CIS Red Hat Enterprise Linux 5 L1 v2.2.1

Audit Details

Name: CIS Red Hat Enterprise Linux 5 L1 v2.2.1

Updated: 11/6/2024

Authority: CIS

Plugin: Unix

Revision: 1.15

Estimated Item Count: 235

File Details

Filename: CIS_Red_Hat_EL5_v2.2.1_L1.audit

Size: 367 kB

MD5: 2b8a9f96eda6ee2faabd4f7bb74e8a2d
SHA256: c3b8393c67fd436a5dac5de761fa90167011c48dae67e90aa89c2dcfa1037f4c

Audit Items

DescriptionCategories
1.1.1 Create Separate Partition for /tmp

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.2 Set nodev option for /tmp Partition

CONFIGURATION MANAGEMENT

1.1.3 Set nosuid option for /tmp Partition

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.4 Set noexec option for /tmp Partition

CONFIGURATION MANAGEMENT

1.1.5 Create Separate Partition for /var

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.6 Bind Mount the /var/tmp directory to /tmp

CONFIGURATION MANAGEMENT

1.1.7 Create Separate Partition for /var/log

AUDIT AND ACCOUNTABILITY

1.1.8 Create Separate Partition for /var/log/audit

AUDIT AND ACCOUNTABILITY

1.1.9 Create Separate Partition for /home

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.10 Add nodev Option to /home

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.11 Add nodev Option to Removable Media Partitions

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.12 Add noexec Option to Removable Media Partitions

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.13 Add nosuid Option to Removable Media Partitions

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.14 Add nodev Option to /dev/shm Partition

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.15 Add nosuid Option to /dev/shm Partition

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.16 Add noexec Option to /dev/shm Partition

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.17 Set Sticky Bit on All World-Writable Directories

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.1 Configure Connection to the RHN RPM Repositories

SYSTEM AND INFORMATION INTEGRITY

1.2.2 Verify Red Hat GPG Key is Installed

SYSTEM AND INFORMATION INTEGRITY

1.2.3 Verify that gpgcheck is Globally Activated

SYSTEM AND INFORMATION INTEGRITY

1.2.6 Obtain Software Package Updates with yum

CONFIGURATION MANAGEMENT

1.2.7 Verify Package Integrity Using RPM

AUDIT AND ACCOUNTABILITY

1.5.1 Set User/Group Owner on /etc/grub.conf

ACCESS CONTROL

1.5.2 Set Permissions on /etc/grub.conf

ACCESS CONTROL

1.5.3 Set Boot Loader Password

CONFIGURATION MANAGEMENT

1.5.4 Require Authentication for Single-User Mode

CONFIGURATION MANAGEMENT

1.5.5 Disable Interactive Boot

CONFIGURATION MANAGEMENT

1.6.1 Restrict Core Dumps - * hard core 0'

CONFIGURATION MANAGEMENT

1.6.1 Restrict Core Dumps - fs.suid_dumpable = 0'

CONFIGURATION MANAGEMENT

1.6.2 Configure ExecShield - kernel.exec-shield = 1

CONFIGURATION MANAGEMENT

1.6.3 Enable Randomized Virtual Memory Region Placement - kernel.randomize_va_space = 2

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.6.4 Enable XD/NX Support on 32-bit x86 Systems - cpuinfo

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.6.4 Enable XD/NX Support on 32-bit x86 Systems - kernel-PAE

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.6.5 Disable Prelink - PRELINKING=no

CONFIGURATION MANAGEMENT

1.7 Use the Latest OS Release

SYSTEM AND INFORMATION INTEGRITY

2.1.1 Remove telnet-server

CONFIGURATION MANAGEMENT

2.1.2 Remove telnet Clients

CONFIGURATION MANAGEMENT

2.1.3 Remove rsh-server

CONFIGURATION MANAGEMENT

2.1.4 Remove rsh

CONFIGURATION MANAGEMENT

2.1.5 Remove NIS Client

CONFIGURATION MANAGEMENT

2.1.6 Remove NIS Server

CONFIGURATION MANAGEMENT

2.1.7 Remove tftp

CONFIGURATION MANAGEMENT

2.1.8 Remove tftp-server

CONFIGURATION MANAGEMENT

2.1.9 Remove talk

CONFIGURATION MANAGEMENT

2.1.10 Remove talk-server

CONFIGURATION MANAGEMENT

2.1.12 Disable chargen-dgram

CONFIGURATION MANAGEMENT

2.1.13 Disable chargen-stream

CONFIGURATION MANAGEMENT

2.1.14 Disable daytime-dgram

CONFIGURATION MANAGEMENT

2.1.15 Disable daytime-stream

CONFIGURATION MANAGEMENT

2.1.16 Disable echo-dgram

CONFIGURATION MANAGEMENT