1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod | CONFIGURATION MANAGEMENT |
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe | CONFIGURATION MANAGEMENT |
1.1.1.3 Ensure mounting of udf filesystems is disabled - lsmod | CONFIGURATION MANAGEMENT |
1.1.1.3 Ensure mounting of udf filesystems is disabled - modprobe | CONFIGURATION MANAGEMENT |
1.1.2 Ensure /tmp is configured | SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.3 Ensure noexec option set on /tmp partition | CONFIGURATION MANAGEMENT |
1.1.4 Ensure nodev option set on /tmp partition | CONFIGURATION MANAGEMENT |
1.1.5 Ensure nosuid option set on /tmp partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.6 Ensure /dev/shm is configured - /etc/fstab | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.6 Ensure /dev/shm is configured - mount | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.7 Ensure noexec option set on /dev/shm partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.8 Ensure nodev option set on /dev/shm partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.9 Ensure nosuid option set on /dev/shm partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.12 Ensure noexec option set on /var/tmp partition | CONFIGURATION MANAGEMENT |
1.1.13 Ensure nodev option set on /var/tmp partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.14 Ensure nosuid option set on /var/tmp partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.18 Ensure nodev option set on /home partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.19 Ensure noexec option set on removable media partitions | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.20 Ensure nodev option set on removable media partitions | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.21 Ensure nosuid option set on removable media partitions | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.22 Ensure sticky bit is set on all world-writable directories | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.2.1 Ensure GPG keys are configured | SYSTEM AND INFORMATION INTEGRITY |
1.2.2 Ensure package manager repositories are configured | SYSTEM AND INFORMATION INTEGRITY |
1.2.3 Ensure gpgcheck is globally activated - /etc/yum.repos.d/*.repo | SYSTEM AND INFORMATION INTEGRITY |
1.2.3 Ensure gpgcheck is globally activated - yum.conf | SYSTEM AND INFORMATION INTEGRITY |
1.3.1 Ensure sudo is installed | ACCESS CONTROL |
1.3.2 Ensure sudo commands use pty | ACCESS CONTROL |
1.3.3 Ensure sudo log file exists | AUDIT AND ACCOUNTABILITY |
1.4.1 Ensure AIDE is installed | AUDIT AND ACCOUNTABILITY |
1.4.2 Ensure filesystem integrity is regularly checked | AUDIT AND ACCOUNTABILITY |
1.5.1 Ensure bootloader password is set - GRUB2_PASSWORD | CONFIGURATION MANAGEMENT |
1.5.1 Ensure bootloader password is set - password_pbkdf2 | CONFIGURATION MANAGEMENT |
1.5.1 Ensure bootloader password is set - superusers | CONFIGURATION MANAGEMENT |
1.5.2 Ensure permissions on bootloader config are configured - /boot/grub2/grub.cfg | CONFIGURATION MANAGEMENT |
1.5.2 Ensure permissions on bootloader config are configured - /boot/grub2/user.cfg | CONFIGURATION MANAGEMENT |
1.5.3 Ensure authentication required for single user mode - /usr/lib/systemd/system/emergency.service | CONFIGURATION MANAGEMENT |
1.5.3 Ensure authentication required for single user mode - /usr/lib/systemd/system/rescue.service | CONFIGURATION MANAGEMENT |
1.6.1 Ensure core dumps are restricted - /etc/security/limits.d/* | CONFIGURATION MANAGEMENT |
1.6.1 Ensure core dumps are restricted - /etc/sysctl.d/* | CONFIGURATION MANAGEMENT |
1.6.1 Ensure core dumps are restricted - /etc/systemd/coredump.conf ProcessSizeMax | CONFIGURATION MANAGEMENT |
1.6.1 Ensure core dumps are restricted - /etc/systemd/coredump.conf Storage | CONFIGURATION MANAGEMENT |
1.6.1 Ensure core dumps are restricted - sysctl | CONFIGURATION MANAGEMENT |
1.6.2 Ensure XD/NX support is enabled | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
1.6.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.d/* | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
1.6.4 Ensure prelink is disabled | AUDIT AND ACCOUNTABILITY |
1.7.1.1 Ensure SELinux is installed | ACCESS CONTROL |
1.7.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing | ACCESS CONTROL |
1.7.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux | ACCESS CONTROL |
1.7.1.3 Ensure SELinux policy is configured - SELINUXTYPE | ACCESS CONTROL |