CIS Red Hat Enterprise Linux 5 L1 v2.2.1

Audit Details

Name: CIS Red Hat Enterprise Linux 5 L1 v2.2.1

Updated: 7/27/2022

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 235

File Details

Filename: CIS_Red_Hat_EL5_v2.2.1_L1.audit

Size: 355 kB

MD5: 9be4853bad46949b3a036a62de9793fb
SHA256: a250459b4bd6f9e4de87a641e32efd6a019bd662f2128ce17c9a6bbddaed3988

Audit Items

DescriptionCategories
1.1.1 Create Separate Partition for /tmp

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.2 Set nodev option for /tmp Partition

CONFIGURATION MANAGEMENT

1.1.3 Set nosuid option for /tmp Partition

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.4 Set noexec option for /tmp Partition

CONFIGURATION MANAGEMENT

1.1.5 Create Separate Partition for /var

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.6 Bind Mount the /var/tmp directory to /tmp

CONFIGURATION MANAGEMENT

1.1.7 Create Separate Partition for /var/log

AUDIT AND ACCOUNTABILITY

1.1.8 Create Separate Partition for /var/log/audit

AUDIT AND ACCOUNTABILITY

1.1.9 Create Separate Partition for /home

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.10 Add nodev Option to /home

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.11 Add nodev Option to Removable Media Partitions

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.12 Add noexec Option to Removable Media Partitions

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.13 Add nosuid Option to Removable Media Partitions

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.14 Add nodev Option to /dev/shm Partition

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.15 Add nosuid Option to /dev/shm Partition

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.16 Add noexec Option to /dev/shm Partition

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.17 Set Sticky Bit on All World-Writable Directories

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.2.1 Configure Connection to the RHN RPM Repositories

SYSTEM AND INFORMATION INTEGRITY

1.2.2 Verify Red Hat GPG Key is Installed

SYSTEM AND INFORMATION INTEGRITY

1.2.3 Verify that gpgcheck is Globally Activated

SYSTEM AND INFORMATION INTEGRITY

1.2.6 Obtain Software Package Updates with yum

SYSTEM AND INFORMATION INTEGRITY

1.2.7 Verify Package Integrity Using RPM

AUDIT AND ACCOUNTABILITY

1.5.1 Set User/Group Owner on /etc/grub.conf

ACCESS CONTROL

1.5.2 Set Permissions on /etc/grub.conf

ACCESS CONTROL

1.5.3 Set Boot Loader Password

CONFIGURATION MANAGEMENT

1.5.4 Require Authentication for Single-User Mode

CONFIGURATION MANAGEMENT

1.5.5 Disable Interactive Boot

CONFIGURATION MANAGEMENT

1.6.1 Restrict Core Dumps - * hard core 0'

CONFIGURATION MANAGEMENT

1.6.1 Restrict Core Dumps - fs.suid_dumpable = 0'

CONFIGURATION MANAGEMENT

1.6.2 Configure ExecShield - kernel.exec-shield = 1

CONFIGURATION MANAGEMENT

1.6.3 Enable Randomized Virtual Memory Region Placement - kernel.randomize_va_space = 2

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.6.4 Enable XD/NX Support on 32-bit x86 Systems - cpuinfo

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.6.4 Enable XD/NX Support on 32-bit x86 Systems - kernel-PAE

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.6.5 Disable Prelink - PRELINKING=no

CONFIGURATION MANAGEMENT

1.7 Use the Latest OS Release

SYSTEM AND INFORMATION INTEGRITY

2.1.1 Remove telnet-server

CONFIGURATION MANAGEMENT

2.1.2 Remove telnet Clients

CONFIGURATION MANAGEMENT

2.1.3 Remove rsh-server

CONFIGURATION MANAGEMENT

2.1.4 Remove rsh

CONFIGURATION MANAGEMENT

2.1.5 Remove NIS Client

CONFIGURATION MANAGEMENT

2.1.6 Remove NIS Server

CONFIGURATION MANAGEMENT

2.1.7 Remove tftp

CONFIGURATION MANAGEMENT

2.1.8 Remove tftp-server

CONFIGURATION MANAGEMENT

2.1.9 Remove talk

CONFIGURATION MANAGEMENT

2.1.10 Remove talk-server

CONFIGURATION MANAGEMENT

2.1.12 Disable chargen-dgram

SYSTEM AND INFORMATION INTEGRITY

2.1.13 Disable chargen-stream

SYSTEM AND INFORMATION INTEGRITY

2.1.14 Disable daytime-dgram

SYSTEM AND INFORMATION INTEGRITY

2.1.15 Disable daytime-stream

SYSTEM AND INFORMATION INTEGRITY

2.1.16 Disable echo-dgram

SYSTEM AND INFORMATION INTEGRITY