CIS Fedora 28 Family Linux Server L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Fedora 28 Family Linux Server L1 v1.0.0

Updated: 1/10/2023

Authority: CIS

Plugin: Unix

Revision: 1.20

Estimated Item Count: 266

File Details

Filename: CIS_Fedora_28_Family_Linux_Server_L1_v1.0.0.audit

Size: 398 kB

MD5: f017f64bb1b7bdb43cd12af14746935f
SHA256: 2ac9d0a7fb440c473f57509c684f975d4ec21a1b29683eb4351fd2fdb0cf5529

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe
1.1.1.3 Ensure mounting of squashfs filesystems is disabled - lsmod
1.1.1.3 Ensure mounting of squashfs filesystems is disabled - modprobe
1.1.1.4 Ensure mounting of udf filesystems is disabled - lsmod
1.1.1.4 Ensure mounting of udf filesystems is disabled - modprobe
1.1.2 Ensure /tmp is configured
1.1.3 Ensure nodev option set on /tmp partition
1.1.4 Ensure nosuid option set on /tmp partition
1.1.5 Ensure noexec option set on /tmp partition
1.1.8 Ensure nodev option set on /var/tmp partition
1.1.9 Ensure nosuid option set on /var/tmp partition
1.1.10 Ensure noexec option set on /var/tmp partition
1.1.14 Ensure nodev option set on /home partition
1.1.15 Ensure nodev option set on /dev/shm partition
1.1.16 Ensure nosuid option set on /dev/shm partition
1.1.17 Ensure noexec option set on /dev/shm partition
1.1.18 Ensure nodev option set on removable media partitions
1.1.19 Ensure nosuid option set on removable media partitions
1.1.20 Ensure noexec option set on removable media partitions
1.1.21 Ensure sticky bit is set on all world-writable directories
1.1.22 Disable Automounting
1.1.23 Disable USB Storage - lsmod
1.1.23 Disable USB Storage - modprobe
1.2.1 Ensure GPG keys are configured
1.2.2 Ensure gpgcheck is globally activated
1.2.3 Ensure package manager repositories are configured
1.3.1 Ensure sudo is installed
1.3.2 Ensure sudo commands use pty
1.3.3 Ensure sudo log file exists
1.4.1 Ensure AIDE is installed
1.4.2 Ensure filesystem integrity is regularly checked
1.5.1 Ensure permissions on bootloader config are configured - /boot/grub2/grub.cfg
1.5.1 Ensure permissions on bootloader config are configured - /boot/grub2/grubenv
1.5.2 Ensure bootloader password is set
1.5.3 Ensure authentication required for single user mode - /usr/lib/systemd/system/emergency.service
1.5.3 Ensure authentication required for single user mode - /usr/lib/systemd/system/rescue.service
1.6.1 Ensure core dumps are restricted - /etc/security/limits.d/*
1.6.1 Ensure core dumps are restricted - /etc/sysctl.d/*
1.6.1 Ensure core dumps are restricted - sysctl
1.6.2 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.d/*
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctl
1.8.1.1 Ensure message of the day is configured properly
1.8.1.2 Ensure local login warning banner is configured properly
1.8.1.3 Ensure remote login warning banner is configured properly
1.8.1.4 Ensure permissions on /etc/motd are configured
1.8.1.5 Ensure permissions on /etc/issue are configured
1.8.1.6 Ensure permissions on /etc/issue.net are configured
1.8.2 Ensure GDM login banner is configured - banner message enabled
1.8.2 Ensure GDM login banner is configured - banner message text