CIS Fedora 28 Family Linux Server L1 v2.0.0

Audit Details

Name: CIS Fedora 28 Family Linux Server L1 v2.0.0

Updated: 1/22/2024

Authority: CIS

Plugin: Unix

Revision: 1.23

Estimated Item Count: 330

File Details

Filename: CIS_Fedora_28_Family_Linux_Server_L1_v2.0.0.audit

Size: 958 kB

MD5: 59f17b6fe13ab9eaeeae17cf967aee3d
SHA256: aa716657448702f821921a05154aaead9a4c906a202d7080c259748962d962e8

Audit Changelog

 
Revision 1.23

Jan 22, 2024

Functional Update
  • 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax sshd output
Miscellaneous
  • Metadata updated.
Revision 1.22

Dec 27, 2023

Functional Update
  • 5.5.2 Ensure lockout for failed password attempts is configured - >= 8.2 unlock_time
Revision 1.21

Nov 17, 2023

Functional Update
  • 5.2.10 Ensure SSH PermitUserEnvironment is disabled - sshd output
  • 5.2.11 Ensure SSH IgnoreRhosts is enabled - sshd output
  • 5.2.15 Ensure SSH warning banner is configured
  • 5.2.16 Ensure SSH MaxAuthTries is set to 4 or less - sshd output
  • 5.2.17 Ensure SSH MaxStartups is configured - sshd output
  • 5.2.18 Ensure SSH MaxSessions is set to 10 or less - sshd output
  • 5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd output
  • 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax sshd output
  • 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval sshd output
  • 5.2.4 Ensure SSH access is limited - sshd output
  • 5.2.5 Ensure SSH LogLevel is appropriate - sshd output
  • 5.2.6 Ensure SSH PAM is enabled - sshd output
  • 5.2.7 Ensure SSH root login is disabled - sshd output
  • 5.2.8 Ensure SSH HostbasedAuthentication is disabled - sshd output
  • 5.2.9 Ensure SSH PermitEmptyPasswords is disabled - sshd output
Revision 1.20

Nov 6, 2023

Functional Update
  • 5.4.1 Ensure custom authselect profile is used
Revision 1.19

Oct 27, 2023

Functional Update
  • 1.6.1.4 Ensure the SELinux mode is not disabled - getenforce
  • 4.2.1.1 Ensure rsyslog is installed
  • 4.2.1.2 Ensure rsyslog service is enabled
  • 4.2.1.3 Ensure journald is configured to send logs to rsyslog
  • 4.2.1.4 Ensure rsyslog default file permissions are configured
  • 4.2.1.5 Ensure logging is configured
  • 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host
  • 4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote client
  • 5.4.1 Ensure custom authselect profile is used
  • 5.6.1.2 Ensure minimum days between password changes is 7 or more - login.defs
Revision 1.18

Oct 3, 2023

Functional Update
  • 5.6.1.5 Ensure all users last password change date is in the past
Informational Update
  • 5.6.5 Ensure default user umask is 027 or more restrictive - default user umask
  • 5.6.5 Ensure default user umask is 027 or more restrictive - less restrictive system wide umask
Revision 1.17

Sep 19, 2023

Functional Update
  • 1.4.1 Ensure bootloader password is set
  • 1.4.2 Ensure permissions on bootloader config are configured
  • 3.1.1 Verify if IPv6 is enabled on the system
  • 3.1.4 Ensure wireless interfaces are disabled
  • 3.4.1.6 Ensure network interfaces are assigned to appropriate zone
  • 4.2.1.1 Ensure rsyslog is installed
  • 4.2.1.2 Ensure rsyslog service is enabled
  • 4.2.1.3 Ensure journald is configured to send logs to rsyslog
  • 4.2.1.4 Ensure rsyslog default file permissions are configured
  • 4.2.1.5 Ensure logging is configured
  • 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host
  • 4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote client
  • 4.2.3 Ensure permissions on all logfiles are configured
  • 6.1.11 Ensure no world writable files exist
  • 6.1.12 Ensure no unowned files or directories exist
  • 6.1.13 Ensure no ungrouped files or directories exist
  • 6.1.14 Audit SUID executables
  • 6.1.15 Audit SGID executables
  • 6.1.2 Ensure sticky bit is set on all world-writable directories
Miscellaneous
  • References updated.
  • Variables updated.
Revision 1.16

Aug 29, 2023

Functional Update
  • 3.4.2.6 Ensure nftables base chains exist - hook forward
  • 3.4.2.6 Ensure nftables base chains exist - hook input
  • 3.4.2.6 Ensure nftables base chains exist - hook output
  • 5.6.2 Ensure system accounts are secured - non login
Revision 1.15

Aug 8, 2023

Functional Update
  • 2.2.14 Ensure net-snmp is not installed
Revision 1.14

Jul 24, 2023

Functional Update
  • 4.2.1.1 Ensure rsyslog is installed
  • 4.2.1.2 Ensure rsyslog service is enabled
  • 4.2.1.3 Ensure journald is configured to send logs to rsyslog
  • 4.2.1.4 Ensure rsyslog default file permissions are configured
  • 4.2.1.5 Ensure logging is configured
  • 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host
Informational Update
  • 4.2.1.1 Ensure rsyslog is installed
  • 4.2.1.3 Ensure journald is configured to send logs to rsyslog
  • 4.2.1.5 Ensure logging is configured
Miscellaneous
  • Variables updated.
Added
  • 4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote client
Removed
  • 4.2.1.7 Ensure rsyslog is not configured to recieve logs from a remote client - imtcp
  • 4.2.1.7 Ensure rsyslog is not configured to recieve logs from a remote client - imtcp 514