CIS Debian 10 Workstation L1 v1.0.0

Audit Details

Name: CIS Debian 10 Workstation L1 v1.0.0

Updated: 10/4/2022

Authority: CIS

Plugin: Unix

Revision: 1.20

Estimated Item Count: 304

File Details

Filename: CIS_Debian_Linux_10_v1.0.0_L1_Workstation.audit

Size: 686 kB

MD5: 52909c15fe8797eb26745d5581e6412f
SHA256: 7e3a72519cd2cdf2bf700fac7561ceb9df8166b43c592a2ef1528fea45b5b381

Audit Changelog

 
Revision 1.20

Oct 4, 2022

Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 3.5.3.4 Ensure loopback traffic is configured - v6
Added
  • 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd
Removed
  • 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd - + entries exist in /etc/passwd
Revision 1.19

Sep 7, 2022

Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 2.2.16 Ensure rsync service is not enabled
  • 2.2.17 Ensure NIS Server is not enabled
  • 3.5.3.4 Ensure loopback traffic is configured - v6
Revision 1.18

Jul 27, 2022

Functional Update
  • 1.1.18 Ensure nodev option set on removable media partitions
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 3.5.3.4 Ensure loopback traffic is configured - v6
  • 5.2.10 Ensure SSH root login is disabled
  • 5.2.11 Ensure SSH PermitEmptyPasswords is disabled
  • 5.2.12 Ensure SSH PermitUserEnvironment is disabled
  • 5.2.18 Ensure SSH access is limited
  • 5.2.19 Ensure SSH warning banner is configured
  • 5.2.20 Ensure SSH PAM is enabled
  • 5.2.22 Ensure SSH MaxStartups is configured
  • 5.2.23 Ensure SSH MaxSessions is limited
  • 5.2.4 Ensure SSH Protocol is not set to 1
  • 5.2.5 Ensure SSH LogLevel is appropriate
  • 5.2.6 Ensure SSH X11 forwarding is disabled
  • 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less
  • 5.2.8 Ensure SSH IgnoreRhosts is enabled
  • 5.2.9 Ensure SSH HostbasedAuthentication is disabled
Revision 1.17

May 27, 2022

Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 3.5.3.4 Ensure loopback traffic is configured - v6
  • 5.4.1.2 Ensure minimum days between password changes is configured - users
Revision 1.16

May 11, 2022

Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 3.5.3.4 Ensure loopback traffic is configured - v6
  • 5.4.1.2 Ensure minimum days between password changes is configured - login.defs
  • 5.4.2 Ensure system accounts are secured
  • 5.4.5 Ensure default user shell timeout is 900 seconds or less
Revision 1.15

May 4, 2022

Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 3.5.3.4 Ensure loopback traffic is configured - v6
  • 5.1.8 Ensure at/cron is restricted to authorized users - at.allow
  • 5.1.8 Ensure at/cron is restricted to authorized users - cron.allow
Revision 1.14

Apr 25, 2022

Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 3.5.3.4 Ensure loopback traffic is configured - v6
Miscellaneous
  • References updated.
Revision 1.13

Mar 29, 2022

Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 3.5.3.4 Ensure loopback traffic is configured - v6
Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.12

Oct 1, 2021

Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 2.2.11 Ensure email services are not enabled
  • 3.5.3.4 Ensure loopback traffic is configured - v6
  • 3.5.4.1.1 Ensure default deny firewall policy - Chain FORWARD
  • 3.5.4.1.1 Ensure default deny firewall policy - Chain INPUT
  • 3.5.4.1.1 Ensure default deny firewall policy - Chain OUTPUT
  • 3.5.4.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARD
  • 3.5.4.2.1 Ensure IPv6 default deny firewall policy - Chain INPUT
  • 3.5.4.2.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT
  • 5.2.13 Ensure only strong Ciphers are used
  • 5.2.14 Ensure only strong MAC algorithms are used
  • 5.2.15 Ensure only strong Key Exchange algorithms are used
Miscellaneous
  • References updated.
Revision 1.11

Jun 17, 2021

Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 3.5.3.4 Ensure loopback traffic is configured - v6
Miscellaneous
  • Metadata updated.
  • References updated.