Revision 1.10Oct 5, 2020
Functional Update
- 1.2.1 Ensure package manager repositories are configured
- 1.2.2 Ensure GPG keys are configured
- 1.3.1 Ensure AIDE is installed
- 1.4.1 Ensure permissions on bootloader config are configured
- 1.4.2 Ensure bootloader password is set
- 1.5.1 Ensure core dumps are restricted - limits.conf
- 1.5.4 Ensure prelink is disabled
- 1.7.2 Ensure GDM login banner is configured - banner message enabled
- 1.7.2 Ensure GDM login banner is configured - banner message text
- 1.8 Ensure updates, patches, and additional security software are installed
- 2.1.1 Ensure chargen services are not enabled
- 2.1.10 Ensure xinetd is not enabled
- 2.1.2 Ensure daytime services are not enabled
- 2.1.3 Ensure discard services are not enabled
- 2.1.4 Ensure echo services are not enabled
- 2.1.5 Ensure time services are not enabled
- 2.1.6 Ensure rsh server is not enabled - rexec
- 2.1.6 Ensure rsh server is not enabled - rlogin
- 2.1.6 Ensure rsh server is not enabled - rsh
- 2.1.7 Ensure talk server is not enabled - ntalk
- 2.1.7 Ensure talk server is not enabled - talk
- 2.1.8 Ensure telnet server is not enabled
- 2.1.9 Ensure tftp server is not enabled
- 2.2.1.1 Ensure time synchronization is in use
- 2.2.1.2 Ensure ntp is configured - NTP Server
- 2.2.1.2 Ensure ntp is configured - OPTIONS or ExecStart -u ntp:ntp
- 2.2.1.2 Ensure ntp is configured - restrict -4
- 2.2.1.2 Ensure ntp is configured - restrict -6
- 2.2.1.3 Ensure chrony is configured - NTP server
- 2.2.1.3 Ensure chrony is configured - User
- 2.2.10 Ensure HTTP server is not enabled
- 2.2.11 Ensure IMAP and POP3 server is not enabled
- 2.2.12 Ensure Samba is not enabled
- 2.2.13 Ensure HTTP Proxy Server is not enabled
- 2.2.14 Ensure SNMP Server is not enabled
- 2.2.16 Ensure rsync service is not enabled
- 2.2.17 Ensure NIS Server is not enabled
- 2.2.3 Ensure Avahi Server is not enabled
- 2.2.5 Ensure DHCP Server is not enabled
- 2.2.6 Ensure LDAP Server is not enabled
- 2.2.7 Ensure NFS and RPC are not enabled - NFS
- 2.2.7 Ensure NFS and RPC are not enabled - RPC
- 2.2.8 Ensure DNS Server is not enabled
- 2.2.9 Ensure FTP Server is not enabled
- 2.3.1 Ensure NIS Client is not installed
- 2.3.2 Ensure rsh client is not installed
- 2.3.3 Ensure talk client is not installed
- 2.3.4 Ensure telnet client is not installed
- 2.3.5 Ensure LDAP client is not installed
- 3.3.1 Ensure TCP Wrappers is installed
- 3.5.3 Ensure iptables is installed
- 4.2.1.1 Ensure rsyslog is installed
- 4.2.1.2 Ensure rsyslog Service is enabled
- 4.2.1.3 Ensure logging is configured
- 4.2.1.4 Ensure rsyslog default file permissions configured
- 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - InputTCPServerRun 514
- 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - imtcp.so
- 5.1.1 Ensure cron daemon is enabled
- 5.3.1 Ensure password creation requirements are configured - dcredit
- 5.3.1 Ensure password creation requirements are configured - lcredit
- 5.3.1 Ensure password creation requirements are configured - minlen
- 5.3.1 Ensure password creation requirements are configured - ocredit
- 5.3.1 Ensure password creation requirements are configured - retry=3
- 5.3.1 Ensure password creation requirements are configured - try_first_pass
- 5.3.1 Ensure password creation requirements are configured - ucredit
- 6.1.3 Ensure permissions on /etc/shadow are configured