Detections
Analytics

CIS Fedora 28 Family Linux Workstation L2 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Fedora 28 Family Linux Workstation L2 v1.0.0

Updated: 1/4/2023

Authority: CIS

Plugin: Unix

Revision: 1.11

Estimated Item Count: 126

File Details

Filename: CIS_Fedora_28_Family_Linux_Workstation_L2_v1.0.0.audit

Size: 294 kB

MD5: dc9b9fee30c51a41ff8a09c13aebdebd
SHA256: 96dfb24d4dab194d514795b95591ed75d31673420f8c8dab1882935108ec186c

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of vFAT filesystems is limited - /etc/fstab
1.1.1.2 Ensure mounting of vFAT filesystems is limited - lsmod
1.1.1.2 Ensure mounting of vFAT filesystems is limited - modprobe
1.1.7 Ensure separate partition exists for /var/tmp
1.1.11 Ensure separate partition exists for /var/log
1.1.12 Ensure separate partition exists for /var/log/audit
1.1.13 Ensure separate partition exists for /home
1.1.22 Disable Automounting
1.1.23 Disable USB Storage - lsmod
1.1.23 Disable USB Storage - modprobe
1.7.1.1 Ensure SELinux is installed
1.7.1.2 Ensure SELinux is not disabled in bootloader configuration
1.7.1.3 Ensure SELinux policy is configured - /etc/selinux/config
1.7.1.3 Ensure SELinux policy is configured - sestatus
1.7.1.4 Ensure the SELinux state is enforcing - /etc/selinux/config
1.7.1.4 Ensure the SELinux state is enforcing - sestatus
1.7.1.5 Ensure no unconfined services exist
1.7.1.7 Ensure the MCS Translation Service (mcstrans) is not installed
1.11 Ensure system-wide crypto policy is FUTURE or FIPS
2.2.16 Ensure CUPS is not enabled
3.3.1 Ensure DCCP is disabled - lsmod
3.3.1 Ensure DCCP is disabled - modprobe
3.3.2 Ensure SCTP is disabled - lsmod
3.3.2 Ensure SCTP is disabled - modprobe
3.3.3 Ensure RDS is disabled - lsmod
3.3.3 Ensure RDS is disabled - modprobe
3.3.4 Ensure TIPC is disabled - lsmod
3.3.4 Ensure TIPC is disabled - modprobe
3.5 Ensure wireless interfaces are disabled
3.6 Disable IPv6
4.1.1.1 Ensure auditd is installed
4.1.1.2 Ensure auditd service is enabled
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.1.4 Ensure audit_backlog_limit is sufficient
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action = email
4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action = halt
4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action = root
4.1.3 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers
4.1.3 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.d
4.1.3 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers
4.1.3 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.d
4.1.4 Ensure login and logout events are collected - auditctl faillog
4.1.4 Ensure login and logout events are collected - auditctl lastlog
4.1.4 Ensure login and logout events are collected - faillog
4.1.4 Ensure login and logout events are collected - lastlog
4.1.5 Ensure session initiation information is collected - auditctl btmp
4.1.5 Ensure session initiation information is collected - auditctl utmp
4.1.5 Ensure session initiation information is collected - auditctl wtmp