Detections
Analytics

CIS Debian 10 Server L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Debian 10 Server L1 v1.0.0

Updated: 1/21/2026

Authority: CIS

Plugin: Unix

Revision: 1.38

Estimated Item Count: 302

File Details

Filename: CIS_Debian_Linux_10_v1.0.0_L1_Server.audit

Size: 590 kB

MD5: 55ad7b8c4167e9e3a3ab78e2a40a8436
SHA256: 6496e9656044048ca284b07e6b232989397e8d3139073de5622668b560f3c293

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of freevxfs filesystems is disabled - lsmod
1.1.1.1 Ensure mounting of freevxfs filesystems is disabled - modprobe
1.1.1.2 Ensure mounting of jffs2 filesystems is disabled - lsmod
1.1.1.2 Ensure mounting of jffs2 filesystems is disabled - modprobe
1.1.1.3 Ensure mounting of hfs filesystems is disabled - lsmod
1.1.1.3 Ensure mounting of hfs filesystems is disabled - modprobe
1.1.1.4 Ensure mounting of hfsplus filesystems is disabled - lsmod
1.1.1.4 Ensure mounting of hfsplus filesystems is disabled - modprobe
1.1.1.5 Ensure mounting of squashfs filesystems is disabled - lsmod
1.1.1.5 Ensure mounting of squashfs filesystems is disabled - modprobe
1.1.1.6 Ensure mounting of udf filesystems is disabled - lsmod
1.1.1.6 Ensure mounting of udf filesystems is disabled - modprobe
1.1.2 Ensure /tmp is configured - mount
1.1.2 Ensure /tmp is configured - systemctl
1.1.3 Ensure nodev option set on /tmp partition
1.1.4 Ensure nosuid option set on /tmp partition
1.1.5 Ensure noexec option set on /tmp partition
1.1.8 Ensure nodev option set on /var/tmp partition
1.1.9 Ensure nosuid option set on /var/tmp partition
1.1.10 Ensure noexec option set on /var/tmp partition
1.1.14 Ensure nodev option set on /home partition
1.1.15 Ensure nodev option set on /dev/shm partition
1.1.16 Ensure nosuid option set on /dev/shm partition
1.1.17 Ensure noexec option set on /dev/shm partition
1.1.18 Ensure nodev option set on removable media partitions
1.1.19 Ensure nosuid option set on removable media partitions
1.1.20 Ensure noexec option set on removable media partitions
1.1.21 Ensure sticky bit is set on all world-writable directories
1.1.22 Disable Automounting
1.1.23 Disable USB Storage - lsmod
1.1.23 Disable USB Storage - modprobe
1.2.1 Ensure package manager repositories are configured
1.2.2 Ensure GPG keys are configured
1.3.1 Ensure sudo is installed
1.3.2 Ensure sudo commands use pty
1.3.3 Ensure sudo log file exists
1.4.1 Ensure AIDE is installed
1.4.2 Ensure filesystem integrity is regularly checked
1.5.1 Ensure permissions on bootloader config are configured
1.5.2 Ensure bootloader password is set - password_pbkdf2
1.5.2 Ensure bootloader password is set - set superusers
1.5.3 Ensure authentication required for single user mode
1.6.1 Ensure XD/NX support is enabled
1.6.2 Ensure address space layout randomization (ASLR) is enabled
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctl
1.6.3 Ensure prelink is disabled
1.6.4 Ensure core dumps are restricted - /etc/sysctl.conf
1.6.4 Ensure core dumps are restricted - limits.conf limits.d
1.6.4 Ensure core dumps are restricted - processsizemax
1.6.4 Ensure core dumps are restricted - storage