CIS Debian Linux 7 L2 v1.0.0

Audit Details

Name: CIS Debian Linux 7 L2 v1.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.22

Estimated Item Count: 69

File Details

Filename: CIS_Debian_Linux_7_v1.0.0_L2.audit

Size: 158 kB

MD5: 368d2af5098584ce43d41b675abfa427
SHA256: f6d009406a197f41d62c5e7416171df7e0000853046b3b173823c039f6464e2a

Audit Items

DescriptionCategories
2.18 Disable Mounting of cramfs Filesystems

CONFIGURATION MANAGEMENT

2.19 Disable Mounting of freevxfs Filesystems

CONFIGURATION MANAGEMENT

2.20 Disable Mounting of jffs2 Filesystems

CONFIGURATION MANAGEMENT

2.21 Disable Mounting of hfs Filesystems

CONFIGURATION MANAGEMENT

2.22 Disable Mounting of hfsplus Filesystems

CONFIGURATION MANAGEMENT

2.23 Disable Mounting of squashfs Filesystems

CONFIGURATION MANAGEMENT

2.24 Disable Mounting of udf Filesystems

CONFIGURATION MANAGEMENT

4.5 Activate AppArmor
4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - 0 processes are unconfirmed

ACCESS CONTROL

4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - 0 profiles are in complain mode

ACCESS CONTROL

4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - apparmor=1

ACCESS CONTROL

4.5 Activate AppArmor - GRUB_CMDLINE_LINUX - security=apparmor

ACCESS CONTROL

4.5 Activate AppArmor - profiles are loaded

ACCESS CONTROL

8.1.1.1 Configure Audit Log Storage Size

AUDIT AND ACCOUNTABILITY

8.1.1.2 Disable System on Audit Log Full - action_mail_acct = root

AUDIT AND ACCOUNTABILITY

8.1.1.2 Disable System on Audit Log Full - admin_space_left_action = halt

AUDIT AND ACCOUNTABILITY

8.1.1.2 Disable System on Audit Log Full - space_left_action = email

AUDIT AND ACCOUNTABILITY

8.1.1.3 Keep All Auditing Information

AUDIT AND ACCOUNTABILITY

8.1.2 Install and Enable auditd Service

AUDIT AND ACCOUNTABILITY

8.1.3 Enable Auditing for Processes That Start Prior to auditd

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - 32 bit adjtimex

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - 32 bit clock_settime

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - 64 bit adjtimex

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - 64 bit clock_settime

AUDIT AND ACCOUNTABILITY

8.1.4 Record Events That Modify Date and Time Information - time-change

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/group

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/gshadow

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/passwd

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/security/opasswd

AUDIT AND ACCOUNTABILITY

8.1.5 Record Events That Modify User/Group Information - /etc/shadow

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - /etc/hosts

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - /etc/issue

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - /etc/issue.net

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - /etc/network

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - 32 bit system-locale

AUDIT AND ACCOUNTABILITY

8.1.6 Record Events That Modify the System's Network Environment - 64 bit system-locale

AUDIT AND ACCOUNTABILITY

8.1.7 Record Events That Modify the System's Mandatory Access Controls

AUDIT AND ACCOUNTABILITY

8.1.8 Collect Login and Logout Events - /var/log/faillog

AUDIT AND ACCOUNTABILITY

8.1.8 Collect Login and Logout Events - /var/log/lastlog

AUDIT AND ACCOUNTABILITY

8.1.8 Collect Login and Logout Events - /var/log/tallylog

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information - /var/log/btmp

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information - /var/log/wtmp

AUDIT AND ACCOUNTABILITY

8.1.9 Collect Session Initiation Information - /var/run/utmp

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 32 bit chmod

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 32 bit chown

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 32 bit setxattr

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 64 bit chmod

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 64 bit chown

AUDIT AND ACCOUNTABILITY

8.1.10 Collect Discretionary Access Control Permission Modification Events - 64 bit setxattr

AUDIT AND ACCOUNTABILITY

8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files - 32 bit EACCES

AUDIT AND ACCOUNTABILITY