CIS Debian Linux 7 L1 v1.0.0

Audit Details

Name: CIS Debian Linux 7 L1 v1.0.0

Updated: 7/27/2022

Authority: CIS

Plugin: Unix

Revision: 1.18

Estimated Item Count: 228

File Details

Filename: CIS_Debian_Linux_7_v1.0.0_L1.audit

Size: 319 kB

MD5: 9056410d5a48f18b4b7cc7615a9132ba
SHA256: e95860b9889820cbc607bca0ab88ede1140870d2a77404f30222f18244d67bc2

Audit Items

DescriptionCategories
1.1 Install Updates, Patches and Additional Security Software

SYSTEM AND INFORMATION INTEGRITY

2.1 Create Separate Partition for /tmp
2.2 Set nodev option for /tmp Partition
2.3 Set nosuid option for /tmp Partition
2.4 Set noexec option for /tmp Partition
2.5 Create Separate Partition for /var
2.6 Bind Mount the /var/tmp directory to /tmp
2.7 Create Separate Partition for /var/log
2.8 Create Separate Partition for /var/log/audit
2.9 Create Separate Partition for /home
2.10 Add nodev Option to /home
2.11 Add nodev Option to Removable Media Partitions
2.12 Add noexec Option to Removable Media Partitions
2.13 Add nosuid Option to Removable Media Partitions
2.14 Add nodev Option to /run/shm Partition
2.15 Add nosuid Option to /run/shm Partition
2.16 Add noexec Option to /run/shm Partition
2.17 Set Sticky Bit on All World-Writable Directories

ACCESS CONTROL

2.25 Disable Automounting

CONFIGURATION MANAGEMENT

3.1 Set User/Group Owner on bootloader config

SYSTEM AND INFORMATION INTEGRITY

3.2 Set Permissions on bootloader config

SYSTEM AND INFORMATION INTEGRITY

3.3 Set Boot Loader Password - password_pbkdf2
3.3 Set Boot Loader Password - set superusers
3.4 Require Authentication for Single-User Mode

IDENTIFICATION AND AUTHENTICATION

4.1 Restrict Core Dumps - fs.suid_dumpable

ACCESS CONTROL

4.1 Restrict Core Dumps - limits.conf

ACCESS CONTROL

4.2 Enable XD/NX Support on 32-bit x86 Systems

SYSTEM AND INFORMATION INTEGRITY

4.3 Enable Randomized Virtual Memory Region Placement

SYSTEM AND INFORMATION INTEGRITY

4.4 Disable Prelink

CONFIGURATION MANAGEMENT

5.1.1 Ensure NIS is not installed

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - exec

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - login

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - shell

CONFIGURATION MANAGEMENT

5.1.3 Ensure rsh client is not installed - rsh-client

CONFIGURATION MANAGEMENT

5.1.3 Ensure rsh client is not installed - rsh-reload-client

CONFIGURATION MANAGEMENT

5.1.4 Ensure talk server is not enabled

CONFIGURATION MANAGEMENT

5.1.5 Ensure talk client is not installed

CONFIGURATION MANAGEMENT

5.1.6 Ensure telnet server is not enabled

CONFIGURATION MANAGEMENT

5.1.7 Ensure tftp-server is not enabled

CONFIGURATION MANAGEMENT

5.1.8 Ensure xinetd is not enabled

CONFIGURATION MANAGEMENT

5.2 Ensure chargen is not enabled

CONFIGURATION MANAGEMENT

5.3 Ensure daytime is not enabled

CONFIGURATION MANAGEMENT

5.4 Ensure echo is not enabled

CONFIGURATION MANAGEMENT

5.5 Ensure discard is not enabled

CONFIGURATION MANAGEMENT

5.6 Ensure time is not enabled

CONFIGURATION MANAGEMENT

6.1 Ensure the X Window system is not installed

CONFIGURATION MANAGEMENT

6.2 Ensure Avahi Server is not enabled

CONFIGURATION MANAGEMENT

6.3 Ensure print server is not enabled

CONFIGURATION MANAGEMENT

6.4 Ensure DHCP Server is not enabled

CONFIGURATION MANAGEMENT

6.5 Configure Network Time Protocol (NTP)