CIS Debian Linux 7 L2 v1.0.0

Audit Details

Name: CIS Debian Linux 7 L2 v1.0.0

Updated: 9/16/2022

Authority: CIS

Plugin: Unix

Revision: 1.14

Estimated Item Count: 69

File Details

Filename: CIS_Debian_Linux_7_v1.0.0_L2.audit

Size: 155 kB

MD5: 2d2f4c5b334b933a83e0b261f1aef8df
SHA256: 73eb6389c28b8c43b59026b51a95ff793080ad079c2b471ebda384124f1a4cd5

Audit Items

DescriptionCategories
2.18 Disable Mounting of cramfs Filesystems

CONFIGURATION MANAGEMENT

2.19 Disable Mounting of freevxfs Filesystems

CONFIGURATION MANAGEMENT

2.20 Disable Mounting of jffs2 Filesystems

CONFIGURATION MANAGEMENT

2.21 Disable Mounting of hfs Filesystems

CONFIGURATION MANAGEMENT

2.22 Disable Mounting of hfsplus Filesystems

CONFIGURATION MANAGEMENT

2.23 Disable Mounting of squashfs Filesystems

CONFIGURATION MANAGEMENT

2.24 Disable Mounting of udf Filesystems

CONFIGURATION MANAGEMENT

4.5 Activate AppArmor

CONFIGURATION MANAGEMENT

4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - 0 processes are unconfirmed

ACCESS CONTROL

4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - 0 profiles are in complain mode

ACCESS CONTROL

4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - apparmor=1

ACCESS CONTROL

4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - security=apparmor

ACCESS CONTROL

4.5 Activate AppArmor - profiles are loaded

ACCESS CONTROL

8.1.1.1 Configure Audit Log Storage Size

AUDIT AND ACCOUNTABILITY

8.1.1.2 Disable System on Audit Log Full - action_mail_acct = root

AUDIT AND ACCOUNTABILITY

8.1.1.2 Disable System on Audit Log Full - admin_space_left_action = halt

AUDIT AND ACCOUNTABILITY

8.1.1.2 Disable System on Audit Log Full - space_left_action = email

AUDIT AND ACCOUNTABILITY

8.1.1.3 Keep All Auditing Information

AUDIT AND ACCOUNTABILITY

8.1.2 Install and Enable auditd Service

AUDIT AND ACCOUNTABILITY

8.1.3 Enable Auditing for Processes That Start Prior to auditd

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - 32 bit adjtimex

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - 32 bit clock_settime

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - 64 bit adjtimex

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - 64 bit clock_settime

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - time-change

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/group

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/gshadow

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/passwd

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/security/opasswd

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/shadow

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - /etc/hosts

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - /etc/issue

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - /etc/issue.net

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - /etc/network

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - 32 bit system-locale

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - 64 bit system-locale

AUDIT AND ACCOUNTABILITY

8.1.7 Record Events That Modify the System's Mandatory Access Controls

AUDIT AND ACCOUNTABILITY

8.1.8 Collect Login and Logout Events - /var/log/faillog

AUDIT AND ACCOUNTABILITY

8.1.8 Collect Login and Logout Events - /var/log/lastlog

AUDIT AND ACCOUNTABILITY

8.1.8 Collect Login and Logout Events - /var/log/tallylog

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information - /var/log/btmp

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information - /var/log/wtmp

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information - /var/run/utmp

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 32 bit chmod

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 32 bit chown

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 32 bit setxattr

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 64 bit chmod

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 64 bit chown

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 64 bit setxattr

AUDIT AND ACCOUNTABILITY

8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files - 32 bit EACCES

AUDIT AND ACCOUNTABILITY