
        LogText "Result: found DNF (Dandified YUM) utility (binary: ${DNFBINARY})"
@ -433,7 +433,7 @@
    # Test        : PKGS-7352
    # Description : Use Dandified YUM to detect security updates
    if [ ! "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no "PKGS-7352" --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking for security updates with DNF utility"
+    Register --test-no "PKGS-7352" --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for security updates with DNF utility"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check for security updates
        LogText "Action: checking updateinfo for security updates"
@ -460,7 +460,7 @@
    # Test        : PKGS-7354
    # Description : Perform integrity tests for package database
    if [ ! "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no "PKGS-7354" --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking package database integrity"
+    Register --test-no "PKGS-7354" --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking package database integrity"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check if repoquery plugin is available
        FIND=`${DNFBINARY} 2>&1 | grep "^repoquery"`
@ -486,7 +486,7 @@
    # Test        : PKGS-7366
    # Description : Checking if debsecan is installed and enabled on Debian systems
    if [ ! "${DEBSECANBINARY}" = "" -a "${OS}" = "Linux" -a "${LINUX_VERSION}" = "Debian" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no "PKGS-7366" --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking for debsecan utility"
+    Register --test-no "PKGS-7366" --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for debsecan utility"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${DEBSECANBINARY}" = "" ]; then
            LogText "Result: debsecan utility is installed"
@ -519,7 +519,7 @@
    # Description : Checking debsums installation status and presence in cron job
    # Note        : Run this only when it is a DPKG based system
    if [ ! "${DPKGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no "PKGS-7370" --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking for debsums utility"
+    Register --test-no "PKGS-7370" --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for debsums utility"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${DEBSUMSBINARY}" = "" ]; then
            LogText "Result: debsums utility is installed"
@ -549,7 +549,7 @@
    # Test        : PKGS-7378
    # Description : Query FreeBSD portmaster for available port upgrades
    if [ -x /usr/local/sbin/portmaster ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7378 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query portmaster for port upgrades"
+    Register --test-no PKGS-7378 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Query portmaster for port upgrades"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: Querying portmaster for possible port upgrades"
@ -572,7 +572,7 @@
 #
    # Test        : PKGS-7380
    # Description : Check for vulnerable NetBSD packages (with pkg_admin)
-    Register --test-no PKGS-7380 --os NetBSD --weight L --network NO --description "Check for vulnerable NetBSD packages"
+    Register --test-no PKGS-7380 --os NetBSD --weight L --network NO --category security --description "Check for vulnerable NetBSD packages"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -x /usr/sbin/pkg_admin ]; then
            PACKAGE_AUDIT_TOOL_FOUND=1
@ -612,7 +612,7 @@
    # Test        : PKGS-7381
    # Description : Check for vulnerable FreeBSD packages (with pkg)
    if [ -x /usr/sbin/pkg -a -f /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for vulnerable FreeBSD packages with pkg"
+    Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -x /usr/sbin/pkg ]; then
            FIND=`/usr/sbin/pkg audit 2> /dev/null | grep 'problem(s) in your installed packages found' | grep -v '0 problem(s) in your installed packages found'`
@ -650,7 +650,7 @@
    # Description : Check for vulnerable FreeBSD packages
    # Notes       : Newer machines should use pkg audit instead of portaudit
    if [ -x /usr/local/sbin/portaudit ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7382 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for vulnerable FreeBSD packages with portaudit"
+    Register --test-no PKGS-7382 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with portaudit"
    if [ ${SKIPTEST} -eq 0 ]; then
            PACKAGE_AUDIT_TOOL_FOUND=1
            FIND=`/usr/local/sbin/portaudit | grep 'problem(s) in your installed packages found' | grep -v '0 problem(s) in your installed packages found'`
@ -679,7 +679,7 @@
    # Description : Check for YUM package Update management
    # Notes       : Skip if DNF is used as package manager
    if [ ! "${YUMBINARY}" = "" -a "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7383 --preqs-met ${PREQS_MET} --os Linux --weight M --network NO --description "Check for YUM package Update management"
+    Register --test-no PKGS-7383 --preqs-met ${PREQS_MET} --os Linux --weight M --network NO --category security --description "Check for YUM package Update management"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: YUM package update management"
        sFIND=`${YUMBINARY} repolist 2>/dev/null | grep repolist | sed 's/ //g' | sed 's/[,.]//g' | awk -F ":" '{print $2}'`
@ -699,7 +699,7 @@
    # Test        : PKGS-7384
    # Description : Search for YUM utils package
    if [ ! "${YUMBINARY}" = "" -a "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7384 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check for YUM utils package"
+    Register --test-no PKGS-7384 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Check for YUM utils package"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -x /usr/bin/package-cleanup ]; then
            LogText "Result: found YUM utils package (/usr/bin/package-cleanup)"
@ -744,7 +744,7 @@
    #             : RHEL 6: yum-security-plugin (plugin)
    #             : RHEL 5: yum-security (plugin)
    if [ -x /usr/bin/yum -a "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7386 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check for YUM security package"
+    Register --test-no PKGS-7386 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Check for YUM security package"
    if [ ${SKIPTEST} -eq 0 ]; then
        DO_TEST=0
        LogText "Test: Determining if yum-security package installed"
@ -818,7 +818,7 @@
    # Test        : PKGS-7387
    # Description : Search for YUM GPG check
    if [ -x /usr/bin/yum -a "${DNFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7387 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check for GPG signing in YUM security package"
+    Register --test-no PKGS-7387 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Check for GPG signing in YUM security package"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        FileExists /etc/yum.conf
@ -840,7 +840,7 @@
    # Test        : PKGS-7388
    # Description : Check security repository in Debian/ubuntu apt sources.list file
    if [ -f /etc/apt/sources.list -a -d /etc/apt/sources.list.d ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7388 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check security repository in Debian/ubuntu apt sources.list file"
+    Register --test-no PKGS-7388 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check security repository in Debian/ubuntu apt sources.list file"
    if [ $SKIPTEST -eq 0 ]; then
        FOUND=0
        if [ ! "${OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY}" = "yes" ]; then
@ -888,7 +888,7 @@
    # Test        : PKGS-7390
    # Description : Check Ubuntu database consistency
    if [ "${LINUX_VERSION}" = "Ubuntu" -a -x /usr/bin/apt-get ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7390 --os Linux --preqs-met ${PREQS_MET} --root-only YES --weight L --network NO --description "Check Ubuntu database consistency"
+    Register --test-no PKGS-7390 --os Linux --preqs-met ${PREQS_MET} --root-only YES --weight L --network NO --category security --description "Check Ubuntu database consistency"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Package database consistency by running apt-get check"
        FIND=`/usr/bin/apt-get -q=2 check 2> /dev/null; echo $?`
@ -908,7 +908,7 @@
    # Test        : PKGS-7392
    # Description : Check Debian/Ubuntu vulnerable packages
    if [ -x /usr/bin/apt-get ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7392 --os Linux --preqs-met ${PREQS_MET} --root-only YES --weight L --network YES --description "Check for Debian/Ubuntu security updates"
+    Register --test-no PKGS-7392 --os Linux --preqs-met ${PREQS_MET} --root-only YES --weight L --network YES --category security --description "Check for Debian/Ubuntu security updates"
    if [ ${SKIPTEST} -eq 0 ]; then
        VULNERABLE_PACKAGES_FOUND=0
        SCAN_PERFORMED=0
@ -981,7 +981,7 @@
    # Test        : PKGS-7393
    # Description : Check Gentoo vulnerable packages
    if [ -x /usr/bin/emerge-webrsync ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7393 --preqs-met ${PREQS_MET} --weight L --network YES --description "Check for Gentoo vulnerable packages"
+    Register --test-no PKGS-7393 --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check for Gentoo vulnerable packages"
    if [ ${SKIPTEST} -eq 0 ]; then
        VULNERABLE_PACKAGES_FOUND=0
        SCAN_PERFORMED=0
@ -1028,7 +1028,7 @@
    # Test        : PKGS-7394
    # Description : Check Ubuntu upgradeable packages
    if [ "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PKGS-7394 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --description "Check for Ubuntu updates"
+    Register --test-no PKGS-7394 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check for Ubuntu updates"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking /usr/bin/apt-show-versions"
        if [ -x /usr/bin/apt-show-versions ]; then
@ -1060,7 +1060,7 @@
 #
    # Test        : PKGS-7398
    # Description : Check package audit tool
-    Register --test-no PKGS-7398 --weight L --network YES --description "Check for package audit tool"
+    Register --test-no PKGS-7398 --weight L --network YES --category security --description "Check for package audit tool"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: checking for package audit tool"
        if [ ${PACKAGE_AUDIT_TOOL_FOUND} -eq 0 ]; then
@ -1088,7 +1088,7 @@
 #
    # Test        : PKGS-7410
    # Description : Count number of installed kernel packages
-    Register --test-no PKGS-7410 --weight L --network NO --description "Count installed kernel packages"
+    Register --test-no PKGS-7410 --weight L --network NO --category security --description "Count installed kernel packages"
    if [ ${SKIPTEST} -eq 0 ]; then
        KERNELS=0
        if [ ! "${RPMBINARY}" = "" ]; then
--- a/include/tests_printers_spools
+++ b/include/tests_printers_spools
@ -40,7 +40,7 @@
 #
    # Test        : PRNT-2302
    # Description : Check printcap file consistency
-    Register --test-no PRNT-2302 --os FreeBSD --weight L --network NO --description "Check for printcap consistency"
+    Register --test-no PRNT-2302 --os FreeBSD --weight L --network NO --category security --description "Check for printcap consistency"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching /usr/sbin/chkprintcap"
        if [ ! -f /usr/sbin/chkprintcap ]; then
@ -66,7 +66,7 @@
 #
    # Test        : PRNT-2304
    # Description : Check cupsd status
-    Register --test-no PRNT-2304 --weight L --network NO --description "Check cupsd status"
+    Register --test-no PRNT-2304 --weight L --network NO --category security --description "Check cupsd status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking cupsd status"
        #FIND=`${PSBINARY} ax | grep "cupsd" | grep -v "grep" | grep -v apcupsd`
@ -86,7 +86,7 @@
    # Test        : PRNT-2306
    # Description : Check CUPSd configuration file
    if [ ${CUPSD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PRNT-2306 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check CUPSd configuration file"
+    Register --test-no PRNT-2306 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check CUPSd configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching cupsd configuration file"
        for I in ${CUPSD_CONFIG_LOCS}; do
@ -114,7 +114,7 @@
    # Description : Check CUPSd configuration file permissions
    # To Do       : Add function
    if [ ${CUPSD_FOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PRNT-2307 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check CUPSd configuration file permissions"
+    Register --test-no PRNT-2307 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check CUPSd configuration file permissions"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking CUPS configuration file permissions"
        FIND=`ls -l ${CUPSD_CONFIG_FILE} | cut -c 2-10`
@ -134,7 +134,7 @@
    # Test        : PRNT-2308
    # Description : Check CUPS daemon network configuration
    if [ ${CUPSD_FOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no PRNT-2308 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check CUPSd network configuration"
+    Register --test-no PRNT-2308 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check CUPSd network configuration"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        # Checking network addresses
@ -187,7 +187,7 @@
 #
    # Test        : PRNT-2314
    # Description : Check lpd status
-    Register --test-no PRNT-2314 --weight L --network NO --description "Check lpd status"
+    Register --test-no PRNT-2314 --weight L --network NO --category security --description "Check lpd status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking lpd status"
        IsRunning lpd
@ -207,7 +207,7 @@
    # Test        : PRNT-23xx
    # Description : Test Linux printcap file
    #if [ ${CUPSD_RUNNING} -eq 1 -a ! "${CUPSD_CONFIG_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    #Register --test-no PRNT-23xx--preqs-met ${PREQS_MET} --weight L --network NO --description "Check cupsd address configuration"
+    #Register --test-no PRNT-23xx--preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check cupsd address configuration"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #if [ "${OS}" = "Linux" ]; then
    #    echo "        - Testing printcap file [Test not implemented yet]"
@ -218,7 +218,7 @@
 #
    # Test        : PRNT-2416
    # Description : Check /etc/qconfig file
-    Register --test-no PRNT-2316 --os AIX --weight L --network NO --description "Checking /etc/qconfig file"
+    Register --test-no PRNT-2316 --os AIX --weight L --network NO --category security --description "Checking /etc/qconfig file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking /etc/qconfig"
        QDAEMON_CONFIG_FILE="/etc/qconfig"
@ -242,7 +242,7 @@
 #
    # Test        : PRNT-2418
    # Description : Check qdaemon printer spooler status
-    Register --test-no PRNT-2418 --os AIX --weight L --network NO --description "Checking qdaemon printer spooler status"
+    Register --test-no PRNT-2418 --os AIX --weight L --network NO --category security --description "Checking qdaemon printer spooler status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking qdaemon status"
        IsRunning qdaemon
@ -266,7 +266,7 @@
 #
    # Test        : PRNT-2420
    # Description : Checking old print jobs
-    Register --test-no PRNT-2420 --os AIX --weight L --network NO --description "Checking old print jobs"
+    Register --test-no PRNT-2420 --os AIX --weight L --network NO --category security --description "Checking old print jobs"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking old print jobs"
        DirectoryExists /var/spool/lpd/qdir
--- a/include/tests_scheduling
+++ b/include/tests_scheduling
@ -33,7 +33,7 @@
 #
    # Test        : SCHD-7702
    # Description : Check cron daemon
-    Register --test-no SCHD-7702 --weight L --network NO --description "Check status of cron daemon"
+    Register --test-no SCHD-7702 --weight L --network NO --category security --description "Check status of cron daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=$(ps aux | ${EGREPBINARY} "( cron$|/cron(d)? )")
        if [ "${FIND}" = "" ]; then
@ -50,7 +50,7 @@
 #
    # Test        : SCHD-7704
    # Description : Check crontab / cronjobs
-    Register --test-no SCHD-7704 --weight L --network NO --description "Check crontab/cronjobs"
+    Register --test-no SCHD-7704 --weight L --network NO --category security --description "Check crontab/cronjobs"
    if [ ${SKIPTEST} -eq 0 ]; then
        BAD_FILE_PERMISSIONS=0
        BAD_FILE_OWNERSHIP=0
@ -183,7 +183,7 @@
 #
    # Test        : SCHD-7718
    # Description : Check atd status
-    Register --test-no SCHD-7718 --weight L --network NO --description "Check at users"
+    Register --test-no SCHD-7718 --weight L --network NO --category security --description "Check at users"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking atd status"
        FIND=$(${PSBINARY} ax | grep "/atd" | grep -v "grep")
@ -207,7 +207,7 @@
    #               except the listed ones can schedule jobs. If both can't be
    #               found, only root can schedule jobs.
    if [ ${ATD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SCHD-7720 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check at users"
+    Register --test-no SCHD-7720 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check at users"
    if [ ${SKIPTEST} -eq 0 ]; then
        AT_UNKNOWN=0
        case ${OS} in
@ -270,7 +270,7 @@
    # Test        : SCHD-7724
    # Description : Check scheduled at jobs
    if [ ${ATD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SCHD-7724 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check at jobs"
+    Register --test-no SCHD-7724 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check at jobs"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check scheduled at jobs"
        FIND=$(atq | grep -v "no files in queue" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g')
--- a/include/tests_shells
+++ b/include/tests_shells
@ -48,7 +48,7 @@
    # Test        : SHLL-6202
    # Description : check all console TTYs in which root user can enter single user mode without password
-    Register --test-no SHLL-6202 --os FreeBSD --weight L --network NO --description "Check console TTYs"
+    Register --test-no SHLL-6202 --os FreeBSD --weight L --network NO --category security --description "Check console TTYs"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking console TTYs"
        FIND=`egrep '^console' /etc/ttys | grep -v 'insecure'`
@ -69,7 +69,7 @@
 #
    # Test        : SHLL-6211
    # Description : which shells are available according /etc/shells
-    Register --test-no SHLL-6211 --weight L --network NO --description "Checking available and valid shells"
+    Register --test-no SHLL-6211 --weight L --network NO --category security --description "Checking available and valid shells"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for /etc/shells"
        if [ -f /etc/shells ]; then
@ -99,7 +99,7 @@
 #
    # Test        : SHLL-6220
    # Description : check for idle session killing tools or settings
-    Register --test-no SHLL-6220 --weight L --network NO --description "Checking available and valid shells"
+    Register --test-no SHLL-6220 --weight L --network NO --category security --description "Checking available and valid shells"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Search for session timeout tools or settings in shell"
        IsRunning timeoutd
@ -221,7 +221,7 @@
    # Test        : SHLL-6230
    # Description : Check for umask values in shell configurations
    SHELL_CONFIG_FILES="/etc/bashrc /etc/bash.bashrc /etc/csh.cshrc /etc/profile"
-    Register --test-no SHLL-6230 --weight H --network NO --description "Perform umask check for shell configurations"
+    Register --test-no SHLL-6230 --weight H --network NO --category security --description "Perform umask check for shell configurations"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        HARDENING_POSSIBLE=0
@ -272,7 +272,7 @@
 #
    # Test        : SHLL-6290
    # Description : Check for Shellshock vulnerability
-    Register --test-no SHLL-6290 --weight H --network NO --description "Perform Shellshock vulnerability tests"
+    Register --test-no SHLL-6290 --weight H --network NO --category security --description "Perform Shellshock vulnerability tests"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        #Display --indent 2 --text "- Testing for Shellshock vulnerability"
--- a/include/tests_snmp
+++ b/include/tests_snmp
@ -32,7 +32,7 @@
    # Test        : SNMP-3302
    # Description : Check for a running SNMP daemon
-    Register --test-no SNMP-3302 --weight L --network NO --description "Check for running SNMP daemon"
+    Register --test-no SNMP-3302 --weight L --network NO --category security --description "Check for running SNMP daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for a SNMP daemon"
        # Check running processes
@ -52,7 +52,7 @@
    # Test        : SNMP-3304
    # Description : Determine SNMP daemon configuration file location
    if [ ${SNMP_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SNMP-3304 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SNMP daemon file location"
+    Register --test-no SNMP-3304 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check SNMP daemon file location"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: searching for snmpd.conf file"
        for I in ${SNMP_DAEMON_CONFIG_LOCS}; do
@ -75,7 +75,7 @@
    # Test        : SNMP-3306
    # Description : Determine SNMP communities
    if [ ! "${SNMPD_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SNMP-3306 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SNMP communities"
+    Register --test-no SNMP-3306 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check SNMP communities"
    if [ ${SKIPTEST} -eq 0 ]; then
        WARN=0
        LogText "Test: reading active snmp communities"
--- a/include/tests_solaris
+++ b/include/tests_solaris
@ -28,7 +28,7 @@
 #
    # Test        : SOL-xxxx
    # Description : Check if Stop-A is disabled
-#    Register --test-no SOL-xxxx --weight L --network NO --description "Check for running SSH daemon"
+#    Register --test-no SOL-xxxx --weight L --network NO --category security --description "Check for running SSH daemon"
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #       LogText "Test: Searching for a SSH daemon"
 #       # Check running processes
@ -47,7 +47,7 @@
 #
    # Test        : SOL-xxxx
    # Description : Check if vold is disabled, to disallow unaudited mounts
-#    Register --test-no SOL-xxxx --weight L --network NO --description "Check for running SSH daemon"
+#    Register --test-no SOL-xxxx --weight L --network NO --category security --description "Check for running SSH daemon"
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #       LogText "Test: Searching for a SSH daemon"
 #       # Check running processes
--- a/include/tests_squid
+++ b/include/tests_squid
@ -37,7 +37,7 @@
    # Description : Check for a running Squid daemon
    # Notes       : Search for squid(3) with a space, to avoid SquidGuard and other
    #               programs.
-    Register --test-no SQD-3602 --weight L --network NO --description "Check for running Squid daemon"
+    Register --test-no SQD-3602 --weight L --network NO --category security --description "Check for running Squid daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for a Squid daemon"
        FOUND=0
@ -58,7 +58,7 @@
    # Test        : SQD-3604
    # Description : Determine Squid daemon configuration file location
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3604 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid daemon file location"
+    Register --test-no SQD-3604 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid daemon file location"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: searching for squid.conf or squid3.conf file"
        for I in ${SQUID_DAEMON_CONFIG_LOCS}; do
@ -87,7 +87,7 @@
    # Test        : SQD-3606
    # Description : Check Squid version
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3606 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version"
+    Register --test-no SQD-3606 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid version"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ! "${SQUIDBINARY}" = "" ]; then
            LogText "Result: Squid binary found (${SQUIDBINARY})"
@ -111,7 +111,7 @@
    # Test        : SQD-3610
    # Description : Check Squid configuration options
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3610 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version"
+    Register --test-no SQD-3610 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid version"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking all specific defined options in ${SQUID_DAEMON_CONFIG}"
        FIND=`grep -v "^#" ${SQUID_DAEMON_CONFIG} | grep -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'`
@ -128,7 +128,7 @@
    # Test        : SQD-3613
    # Description : Check Squid configuration options
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3613 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid file permissions"
+    Register --test-no SQD-3613 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid file permissions"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking file permissions of ${SQUID_DAEMON_CONFIG}"
        FIND=`find ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)`
@ -156,7 +156,7 @@
    # Test        : SQD-3614
    # Description : Check Squid authentication
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3614 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid authentication methods"
+    Register --test-no SQD-3614 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid authentication methods"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check auth_param option for authentication methods"
        FIND=`grep "^auth_param" ${SQUID_DAEMON_CONFIG} | awk '{ print $2 }'`
@ -177,7 +177,7 @@
    # Test        : SQD-3616
    # Description : Check external Squid authentication
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3616 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check external Squid authentication"
+    Register --test-no SQD-3616 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check external Squid authentication"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check external_acl_type option for external authentication helpers"
        FIND=`grep "^external_acl_type" ${SQUID_DAEMON_CONFIG}`
@ -199,7 +199,7 @@
    # Test        : SQD-3620
    # Description : Check ACLs
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3620 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid access control lists"
+    Register --test-no SQD-3620 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid access control lists"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: checking ACLs"
@ -224,7 +224,7 @@
    # Test        : SQD-3624 [T]
    # Description : Check unsecure ports in Safe_ports list
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3624 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid safe ports"
+    Register --test-no SQD-3624 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid safe ports"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: checking ACL Safe_ports http_access option"
@ -275,7 +275,7 @@
    # Test        : SQD-3630 [T]
    # Description : Check reply_body_max_size value
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3630 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid reply_body_max_size option"
+    Register --test-no SQD-3630 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid reply_body_max_size option"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: checking option reply_body_max_size"
@ -304,7 +304,7 @@
    # Test        : SQD-3680
    # Description : Check httpd_suppress_version_string
    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SQD-3680 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version suppresion"
+    Register --test-no SQD-3680 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid version suppresion"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`grep "^httpd_suppress_version_string " ${SQUID_DAEMON_CONFIG} | grep " on"`
        if [ "${FIND}" = "" ]; then
--- a/include/tests_ssh
+++ b/include/tests_ssh
@ -36,7 +36,7 @@
 #
    # Test        : SSH-7402
    # Description : Check for a running SSH daemon
-    Register --test-no SSH-7402 --weight L --network NO --description "Check for running SSH daemon"
+    Register --test-no SSH-7402 --weight L --network NO --category security --description "Check for running SSH daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching for a SSH daemon"
        IsRunning sshd
@ -57,7 +57,7 @@
    # Test        : SSH-7404
    # Description : Determine SSH daemon configuration file location
    if [ ${SSH_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SSH-7404 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH daemon file location"
+    Register --test-no SSH-7404 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check SSH daemon file location"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        LogText "Test: searching for sshd_config file"
@ -93,7 +93,7 @@
    # Description : Check SSH specific defined options
    # Notes       : Instead of parsing the configuration file, we query the SSH daemon itself
    if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_OPTIONS_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SSH-7408 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH specific defined options"
+    Register --test-no SSH-7408 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check SSH specific defined options"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking specific defined options in ${SSH_DAEMON_OPTIONS_FILE}"
        ## SSHOPTIONS scheme:
@ -237,7 +237,7 @@
    # Description : AllowUsers / AllowGroups
    # Goal        : Check if only a specific amount of users/groups can log in to the system
    if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_OPTIONS_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no SSH-7440 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: AllowUsers and AllowGroups"
+    Register --test-no SSH-7440 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check SSH option: AllowUsers and AllowGroups"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        # AllowUsers
--- a/include/tests_storage
+++ b/include/tests_storage
@ -30,7 +30,7 @@
 #
    # Test        : STRG-1840
    # Description : Check for disabled USB storage
-    Register --test-no STRG-1840 --os Linux --weight L --network NO --description "Check if USB storage is disabled"
+    Register --test-no STRG-1840 --os Linux --weight L --network NO --category security --description "Check if USB storage is disabled"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        LogText "Test: Checking USB storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf"
@ -70,7 +70,7 @@
 #
    # Test        : STRG-1842
    # Description : Check USB authorizations
-    Register --test-no STRG-1842 --os Linux --weight L --network NO --description "Check USB authorizations"
+    Register --test-no STRG-1842 --os Linux --weight L --network NO --category security --description "Check USB authorizations"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking USB devices authorization to connect to the system"
        FOUND=0
@ -107,7 +107,7 @@
    # Test        : STRG-1846
    # Description : Check for disabled firewire storage
    # Explanation : Best option is to use the install function, or else drivers can still be loaded manually
-    Register --test-no STRG-1846 --os Linux --weight L --network NO --description "Check if firewire storage is disabled"
+    Register --test-no STRG-1846 --os Linux --weight L --network NO --category security --description "Check if firewire storage is disabled"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        LogText "Test: Checking firewire storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf"
--- a/include/tests_storage_nfs
+++ b/include/tests_storage_nfs
@ -34,7 +34,7 @@
    # Test        : STRG-1902
    # Description : Check rpcinfo
    if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no STRG-1902 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check rpcinfo registered programs"
+    Register --test-no STRG-1902 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check rpcinfo registered programs"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking rpcinfo registered programs"
        FIND=`${RPCINFOBINARY} -p 2> /dev/null | tr -s ' ' ','`
@ -49,7 +49,7 @@
    # Test        : STRG-1904
    # Description : Check nfs versions in rpcinfo
    if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no STRG-1904 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nfs rpc"
+    Register --test-no STRG-1904 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nfs rpc"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking NFS registered versions"
        FIND=`${RPCINFOBINARY} -p 2> /dev/null | ${AWKBINARY} '{ if ($5=="nfs") { print $2 } }' | uniq | sort`
@ -64,7 +64,7 @@
    # Test        : STRG-1906
    # Description : Check nfs protocols (TCP/UDP) and port in rpcinfo
    if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no STRG-1906 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nfs rpc"
+    Register --test-no STRG-1906 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nfs rpc"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking NFS registered protocols"
        FIND=`${RPCINFOBINARY} -p 2> /dev/null | ${AWKBINARY} '{ if ($5=="nfs") { print $3 } }' | uniq | sort`
@ -91,7 +91,7 @@
 #
    # Test        : STRG-1920
    # Description : Check for running NFS daemons
-    Register --test-no STRG-1920 --weight L --network NO --description "Checking NFS daemon"
+    Register --test-no STRG-1920 --weight L --network NO --category security --description "Checking NFS daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking running NFS daemon"
        FIND=`${PSBINARY} ax | grep "nfsd" | grep -v "grep"`
@ -109,7 +109,7 @@
 #
    # Test        : STRG-1924
    # Description : Check missing nfs in rpcinfo while NFS is running
-    #Register --test-no STRG-1924 --weight L --network NO --description "Checking NFS daemon"
+    #Register --test-no STRG-1924 --weight L --network NO --category security --description "Checking NFS daemon"
    #if [ ${SKIPTEST} -eq 0 ]; then
 #
 #################################################################################
@ -117,7 +117,7 @@
    # Test        : STRG-1926
    # Description : Check NFS exports
    if [ ${NFS_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no STRG-1926 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking NFS exports"
+    Register --test-no STRG-1926 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking NFS exports"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: check /etc/exports"
        if [ -f /etc/exports ]; then
@ -144,7 +144,7 @@
    # Test        : STRG-1928
    # Description : Check for empty exports file while NFS is running
    if [ ${NFS_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no STRG-1928 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking empty /etc/exports"
+    Register --test-no STRG-1928 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking empty /etc/exports"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ${NFS_EXPORTS_EMPTY} -eq 1 ]; then
            Display --indent 6 --text "- Checking empty /etc/exports" --result "${STATUS_SUGGESTION}" --color YELLOW
@ -158,7 +158,7 @@
    # Test        : STRG-1930
    # Description : Check client access to nfs share
    if [ ${NFS_DAEMON_RUNNING} -eq 1 -a ${NFS_EXPORTS_EMPTY} -eq 0 -a ! "${SHOWMOUNTBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no STRG-1930 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check client access to nfs share"
+    Register --test-no STRG-1930 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check client access to nfs share"
    if [ ${SKIPTEST} -eq 0 ]; then
        #LogText "Test: "
        sFIND=`${SHOWMOUNTBINARY} -e | awk '{ print $2 }' | sed '1d'| grep "\*"`
--- a/include/tests_time
+++ b/include/tests_time
@ -48,7 +48,7 @@
        else
          PREQS_MET="YES"
    fi
-    Register --test-no TIME-3104 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for running NTP daemon or client"
+    Register --test-no TIME-3104 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for running NTP daemon or client"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Linux/FreeBSD (ntpdate), OpenBSD (ntpd, rdate), Chrony, systemd-timesyncd
        LogText "Test: Searching for a running NTP daemon or available client"
@ -200,7 +200,7 @@
    # Test        : TIME-3106
    # Description : Check status of systemd time synchronization
    if [ ${SYSTEMD_NTP_ENABLED} -eq 1 -a ! "${TIMEDATECTL}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no TIME-3106 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check systemd NTP time synchronization status"
+    Register --test-no TIME-3106 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check systemd NTP time synchronization status"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Check the status of time synchronization via timedatectl"
        FIND=`${TIMEDATECTL} status | grep "NTP sychronized: yes"`
@ -215,7 +215,7 @@
    # Test        : TIME-3112
    # Description : Check for valid associations from ntpq peers list
    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no TIME-3112 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check active NTP associations ID's"
+    Register --test-no TIME-3112 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check active NTP associations ID's"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking for NTP association ID's from ntpq peers list"
        FIND=`${NTPQBINARY} -p -n | grep "No association ID's returned"`
@ -233,7 +233,7 @@
    # Test        : TIME-3116
    # Description : Check for stratum 16 peers
    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no TIME-3116 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check peers with stratum value of 16"
+    Register --test-no TIME-3116 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check peers with stratum value of 16"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: Checking stratum 16 sources from ntpq peers list"
@ -271,7 +271,7 @@
    # Notes       : Items with # are too far away (network distance)
    #               Items with - are not chosing due clustering algoritm
    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no TIME-3120 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check unreliable NTP peers"
+    Register --test-no TIME-3120 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check unreliable NTP peers"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking unreliable ntp peers"
        FIND=`${NTPQBINARY} -p -n | egrep "^(-|#)" | awk '{ print $1 }' | sed 's/^-//g'`
@ -294,7 +294,7 @@
    # Test        : TIME-3124
    # Description : Check selected time source
    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no TIME-3124 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check selected time source"
+    Register --test-no TIME-3124 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check selected time source"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking selected time source"
        FIND=`${NTPQBINARY} -p -n | grep '^*' | awk '{ if ($4=="l") { print $1 } }'`
@ -316,7 +316,7 @@
    # Test        : TIME-3128
    # Description : Check time source candidates
    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no TIME-3128 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check preffered time source"
+    Register --test-no TIME-3128 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check preffered time source"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking preferred time source"
        FIND=`${NTPQBINARY} -p -n | grep '^+' | awk '{ print $1 }'`
@ -339,7 +339,7 @@
    # Test        : TIME-3132
    # Description : Check ntpq falsetickers
    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no TIME-3132 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check NTP falsetickers"
+    Register --test-no TIME-3132 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check NTP falsetickers"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking preferred time source"
        FIND=`${NTPQBINARY} -p -n | grep '^x'`
@ -363,7 +363,7 @@
    # Test        : TIME-3136
    # Description : Check ntpq reported ntp version (Linux)
    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no TIME-3136 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check NTP protocol version"
+    Register --test-no TIME-3136 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check NTP protocol version"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking NTP protocol version (ntpq -c ntpversion)"
        FIND=`${NTPQBINARY} -c ntpversion | awk '{ if ($1=="NTP" && $2=="version" && $5=="is") { print $6 } }'`
@ -384,7 +384,7 @@
    # Description : Check /etc/default/ntpdate (Linux)
    # Notes       : ntpdate-debian binary
    #if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    #Register --test-no TIME-3146 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/default/ntpdate"
+    #Register --test-no TIME-3146 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/default/ntpdate"
    #if [ ${SKIPTEST} -eq 0 ]; then
 #
 #################################################################################
@ -393,7 +393,7 @@
    # Description : Check empty NTP step-tickers
    # Notes       : Mostly applies to Red Hat and clones
    if [ "${NTPD_RUNNING}" -eq 1 -a ! "${NTPQBINARY}" = "" -a ! "${CHKCONFIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no TIME-3160 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check empty NTP step-tickers"
+    Register --test-no TIME-3160 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check empty NTP step-tickers"
    if [ ${SKIPTEST} -eq 0 ]; then
        FOUND=0
        FILE="/etc/ntp/step-tickers"
@ -449,7 +449,7 @@ WaitForKeyPress
    #               Other should preferably have no access, or read-only at max
    FILE_ARRAY="/etc/chrony.conf /etc/inet/ntp.conf /etc/ntp.conf /usr/local/etc/ntp.conf"
-    Register --test-no TIME-3170 --weight L --network NO --description "Check configuration files"
+    Register --test-no TIME-3170 --weight L --network NO --category security --description "Check configuration files"
    if [ ${SKIPTEST} -eq 0 ]; then
        for FILE in ${FILE_ARRAY}; do
            if [ -f ${FILE} ]; then
--- a/include/tests_tooling
+++ b/include/tests_tooling
@ -43,7 +43,7 @@
 #
    # Test        : TOOL-5002
    # Description : Check if automation tools are found
-    Register --test-no TOOL-5002 --weight L --network NO --description "Checking for automation tools"
+    Register --test-no TOOL-5002 --weight L --network NO --category security --description "Checking for automation tools"
    if [ ${SKIPTEST} -eq 0 ]; then
        Display --indent 2 --text "- Checking automation tooling"
@ -155,7 +155,7 @@
 #
    # Test        : TOOL-5102
    # Description : Check for Fail2ban
-    Register --test-no TOOL-5102 --weight L --network NO --description "Check for presence of Fail2ban"
+    Register --test-no TOOL-5102 --weight L --network NO --category security --description "Check for presence of Fail2ban"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Fail2ban presence
@ -268,7 +268,7 @@
 #
    # Test        : TOOL-5190
    # Description : Check for an IDS/IPS tool
-    Register --test-no TOOL-5014 --weight L --network NO --description "Check presence of IDS/IPS tool"
+    Register --test-no TOOL-5014 --weight L --network NO --category security --description "Check presence of IDS/IPS tool"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then
--- a/include/tests_virtualization
+++ b/include/tests_virtualization
@ -28,7 +28,7 @@
 #
 #    # Test        : VIRT-1920
 #    # Description : Checking VMware
-#    Register --test-no VIRT-1920 --weight L --network NO --description "Checking VMware guest status"
+#    Register --test-no VIRT-1920 --weight L --network NO --category security --description "Checking VMware guest status"
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #        # Initialise
 #        VMWARE_GUEST=0
--- a/include/tests_webservers
+++ b/include/tests_webservers
@ -52,7 +52,7 @@
    # Notes       : Do not run on NetBSD, -v is unknown option for httpd binary
    #               On OpenBSD do not run /usr/sbin/httpd with -v: builtin non-Apache
    if [ ! "${OS}" = "NetBSD" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6622 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking Apache presence"
+    Register --test-no HTTP-6622 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking Apache presence"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ "${OS}" = "OpenBSD" -a "${HTTPDBINARY}" = "/usr/sbin/httpd" ]; then HTTPDBINARY=""; fi
        if [ "${HTTPDBINARY}" = "" ]; then
@ -88,7 +88,7 @@
      else
        PREQS_MET="NO"
    fi
-    Register --test-no HTTP-6624 --preqs-met ${PREQS_MET} --weight L --network NO --description "Testing main Apache configuration file"
+    Register --test-no HTTP-6624 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Testing main Apache configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        APACHE_CONFIGFILE=""
        APACHE_TEST=`${HTTPDBINARY} -V 2> /dev/null | grep "\-D SERVER_CONFIG_FILE=" | sed 's/[ ]-D SERVER_CONFIG_FILE=//' | tr -d '"' | tr -d ' ' | tr -d '[:cntrl:]'`
@ -124,7 +124,7 @@
    # Test        : HTTP-6626
    # Description : Testing other Apache configuration files
    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6626 --preqs-met ${PREQS_MET} --weight L --network NO --description "Testing other Apache configuration file"
+    Register --test-no HTTP-6626 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Testing other Apache configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        #Display --indent 4 --text "- Searching Apache virtual hosts"
        for I in ${sTEST_APACHE_TARGETS}; do
@ -194,7 +194,7 @@
    # Test        : HTTP-6628
    # Description : Testing other Apache configuration files
    #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    #Register --test-no HTTP-6628 --preqs-met ${PREQS_MET} --weight L --network NO --description "Testing other Apache configuration file"
+    #Register --test-no HTTP-6628 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Testing other Apache configuration file"
    #if [ ${SKIPTEST} -eq 0 ]; then
 #    	        # Configuration specific tests
 #	        SERVERTOKENSFOUND=0
@ -244,7 +244,7 @@
    # Test        : HTTP-6630
    # Description : Search for all loaded modules
    #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    #Register --test-no HTTP-6630 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining all loaded Apache modules"
+    #Register --test-no HTTP-6630 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining all loaded Apache modules"
    #if [ ${SKIPTEST} -eq 0 ]; then
        # Testing Debian style
        #LogText "Test: searching loaded/enabled Apache modules"
@ -264,7 +264,7 @@
    # Test        : HTTP-6632
    # Description : Search for available Apache modules
    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6632 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining all available Apache modules"
+    Register --test-no HTTP-6632 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining all available Apache modules"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: searching available Apache modules"
        N=0
@ -293,7 +293,7 @@
    # Test        : HTTP-6640
    # Description : Search for special Apache modules: evasive
    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6640 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules"
+    Register --test-no HTTP-6640 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check modules, module
        CheckItem "apache_module" "/mod_evasive([0-9][0-9])?.so"
@ -312,7 +312,7 @@
    # Test        : HTTP-6641
    # Description : Search for special Apache modules: Quality of Service
    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6641 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules"
+    Register --test-no HTTP-6641 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check modules, module
        CheckItem "apache_module" "/mod_qos.so"
@ -332,7 +332,7 @@
    # Description : Search for special Apache modules: Spamhaus
    # Notes       : This test is outdated
    #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    #Register --test-no HTTP-6642 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules"
+    #Register --test-no HTTP-6642 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #    # Check modules, module
    #    CheckItem "apache_module" "/mod_spamhaus.so"
@ -351,7 +351,7 @@
    # Test        : HTTP-6643
    # Description : Search for special Apache modules: security
    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6643 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules"
+    Register --test-no HTTP-6643 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check modules, module
        CheckItem "apache_module" "/mod_security2.so"
@ -375,7 +375,7 @@
 #
    # Test        : HTTP-6702
    # Description : Search for nginx process
-    Register --test-no HTTP-6702 --weight L --network NO --description "Check nginx process"
+    Register --test-no HTTP-6702 --weight L --network NO --category security --description "Check nginx process"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: searching running nginx process"
        FIND=`${PSBINARY} ax | grep "/nginx" | grep "master" | grep -v "grep"`
@ -394,7 +394,7 @@
    # Test        : HTTP-6704
    # Description : Search for nginx configuration file
    if [ ${NGINX_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6704 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx configuration file"
+    Register --test-no HTTP-6704 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx configuration file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: searching nginx configuration file"
        for I in ${NGINX_CONF_LOCS}; do
@ -419,7 +419,7 @@
    # Description : Search for includes within nginx configuration file
    # Notes       : Daemon nginx should be running, nginx.conf should be found
    if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6706 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for additional nginx configuration files"
+    Register --test-no HTTP-6706 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for additional nginx configuration files"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Remove temp file
        if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi
@ -468,7 +468,7 @@
    # Description : Check discovered nginx configuration settings for further hardering
    # Notes       : Daemon of nginx should be running, nginx.conf should be found
    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6708 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check discovered nginx configuration settings"
+    Register --test-no HTTP-6708 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check discovered nginx configuration settings"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: start parsing all discovered nginx options"
        Display --indent 4 --text "- Parsing configuration options"
@ -481,7 +481,7 @@
    # Description : Check SSL configuration of nginx
    # Notes       : Daemon of nginx should be running, nginx.conf should be found
    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6710 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx SSL configuration settings"
+    Register --test-no HTTP-6710 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx SSL configuration settings"
    if [ ${SKIPTEST} -eq 0 ]; then
        NGINX_SSL_SUGGESTION=0
        if [ ${NGINX_SSL_ON} -eq 1 ]; then
@ -534,7 +534,7 @@
    # Description : Check logging configuration of nginx
    # Notes       : Daemon of nginx should be running, nginx.conf should be found
    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6712 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx access logging"
+    Register --test-no HTTP-6712 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx access logging"
    if [ ${SKIPTEST} -eq 0 ]; then
        NGINX_LOG_SUGGESTION=0
        Display --indent 6 --text "- Checking log file configuration"
@ -568,7 +568,7 @@
    # Test        : HTTP-6714
    # Description : Check missing error logs in nginx
    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6714 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for missing error logs in nginx"
+    Register --test-no HTTP-6714 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for missing error logs in nginx"
    if [ ${SKIPTEST} -eq 0 ]; then
        NGINX_LOG_SUGGESTION=0
        # Check for missing access log
@ -589,7 +589,7 @@
    # Test        : HTTP-6716
    # Description : Check debug mode on error log in nginx
    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6716 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for debug mode on error log in nginx"
+    Register --test-no HTTP-6716 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for debug mode on error log in nginx"
    if [ ${SKIPTEST} -eq 0 ]; then
        NGINX_LOG_SUGGESTION=0
        # Access log in debug mode
@ -615,7 +615,7 @@
    # Description : Check if nginx is running as a reverse proxy
    # Notes       : aliases are not counted yet (YYY)
 #    if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-#    Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx virtual hosts"
+#    Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx virtual hosts"
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #	N=0
 #	LogText "Test: searching proxy_pass statement in configuration file ${NGINX_CONF_LOCATION}"
@ -639,7 +639,7 @@
    # Description : Search for nginx virtual hosts
    # Notes       : Test if not aware yet of included configuration files
 #    if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-#    Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx virtual hosts"
+#    Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx virtual hosts"
 #    if [ ${SKIPTEST} -eq 0 ]; then
 #	N=0
 #	LogText "Test: searching nginx virtual hosts"
@ -664,7 +664,7 @@
    # Test        : HTTP-6720
    # Description : Search for Nginx log files
    if [ ${NGINX_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no HTTP-6720 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Nginx log files"
+    Register --test-no HTTP-6720 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Nginx log files"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking directories for files with log file definitions"
        for I in ${NGINX_CONF_LOCS}; do
--- a/16
+++ b/16
@ -510,6 +510,8 @@ ${NORMAL}
        LogText "Info: could not find a hostname, using 'no-hostname' instead"
        ReportSuggestion "LYNIS" "Check your hostname configuration" "hostname -s"
    fi
    Report "test_category=${TEST_CATEGORY_TO_CHECK}"
    Report "test_group=${TEST_GROUP_TO_CHECK}"
 #
 #################################################################################
 #
@ -578,13 +580,17 @@ ${NORMAL}
        echo "  Kernel version:            ${OS_KERNELVERSION}"
        echo "  Hardware platform:         ${HARDWARE}"
        echo "  Hostname:                  ${HOSTNAME}"
-        echo "  Auditor:                   ${AUDITORNAME}"
+        echo "  ---------------------------------------------------"
        echo "  Profiles:                  ${PROFILES}"
        echo "  Log file:                  ${LOGFILE}"
        echo "  Report file:               ${REPORTFILE}"
        echo "  Report version:            ${REPORT_version}"
        echo "  Plugin directory:          ${PLUGINDIR}"
        echo "  ---------------------------------------------------"
        echo "  Auditor:                   ${AUDITORNAME}"
        echo "  Test category:             ${TEST_CATEGORY_TO_CHECK}"
        echo "  Test group:                ${TEST_GROUP_TO_CHECK}"
        echo "  ---------------------------------------------------"
    fi
    LogText "Program version:           ${PROGRAM_VERSION}"
@ -609,6 +615,8 @@ ${NORMAL}
    LogText "Report file:               ${REPORTFILE}"
    LogText "Report version:            ${REPORT_version}"
    LogText "-----------------------------------------------------"
    LogText "Test category:             ${TEST_CATEGORY_TO_CHECK}"
    LogText "Test group:                ${TEST_GROUP_TO_CHECK}"
    LogText "BusyBox used:              ${SHELL_IS_BUSYBOX}"
    Report "plugin_directory=${PLUGINDIR}"
@ -860,7 +868,7 @@ ${NORMAL}
        LogTextBreak
        # Test sections
-        if [ "${TESTS_CATEGORY_TO_PERFORM}" = "" ]; then
+        if [ "${TEST_GROUP_TO_CHECK}" = "all" ]; then
            LogText "Info: perform tests from all categories"
            INCLUDE_TESTS="boot_services kernel memory_processes authentication shells \
@ -870,8 +878,8 @@ ${NORMAL}
                           mac_frameworks file_integrity tooling malware file_permissions homedirs \
                           kernel_hardening hardening"
          else
-            INCLUDE_TESTS="${TESTS_CATEGORY_TO_PERFORM}"
+            INCLUDE_TESTS="${TEST_GROUP_TO_CHECK}"
-            LogText "Info: only performing tests from categories: ${TESTS_CATEGORY_TO_PERFORM}"
+            LogText "Info: only performing tests from groups: ${TEST_GROUP_TO_CHECK}"
        fi
        # Include available tests