Detections
Analytics

CIS Oracle Linux 8 v4.0.0 L1 Server

Audit Details

Name: CIS Oracle Linux 8 v4.0.0 L1 Server

Updated: 10/24/2025

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 258

File Details

Filename: CIS_Oracle_Linux_8_v4.0.0_L1_Server.audit

Size: 1.22 MB

MD5: 22f822e737919196759c78019a55d8a7
SHA256: 83dd1d304fade7db45daea7226a118a0a23bf6e14126ed0c19cbf2eba564ffc6

Audit Items

DescriptionCategories
1.1.1.1 Ensure cramfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.2 Ensure freevxfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.3 Ensure hfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.4 Ensure hfsplus kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure jffs2 kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.9 Ensure firewire-core kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.10 Ensure usb-storage kernel module is not available

MEDIA PROTECTION

1.1.1.11 Ensure unused filesystems kernel modules are not available

CONFIGURATION MANAGEMENT

1.1.2.1.1 Ensure /tmp is tmpfs or a separate partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.1.2 Ensure nodev option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.1.3 Ensure nosuid option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.1.4 Ensure noexec option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.1 Ensure /dev/shm is tmpfs

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.2 Ensure nodev option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.3 Ensure nosuid option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.4 Ensure noexec option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.3.2 Ensure nodev option set on /home partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.3.3 Ensure nosuid option set on /home partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.2 Ensure nodev option set on /var partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.3 Ensure nosuid option set on /var partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.2 Ensure nodev option set on /var/tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.3 Ensure nosuid option set on /var/tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.4 Ensure noexec option set on /var/tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.2 Ensure nodev option set on /var/log partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.3 Ensure nosuid option set on /var/log partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.4 Ensure noexec option set on /var/log partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.2 Ensure nodev option set on /var/log/audit partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.4 Ensure noexec option set on /var/log/audit partition

ACCESS CONTROL, MEDIA PROTECTION

1.2.1.1 Ensure GPG keys are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.2 Ensure gpgcheck is configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.4 Ensure package manager repositories are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.2.1 Ensure updates, patches, and additional security software are installed

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1.1 Ensure SELinux is installed

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.2 Ensure SELinux is not disabled in bootloader configuration

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.3 Ensure SELinux policy is configured

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.4 Ensure the SELinux mode is not disabled

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.7 Ensure the MCS Translation Service (mcstrans) is not installed

CONFIGURATION MANAGEMENT

1.3.1.8 Ensure SETroubleshoot is not installed

CONFIGURATION MANAGEMENT

1.4.1 Ensure bootloader password is set

ACCESS CONTROL, MEDIA PROTECTION

1.4.2 Ensure access to bootloader config is configured

ACCESS CONTROL, MEDIA PROTECTION

1.5.1 Ensure core file size is configured

ACCESS CONTROL

1.5.2 Ensure fs.protected_hardlinks is configured

CONFIGURATION MANAGEMENT

1.5.4 Ensure fs.suid_dumpable is configured

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.5.5 Ensure kernel.dmesg_restrict is configured

ACCESS CONTROL, MEDIA PROTECTION

1.5.6 Ensure kernel.kptr_restrict is configured

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

1.5.7 Ensure kernel.yama.ptrace_scope is configured

CONFIGURATION MANAGEMENT

1.5.8 Ensure kernel.randomize_va_space is configured

SYSTEM AND INFORMATION INTEGRITY

1.5.9 Ensure systemd-coredump ProcessSizeMax is configured

CONFIGURATION MANAGEMENT

1.5.10 Ensure systemd-coredump Storage is configured

CONFIGURATION MANAGEMENT