Detections
Analytics

Revision 1.1

Oct 5, 2020
Functional Update
  • 1.1.12 Ensure noexec option set on /var/tmp partition
  • 1.1.13 Ensure nodev option set on /var/tmp partition
  • 1.1.14 Ensure nosuid option set on /var/tmp partition
  • 1.1.18 Ensure nodev option set on /home partition
  • 1.1.3 Ensure noexec option set on /tmp partition
  • 1.1.4 Ensure nodev option set on /tmp partition
  • 1.1.5 Ensure nosuid option set on /tmp partition
  • 1.10 Ensure GDM is removed or login is configured - banner message enabled
  • 1.10 Ensure GDM is removed or login is configured - banner message text
  • 1.10 Ensure GDM is removed or login is configured - file-db
  • 1.10 Ensure GDM is removed or login is configured - system-db
  • 1.10 Ensure GDM is removed or login is configured - user-db
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 1.5.1 Ensure bootloader password is set
  • 1.5.2 Ensure permissions on bootloader config are configured - grub.cfg
  • 1.5.2 Ensure permissions on bootloader config are configured - user.cfg
  • 1.6.1 Ensure core dumps are restricted - systemd-coredump ProcessSizeMax
  • 1.6.1 Ensure core dumps are restricted - systemd-coredump Storage
  • 1.6.2 Ensure XD/NX support is enabled
  • 2.2.1.1 Ensure time synchronization is in use
  • 2.2.1.2 Ensure chrony is configured - NTP server
  • 2.2.1.2 Ensure chrony is configured - OPTIONS
  • 2.2.1.3 Ensure ntp is configured - -u ntp:ntp
  • 2.2.1.3 Ensure ntp is configured - restrict -4
  • 2.2.1.3 Ensure ntp is configured - restrict -6
  • 2.2.1.3 Ensure ntp is configured - server
  • 2.2.16 Ensure mail transfer agent is configured for local-only mode
  • 2.2.17 Ensure rsync is not installed or the rsyncd service is masked
  • 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked
  • 2.2.8 Ensure rpcbind is not installed or the rpcbind services are masked - rpcbind
  • 2.2.8 Ensure rpcbind is not installed or the rpcbind services are masked - rpcbind.socket
  • 3.2.1 Ensure IP forwarding is disabled - ipv6 files
  • 3.2.1 Ensure IP forwarding is disabled - ipv6 sysctl
  • 3.3.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.all.accept_source_route = 0'
  • 3.3.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.default.accept_source_route = 0'
  • 3.3.1 Ensure source routed packets are not accepted - files 'net.ipv6.conf.all.accept_source_route = 0'
  • 3.3.1 Ensure source routed packets are not accepted - files 'net.ipv6.conf.default.accept_source_route = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.all.accept_redirects = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - files 'net.ipv6.conf.all.accept_redirects = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - files 'net.ipv6.conf.default.accept_redirects = 0'
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0'
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0'
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - files 'net.ipv6.conf.all.accept_ra = 0'
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - files 'net.ipv6.conf.default.accept_ra = 0'
  • 3.5.1.1 Ensure FirewallD is installed - firewalld
  • 3.5.1.1 Ensure FirewallD is installed - iptables
  • 3.5.1.2 Ensure iptables-services package is not installed
  • 3.5.1.3 Ensure nftables is not installed or stopped and masked - masked
  • 3.5.1.3 Ensure nftables is not installed or stopped and masked - stopped
  • 3.5.1.4 Ensure firewalld service is enabled and running - enabled
  • 3.5.1.4 Ensure firewalld service is enabled and running - running
  • 3.5.1.5 Ensure default zone is set
  • 3.5.1.6 Ensure network interfaces are assigned to appropriate zone
  • 3.5.1.7 Ensure unnecessary services and ports are not accepted
  • 3.5.2.1 Ensure nftables is installed
  • 3.5.2.10 Ensure nftables service is enabled
  • 3.5.2.11 Ensure nftables rules are permanent
  • 3.5.2.2 Ensure firewalld is not installed or stopped and masked - masked
  • 3.5.2.2 Ensure firewalld is not installed or stopped and masked - stopped
  • 3.5.2.3 Ensure iptables-services package is not installed
  • 3.5.2.4 Ensure iptables are flushed - v4
  • 3.5.2.4 Ensure iptables are flushed - v6
  • 3.5.2.5 Ensure a table exists
  • 3.5.2.6 Ensure base chains exist - forward
  • 3.5.2.6 Ensure base chains exist - input
  • 3.5.2.6 Ensure base chains exist - output
  • 3.5.2.7 Ensure loopback traffic is configured - iif lo
  • 3.5.2.7 Ensure loopback traffic is configured - ip saddr
  • 3.5.2.7 Ensure loopback traffic is configured - ip6 saddr
  • 3.5.2.8 Ensure outbound and established connections are configured - input
  • 3.5.2.8 Ensure outbound and established connections are configured - output
  • 3.5.2.9 Ensure default deny firewall policy - forward
  • 3.5.2.9 Ensure default deny firewall policy - input
  • 3.5.2.9 Ensure default deny firewall policy - output
  • 3.5.3.1.1 Ensure iptables packages are installed
  • 3.5.3.1.2 Ensure nftables is not installed
  • 3.5.3.1.3 Ensure firewalld is not installed or stopped and masked - masked
  • 3.5.3.1.3 Ensure firewalld is not installed or stopped and masked - stopped
  • 3.5.3.2.1 Ensure default deny firewall policy - Chain FORWARD
  • 3.5.3.2.1 Ensure default deny firewall policy - Chain INPUT
  • 3.5.3.2.1 Ensure default deny firewall policy - Chain OUTPUT
  • 3.5.3.2.2 Ensure loopback traffic is configured - input
  • 3.5.3.2.2 Ensure loopback traffic is configured - output
  • 3.5.3.2.3 Ensure outbound and established connections are configured
  • 3.5.3.2.4 Ensure firewall rules exist for all open ports
  • 3.5.3.2.5 Ensure iptables rules are saved
  • 3.5.3.2.6 Ensure iptables is enabled and running - enabled
  • 3.5.3.2.6 Ensure iptables is enabled and running - running
  • 3.5.3.3.1 Ensure IPv6 default deny firewall policy
  • 3.5.3.3.2 Ensure IPv6 loopback traffic is configured - input
  • 3.5.3.3.2 Ensure IPv6 loopback traffic is configured - output
  • 3.5.3.3.3 Ensure IPv6 outbound and established connections are configured
  • 3.5.3.3.4 Ensure IPv6 firewall rules exist for all open ports
  • 3.5.3.3.5 Ensure ip6tables rules are saved
  • 3.5.3.3.6 Ensure ip6tables is enabled and running - enabled
  • 3.5.3.3.6 Ensure ip6tables is enabled and running - running
  • 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts - InputTCPServerRun 514
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts - imtcp.so
  • 5.1.1 Ensure cron daemon is enabled and running - enabled
  • 5.1.1 Ensure cron daemon is enabled and running - running
  • 5.1.2 Ensure permissions on /etc/crontab are configured
  • 5.1.3 Ensure permissions on /etc/cron.hourly are configured
  • 5.1.4 Ensure permissions on /etc/cron.daily are configured
  • 5.1.5 Ensure permissions on /etc/cron.weekly are configured
  • 5.1.6 Ensure permissions on /etc/cron.monthly are configured
  • 5.1.7 Ensure permissions on /etc/cron.d are configured
  • 5.1.8 Ensure cron is restricted to authorized users - cron.allow
  • 5.1.8 Ensure cron is restricted to authorized users - cron.deny
  • 5.1.9 Ensure at is restricted to authorized users - at.allow
  • 5.1.9 Ensure at is restricted to authorized users - at.deny
  • 5.3.1 Ensure password creation requirements are configured - dcredit
  • 5.3.1 Ensure password creation requirements are configured - lcredit
  • 5.3.1 Ensure password creation requirements are configured - ocredit
  • 5.3.1 Ensure password creation requirements are configured - ucredit
Miscellaneous
  • Platform check updated.