CIS Debian Linux 7 L1 v1.0.0

Audit Details

Name: CIS Debian Linux 7 L1 v1.0.0

Updated: 11/1/2023

Authority: CIS

Plugin: Unix

Revision: 1.26

Estimated Item Count: 228

File Details

Filename: CIS_Debian_Linux_7_v1.0.0_L1.audit

Size: 333 kB

MD5: f167d38daae9979e298fc54f9b56a0c9
SHA256: fadb378867060da035f30bae99a570624755b264bbe0b5ebd0bc4f56b20fafc8

Audit Items

DescriptionCategories
1.1 Install Updates, Patches and Additional Security Software

SYSTEM AND INFORMATION INTEGRITY

2.1 Create Separate Partition for /tmp

CONFIGURATION MANAGEMENT

2.2 Set nodev option for /tmp Partition

CONFIGURATION MANAGEMENT

2.3 Set nosuid option for /tmp Partition

CONFIGURATION MANAGEMENT

2.4 Set noexec option for /tmp Partition

CONFIGURATION MANAGEMENT

2.5 Create Separate Partition for /var

CONFIGURATION MANAGEMENT

2.6 Bind Mount the /var/tmp directory to /tmp

CONFIGURATION MANAGEMENT

2.7 Create Separate Partition for /var/log

AUDIT AND ACCOUNTABILITY

2.8 Create Separate Partition for /var/log/audit

AUDIT AND ACCOUNTABILITY

2.9 Create Separate Partition for /home

CONFIGURATION MANAGEMENT

2.10 Add nodev Option to /home

CONFIGURATION MANAGEMENT

2.11 Add nodev Option to Removable Media Partitions

CONFIGURATION MANAGEMENT

2.12 Add noexec Option to Removable Media Partitions

CONFIGURATION MANAGEMENT

2.13 Add nosuid Option to Removable Media Partitions

CONFIGURATION MANAGEMENT

2.14 Add nodev Option to /run/shm Partition

CONFIGURATION MANAGEMENT

2.15 Add nosuid Option to /run/shm Partition

CONFIGURATION MANAGEMENT

2.16 Add noexec Option to /run/shm Partition

CONFIGURATION MANAGEMENT

2.17 Set Sticky Bit on All World-Writable Directories

ACCESS CONTROL

2.25 Disable Automounting

CONFIGURATION MANAGEMENT

3.1 Set User/Group Owner on bootloader config

SYSTEM AND INFORMATION INTEGRITY

3.2 Set Permissions on bootloader config

SYSTEM AND INFORMATION INTEGRITY

3.3 Set Boot Loader Password - password_pbkdf2

CONFIGURATION MANAGEMENT

3.3 Set Boot Loader Password - set superusers

CONFIGURATION MANAGEMENT

3.4 Require Authentication for Single-User Mode

IDENTIFICATION AND AUTHENTICATION

4.1 Restrict Core Dumps - fs.suid_dumpable

ACCESS CONTROL

4.1 Restrict Core Dumps - limits.conf

ACCESS CONTROL

4.2 Enable XD/NX Support on 32-bit x86 Systems

SYSTEM AND INFORMATION INTEGRITY

4.3 Enable Randomized Virtual Memory Region Placement

SYSTEM AND INFORMATION INTEGRITY

4.4 Disable Prelink

CONFIGURATION MANAGEMENT

5.1.1 Ensure NIS is not installed

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - exec

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - login

CONFIGURATION MANAGEMENT

5.1.2 Ensure rsh server is not enabled - shell

CONFIGURATION MANAGEMENT

5.1.3 Ensure rsh client is not installed - rsh-client

CONFIGURATION MANAGEMENT

5.1.3 Ensure rsh client is not installed - rsh-reload-client

CONFIGURATION MANAGEMENT

5.1.4 Ensure talk server is not enabled

CONFIGURATION MANAGEMENT

5.1.5 Ensure talk client is not installed

CONFIGURATION MANAGEMENT

5.1.6 Ensure telnet server is not enabled

CONFIGURATION MANAGEMENT

5.1.7 Ensure tftp-server is not enabled

CONFIGURATION MANAGEMENT

5.1.8 Ensure xinetd is not enabled

CONFIGURATION MANAGEMENT

5.2 Ensure chargen is not enabled

CONFIGURATION MANAGEMENT

5.3 Ensure daytime is not enabled

CONFIGURATION MANAGEMENT

5.4 Ensure echo is not enabled

CONFIGURATION MANAGEMENT

5.5 Ensure discard is not enabled

CONFIGURATION MANAGEMENT

5.6 Ensure time is not enabled

CONFIGURATION MANAGEMENT

6.1 Ensure the X Window system is not installed

CONFIGURATION MANAGEMENT

6.2 Ensure Avahi Server is not enabled

CONFIGURATION MANAGEMENT

6.3 Ensure print server is not enabled

CONFIGURATION MANAGEMENT

6.4 Ensure DHCP Server is not enabled

CONFIGURATION MANAGEMENT

6.5 Configure Network Time Protocol (NTP)

AUDIT AND ACCOUNTABILITY