Detections
Analytics

Revision 1.1

Aug 14, 2018
Functional Update
  • 1.5.1 Ensure core dumps are restricted - sysctl.conf
  • 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf
  • 3.1.1 Ensure IP forwarding is disabled - /etc/sysctl
  • 3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl ipv4 all send
  • 3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl ipv4 default send
  • 3.2.1 Ensure source routed packets are not accepted - /etc/sysctl ipv4 all acccept
  • 3.2.1 Ensure source routed packets are not accepted - /etc/sysctl ipv4 default accept
  • 3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 all accept
  • 3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 default accept
  • 3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 all secure
  • 3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 default secure
  • 3.2.4 Ensure suspicious packets are logged - /etc/sysctl ipv4 all log_martians
  • 3.2.4 Ensure suspicious packets are logged - /etc/sysctl ipv4 default log_martians
  • 3.2.5 Ensure broadcast ICMP requests are ignored - /etc/sysctl
  • 3.2.6 Ensure bogus ICMP responses are ignored - /etc/sysctl
  • 3.2.7 Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 all rp_filter
  • 3.2.7 Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 default rp_filter
  • 3.2.8 Ensure TCP SYN Cookies is enabled - /etc/sysctl
  • 3.3.1 Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 all accept
  • 3.3.1 Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 default accept
  • 3.3.2 Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 all accept
  • 3.3.2 Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 default accept
  • 3.7 Ensure wireless interfaces are disabled
  • 5.4.1.5 Ensure all users last password change date is in the past
  • 5.5 Ensure root login is restricted to system console
Informational Update
  • 1.4.4 Ensure interactive boot is not enabled
  • 2.2.1.2 NTP is not installed - restrict -4
  • 2.2.1.2 NTP is not installed - restrict -6
  • 2.2.1.2 NTP is not installed - server
  • 2.2.1.3 chrony is not installed - NTP server
  • 2.2.1.3 chrony is not installed - User
  • 4.2.1.2 Ensure logging is configured
  • 4.2.2.2 Ensure logging is configured
  • 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts
  • 4.3 Ensure logrotate is configured
  • 5.2.11 Ensure only approved MAC algorithms are used
  • 6.1.11 Audit SUID executables
  • 6.1.12 Audit SGID executables
  • 6.1.13 Audit SUID executables
  • 6.1.14 Audit SGID executables
Miscellaneous
  • Metadata updated.