Detections
Analytics

CIS Debian 10 Server L1 v2.0.0

Audit Details

Name: CIS Debian 10 Server L1 v2.0.0

Updated: 5/7/2024

Authority: CIS

Plugin: Unix

Revision: 1.21

Estimated Item Count: 230

File Details

Filename: CIS_Debian_Linux_10_v2.0.0_L1_Server.audit

Size: 866 kB

MD5: 75f27afaedb0ab7be332fc6659f7a965
SHA256: 152b005b1235f990a6a314387f44e8d853226181e6bad3bdd8eee348254237c7

Audit Changelog

 
Revision 1.21

May 7, 2024

Functional Update
  • 2.1.2.1 Ensure chrony is configured with authorized timeserver
  • 2.1.2.2 Ensure chrony is running as user _chrony
  • 2.1.2.3 Ensure chrony is enabled and running
Revision 1.20

Apr 22, 2024

Functional Update
  • 5.1.2.6 Ensure rsyslog is configured to send logs to a remote log host
Revision 1.19

Apr 10, 2024

Functional Update
  • 1.8.2 Ensure GDM login banner is configured
  • 1.8.3 Ensure GDM disable-user-list option is enabled
  • 1.8.4 Ensure GDM screen locks when the user is idle
  • 1.8.5 Ensure GDM screen locks cannot be overridden
  • 1.8.6 Ensure GDM automatic mounting of removable media is disabled
  • 1.8.7 Ensure GDM disabling automatic mounting of removable media is not overridden
  • 1.8.8 Ensure GDM autorun-never is enabled
  • 1.8.9 Ensure GDM autorun-never is not overridden
Revision 1.18

Mar 18, 2024

Functional Update
  • 3.1.2 Ensure wireless interfaces are disabled
  • 4.2.2 Ensure permissions on SSH private host key files are configured
  • 4.2.3 Ensure permissions on SSH public host key files are configured
  • 5.1.3 Ensure all logfiles have appropriate access configured
  • 6.1.11 Ensure world writable files and directories are secured
  • 6.1.12 Ensure no unowned or ungrouped files or directories exist
  • 6.1.13 Ensure SUID and SGID files are reviewed
  • 6.2.12 Ensure local interactive user dot files access is configured
Miscellaneous
  • Variables updated.
Revision 1.17

Mar 1, 2024

Functional Update
  • 3.4.1.7 Ensure ufw default deny firewall policy
Revision 1.16

Feb 20, 2024

Functional Update
  • 4.2.5 Ensure SSH LogLevel is appropriate
Revision 1.15

Feb 16, 2024

Functional Update
  • 4.2.20 Ensure SSH LoginGraceTime is set to one minute or less
Revision 1.14

Feb 12, 2024

Functional Update
  • 4.3.1 Ensure sudo is installed
Revision 1.13

Feb 8, 2024

Functional Update
  • 2.4 Ensure nonessential services are removed or masked
  • 3.1.1 Ensure IPv6 status is identified
  • 3.4.1.5 Ensure ufw outbound connections are configured
  • 3.4.2.3 Ensure iptables are flushed with nftables
  • 3.4.2.7 Ensure nftables outbound and established connections are configured
  • 3.4.3.2.3 Ensure iptables outbound and established connections are configured
  • 3.4.3.3.3 Ensure ip6tables outbound and established connections are configured
  • 5.1.1.6 Ensure journald log rotation is configured per site policy
  • 6.1.13 Ensure SUID and SGID files are reviewed
Informational Update
  • 6.1.13 Ensure SUID and SGID files are reviewed
Revision 1.12

Jan 29, 2024

Functional Update
  • 3.1.1 Ensure IPv6 status is identified
Informational Update
  • 3.1.1 Ensure IPv6 status is identified
Miscellaneous
  • Metadata updated.