Detections
Analytics

CIS AlmaLinux OS 8 Server L1 v3.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS AlmaLinux OS 8 Server L1 v3.0.0

Updated: 10/8/2025

Authority: CIS

Plugin: Unix

Revision: 1.18

Estimated Item Count: 228

File Details

Filename: CIS_AlmaLinux_OS_8_Server_v3.0.0_L1.audit

Size: 832 kB

MD5: 738982d286e0e17f043dc42c005846be
SHA256: b03c69a8ba734d3762036bd1060e20bb1160f52b76f428049c6a2fab50e807bb

Audit Items

DescriptionCategories
1.1.1.1 Ensure cramfs kernel module is not available
1.1.1.2 Ensure freevxfs kernel module is not available
1.1.1.3 Ensure hfs kernel module is not available
1.1.1.4 Ensure hfsplus kernel module is not available
1.1.1.5 Ensure jffs2 kernel module is not available
1.1.1.8 Ensure usb-storage kernel module is not available
1.1.2.1.1 Ensure /tmp is a separate partition
1.1.2.1.2 Ensure nodev option set on /tmp partition
1.1.2.1.3 Ensure nosuid option set on /tmp partition
1.1.2.1.4 Ensure noexec option set on /tmp partition
1.1.2.2.1 Ensure /dev/shm is a separate partition
1.1.2.2.2 Ensure nodev option set on /dev/shm partition
1.1.2.2.3 Ensure nosuid option set on /dev/shm partition
1.1.2.2.4 Ensure noexec option set on /dev/shm partition
1.1.2.3.2 Ensure nodev option set on /home partition
1.1.2.3.3 Ensure nosuid option set on /home partition
1.1.2.4.2 Ensure nodev option set on /var partition
1.1.2.4.3 Ensure nosuid option set on /var partition
1.1.2.5.2 Ensure nodev option set on /var/tmp partition
1.1.2.5.3 Ensure nosuid option set on /var/tmp partition
1.1.2.5.4 Ensure noexec option set on /var/tmp partition
1.1.2.6.2 Ensure nodev option set on /var/log partition
1.1.2.6.3 Ensure nosuid option set on /var/log partition
1.1.2.6.4 Ensure noexec option set on /var/log partition
1.1.2.7.2 Ensure nodev option set on /var/log/audit partition
1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition
1.1.2.7.4 Ensure noexec option set on /var/log/audit partition
1.2.1 Ensure GPG keys are configured
1.2.2 Ensure gpgcheck is globally activated
1.2.4 Ensure package manager repositories are configured
1.2.5 Ensure updates, patches, and additional security software are installed
1.3.1 Ensure bootloader password is set
1.3.2 Ensure permissions on bootloader config are configured
1.4.1 Ensure address space layout randomization (ASLR) is enabled
1.4.2 Ensure ptrace_scope is restricted
1.4.3 Ensure core dump backtraces are disabled
1.4.4 Ensure core dump storage is disabled
1.5.1.1 Ensure SELinux is installed
1.5.1.2 Ensure SELinux is not disabled in bootloader configuration
1.5.1.3 Ensure SELinux policy is configured
1.5.1.4 Ensure the SELinux mode is not disabled
1.5.1.6 Ensure no unconfined services exist
1.5.1.7 Ensure the MCS Translation Service (mcstrans) is not installed
1.5.1.8 Ensure SETroubleshoot is not installed
1.6.1 Ensure system wide crypto policy is not set to legacy
1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support
1.6.3 Ensure system wide crypto policy disables cbc for ssh
1.6.4 Ensure system wide crypto policy disables macs less than 128 bits
1.7.1 Ensure message of the day is configured properly
1.7.2 Ensure local login warning banner is configured properly