CIS Debian 8 Server L1 v2.0.2

Audit Details

Name: CIS Debian 8 Server L1 v2.0.2

Updated: 3/20/2023

Authority: CIS

Plugin: Unix

Revision: 1.13

Estimated Item Count: 281

File Details

Filename: CIS_Debian_Linux_8_Server_v2.0.2_L1.audit

Size: 686 kB

MD5: 50ab059eb525f9fe0f9038c9547df786
SHA256: cc001df949484316b4b29c55c0e9c0acb7dbf4f71bd41a0dc8dee06765e97f64

Audit Changelog

 
Revision 1.13

Mar 20, 2023

Functional Update
  • 4.2.1.2 Ensure logging is configured - '*.*;mail.none;news.none -/var/log/messages'
  • 4.2.1.2 Ensure logging is configured - '*.=warning;*.=err -/var/log/warn'
  • 4.2.1.2 Ensure logging is configured - '*.crit /var/log/warn'
  • 4.2.1.2 Ensure logging is configured - 'local0,local1.* -/var/log/localmessages'
  • 4.2.1.2 Ensure logging is configured - 'local2,local3.* -/var/log/localmessages'
  • 4.2.1.2 Ensure logging is configured - 'local4,local5.* -/var/log/localmessages'
  • 4.2.1.2 Ensure logging is configured - 'local6,local7.* -/var/log/localmessages'
  • 4.2.1.2 Ensure logging is configured - 'mail.* -/var/log/mail'
  • 4.2.1.2 Ensure logging is configured - 'mail.err /var/log/mail.err'
  • 4.2.1.2 Ensure logging is configured - 'mail.info -/var/log/mail.info'
  • 4.2.1.2 Ensure logging is configured - 'mail.warning -/var/log/mail.warn'
  • 4.2.1.2 Ensure logging is configured - 'news.crit -/var/log/news/news.crit'
  • 4.2.1.2 Ensure logging is configured - 'news.err -/var/log/news/news.err'
  • 4.2.1.2 Ensure logging is configured - 'news.notice -/var/log/news/news.notice'
  • 4.2.1.3 Ensure rsyslog default file permissions configured
  • 5.2.8 Ensure SSH IgnoreRhosts is enabled
  • 5.3.4 Ensure password hashing algorithm is SHA-512
Revision 1.12

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.11

Jan 10, 2023

Functional Update
  • 1.7.1.4 Ensure permissions on /etc/motd are configured
Revision 1.10

Jan 4, 2023

Miscellaneous
  • Metadata updated.
  • Variables updated.
Revision 1.9

Dec 19, 2022

Functional Update
  • 6.1.5 Ensure permissions on /etc/gshadow are configured
  • 6.1.7 Ensure permissions on /etc/shadow- are configured
  • 6.1.9 Ensure permissions on /etc/gshadow- are configured
Revision 1.8

Dec 7, 2022

Functional Update
  • 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host
Revision 1.7

Sep 19, 2022

Functional Update
  • 5.4.1.5 Ensure all users last password change date is in the past
Revision 1.6

Sep 7, 2022

Functional Update
  • 2.2.16 Ensure rsync service is not enabled
  • 2.2.17 Ensure NIS Server is not enabled
Revision 1.5

Aug 29, 2022

Functional Update
  • 2.2.2 Ensure X Window System is not installed
Revision 1.4

Jul 27, 2022

Functional Update
  • 1.1.17 Ensure nodev option set on removable media partitions
  • 5.2.10 Ensure SSH root login is disabled
  • 5.2.11 Ensure SSH PermitEmptyPasswords is disabled
  • 5.2.12 Ensure SSH PermitUserEnvironment is disabled
  • 5.2.18 Ensure SSH access is limited
  • 5.2.19 Ensure SSH warning banner is configured
  • 5.2.4 Ensure SSH Protocol is set to 2
  • 5.2.5 Ensure SSH LogLevel is appropriate
  • 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less
  • 5.2.8 Ensure SSH IgnoreRhosts is enabled
  • 5.2.9 Ensure SSH HostbasedAuthentication is disabled
Miscellaneous
  • References updated.