Revision 1.15Jul 27, 2022
Functional Update
- 1.3.2 Ensure filesystem integrity is regularly checked
- 3.5.1.1 Ensure IPv6 default deny firewall policy - Chain FORWARD
- 3.5.1.1 Ensure IPv6 default deny firewall policy - Chain INPUT
- 3.5.1.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT
- 5.2.10 Ensure SSH root login is disabled
- 5.2.11 Ensure SSH PermitEmptyPasswords is disabled
- 5.2.12 Ensure SSH PermitUserEnvironment is disabled
- 5.2.13 Ensure only strong Ciphers are used - weak ciphers
- 5.2.14 Ensure only strong MAC algorithms are used - weak MAC algorithms
- 5.2.15 Ensure only strong Key Exchange algorithms are used - weak Key Exchange algorithms
- 5.2.18 Ensure SSH access is limited
- 5.2.4 Ensure SSH Protocol is set to 2
- 5.2.5 Ensure SSH LogLevel is appropriate
- 5.2.6 Ensure SSH X11 forwarding is disabled
- 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less
- 5.2.8 Ensure SSH IgnoreRhosts is enabled
- 5.2.9 Ensure SSH HostbasedAuthentication is disabled
- 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.sh