Detections
Analytics

Revision 1.10

Oct 5, 2020
Functional Update
  • 1.2.1 Ensure package manager repositories are configured
  • 1.2.2 Ensure GPG keys are configured
  • 1.3.1 Ensure AIDE is installed
  • 1.4.1 Ensure permissions on bootloader config are configured
  • 1.4.2 Ensure bootloader password is set
  • 1.5.1 Ensure core dumps are restricted - limits.conf
  • 1.5.4 Ensure prelink is disabled
  • 1.7.2 Ensure GDM login banner is configured - banner message enabled
  • 1.7.2 Ensure GDM login banner is configured - banner message text
  • 1.8 Ensure updates, patches, and additional security software are installed
  • 2.1.1 Ensure chargen services are not enabled
  • 2.1.10 Ensure xinetd is not enabled
  • 2.1.2 Ensure daytime services are not enabled
  • 2.1.3 Ensure discard services are not enabled
  • 2.1.4 Ensure echo services are not enabled
  • 2.1.5 Ensure time services are not enabled
  • 2.1.6 Ensure rsh server is not enabled - rexec
  • 2.1.6 Ensure rsh server is not enabled - rlogin
  • 2.1.6 Ensure rsh server is not enabled - rsh
  • 2.1.7 Ensure talk server is not enabled - ntalk
  • 2.1.7 Ensure talk server is not enabled - talk
  • 2.1.8 Ensure telnet server is not enabled
  • 2.1.9 Ensure tftp server is not enabled
  • 2.2.1.1 Ensure time synchronization is in use
  • 2.2.1.2 Ensure ntp is configured - NTP Server
  • 2.2.1.2 Ensure ntp is configured - OPTIONS or ExecStart -u ntp:ntp
  • 2.2.1.2 Ensure ntp is configured - restrict -4
  • 2.2.1.2 Ensure ntp is configured - restrict -6
  • 2.2.1.3 Ensure chrony is configured - NTP server
  • 2.2.1.3 Ensure chrony is configured - User
  • 2.2.10 Ensure HTTP server is not enabled
  • 2.2.11 Ensure IMAP and POP3 server is not enabled
  • 2.2.12 Ensure Samba is not enabled
  • 2.2.13 Ensure HTTP Proxy Server is not enabled
  • 2.2.14 Ensure SNMP Server is not enabled
  • 2.2.16 Ensure rsync service is not enabled
  • 2.2.17 Ensure NIS Server is not enabled
  • 2.2.3 Ensure Avahi Server is not enabled
  • 2.2.5 Ensure DHCP Server is not enabled
  • 2.2.6 Ensure LDAP Server is not enabled
  • 2.2.7 Ensure NFS and RPC are not enabled - NFS
  • 2.2.7 Ensure NFS and RPC are not enabled - RPC
  • 2.2.8 Ensure DNS Server is not enabled
  • 2.2.9 Ensure FTP Server is not enabled
  • 2.3.1 Ensure NIS Client is not installed
  • 2.3.2 Ensure rsh client is not installed
  • 2.3.3 Ensure talk client is not installed
  • 2.3.4 Ensure telnet client is not installed
  • 2.3.5 Ensure LDAP client is not installed
  • 3.3.1 Ensure TCP Wrappers is installed
  • 3.5.3 Ensure iptables is installed
  • 4.2.1.1 Ensure rsyslog is installed
  • 4.2.1.2 Ensure rsyslog Service is enabled
  • 4.2.1.3 Ensure logging is configured
  • 4.2.1.4 Ensure rsyslog default file permissions configured
  • 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - InputTCPServerRun 514
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - imtcp.so
  • 5.1.1 Ensure cron daemon is enabled
  • 5.3.1 Ensure password creation requirements are configured - dcredit
  • 5.3.1 Ensure password creation requirements are configured - lcredit
  • 5.3.1 Ensure password creation requirements are configured - minlen
  • 5.3.1 Ensure password creation requirements are configured - ocredit
  • 5.3.1 Ensure password creation requirements are configured - retry=3
  • 5.3.1 Ensure password creation requirements are configured - try_first_pass
  • 5.3.1 Ensure password creation requirements are configured - ucredit
  • 6.1.3 Ensure permissions on /etc/shadow are configured
Miscellaneous
  • Platform check updated.