Detections
Analytics

CIS AlmaLinux OS 8 Workstation L1 v2.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS AlmaLinux OS 8 Workstation L1 v2.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.29

Estimated Item Count: 335

File Details

Filename: CIS_AlmaLinux_OS_8_Workstation_v2.0.0_L1.audit

Size: 751 kB

MD5: 2b05ac811a7e26a9f56e472acddd7b65
SHA256: 6eddfef07773237c2d6f3eb65989930334bfebc418d24e0b458aa20669c9bf28

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - blacklist
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe
1.1.2.1 Ensure /tmp is a separate partition - mount
1.1.2.1 Ensure /tmp is a separate partition - systemctl
1.1.2.2 Ensure nodev option set on /tmp partition
1.1.2.3 Ensure noexec option set on /tmp partition
1.1.2.4 Ensure nosuid option set on /tmp partition
1.1.3.2 Ensure nodev option set on /var partition
1.1.3.3 Ensure noexec option set on /var partition
1.1.3.4 Ensure nosuid option set on /var partition
1.1.4.2 Ensure noexec option set on /var/tmp partition
1.1.4.3 Ensure nosuid option set on /var/tmp partition
1.1.4.4 Ensure nodev option set on /var/tmp partition
1.1.5.2 Ensure nodev option set on /var/log partition
1.1.5.3 Ensure noexec option set on /var/log partition
1.1.5.4 Ensure nosuid option set on /var/log partition
1.1.6.2 Ensure noexec option set on /var/log/audit partition
1.1.6.3 Ensure nodev option set on /var/log/audit partition
1.1.6.4 Ensure nosuid option set on /var/log/audit partition
1.1.7.2 Ensure nodev option set on /home partition
1.1.7.3 Ensure nosuid option set on /home partition
1.1.7.4 Ensure usrquota option set on /home partition - findmnt
1.1.7.4 Ensure usrquota option set on /home partition - quotaon
1.1.7.5 Ensure grpquota option set on /home partition - findmnt
1.1.7.5 Ensure grpquota option set on /home partition - quotaon
1.1.8.1 Ensure nodev option set on /dev/shm partition
1.1.8.2 Ensure noexec option set on /dev/shm partition
1.1.8.3 Ensure nosuid option set on /dev/shm partition
1.2.1 Ensure GPG keys are configured
1.2.2 Ensure gpgcheck is globally activated
1.2.3 Ensure package manager repositories are configured
1.3.1 Ensure AIDE is installed
1.3.2 Ensure filesystem integrity is regularly checked - cron
1.3.2 Ensure filesystem integrity is regularly checked - systemctl is-enabled aidecheck.service
1.3.2 Ensure filesystem integrity is regularly checked - systemctl is-enabled aidecheck.timer
1.3.2 Ensure filesystem integrity is regularly checked - systemctl status aidecheck.timer
1.4.1 Ensure bootloader password is set
1.4.2 Ensure permissions on bootloader config are configured
1.4.3 Ensure authentication is required when booting into rescue mode - emergency.service
1.4.3 Ensure authentication is required when booting into rescue mode - rescue.service
1.5.1 Ensure core dump storage is disabled
1.5.2 Ensure core dump backtraces are disabled
1.5.3 Ensure address space layout randomization (ASLR) is enabled - files
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl
1.6.1.1 Ensure SELinux is installed
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration
1.6.1.3 Ensure SELinux policy is configured - /etc/selinux/config
1.6.1.3 Ensure SELinux policy is configured - sestatus
1.6.1.4 Ensure the SELinux mode is not disabled - /etc/selinux/config