Revision 1.3Oct 5, 2020
Functional Update
- 1.1.3 Ensure seperate file system for /tmp
- 1.4.4 Ensure UEFI requires authentication for single-user and maintenance modes - password
- 1.4.4 Ensure UEFI requires authentication for single-user and maintenance modes - superusers
- 1.5.6 Ensure NIST FIPS-validated cryptography is configured - grub
- 1.5.7 Ensure DNS is servers are configured - empty resolv
- 1.5.7 Ensure DNS is servers are configured - nameserver 1
- 1.5.7 Ensure DNS is servers are configured - nameserver 2
- 1.9 Ensure anti-virus is installed and running
- 2.1.4 Ensure TFTP daemon is configured to operate in secure mode.
- 2.2.1.4 Ensure NTP 'maxpoll' is set - maxpoll is set.
- 2.2.2.1 Ensure the screen package is installed.
- 2.2.2.10 Ensure screensaver lock-enabled is set.
- 2.2.2.11 Ensure the screensaver idle-activation-enabled setting
- 2.2.2.2 Ensure GNOME Screen Lock is Enabled.
- 2.2.2.3 Ensure GNOME Screensaver period of inactivity is configured.
- 2.2.2.4 Ensure GNOME Idle activation is set.
- 2.2.2.5 Ensure GNOME Lock Delay is configured
- 2.2.2.6 Ensure automatic logon via GUI is not allowed
- 2.2.2.7 Ensure unrestricted logon is not allowed
- 2.2.2.8 Ensure overriding the screensaver lock-delay setting is prevented
- 2.2.2.9 Ensure session idle-delay settings is enforced
- 2.2.25 Ensure unrestricted mail relaying is prevented.
- 2.2.26 Ensure ldap_tls_cacert is set for LDAP - config
- 2.2.26 Ensure ldap_tls_cacert is set for LDAP - file
- 2.2.27 Ensure ldap_id_use_start_tls is set for LDAP.
- 2.2.28 Ensure ldap_tls_reqcert is set for LDAP
- 3.7 Ensure IP tunnels are not configured.
- 4.1.2.14 Ensure audit of the rmdir syscall - 64 bit
- 4.1.2.15 Ensure audit of unlink syscall - 64 bit
- 4.1.2.16 Ensure audit unlinkat syscall - 64 bit
- 4.1.2.17 Ensure audit of the create_module syscall - 64 bit
- 4.1.2.18 Ensure audit of the finit_module syscall - 64 bit
- 4.1.2.25 Ensure audit of the mount command and syscall - 64 bit
- 4.1.21 Ensure auditing of all privileged functions - setgid 64 bit
- 4.1.21 Ensure auditing of all privileged functions - setuid 64 bit
- 4.2.2.6 Ensure rsyslog imudp and imrelp aren't loaded.
- 4.5 Ensure system notification is sent out when voume is 75% full
- 5.10 Ensure enable smartcard authentication is set to true