1.1.1 Create Separate Partition for /tmp | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.2 Set nodev option for /tmp Partition | CONFIGURATION MANAGEMENT |
1.1.3 Set nosuid option for /tmp Partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.4 Set noexec option for /tmp Partition | CONFIGURATION MANAGEMENT |
1.1.5 Create Separate Partition for /var | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.6 Bind Mount the /var/tmp directory to /tmp | CONFIGURATION MANAGEMENT |
1.1.7 Create Separate Partition for /var/log | AUDIT AND ACCOUNTABILITY |
1.1.8 Create Separate Partition for /var/log/audit | AUDIT AND ACCOUNTABILITY |
1.1.9 Create Separate Partition for /home | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.10 Add nodev Option to /home | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.11 Add nodev Option to Removable Media Partitions | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.12 Add noexec Option to Removable Media Partitions | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.13 Add nosuid Option to Removable Media Partitions | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.14 Add nodev Option to /dev/shm Partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.15 Add nosuid Option to /dev/shm Partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.16 Add noexec Option to /dev/shm Partition | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.17 Set Sticky Bit on All World-Writable Directories | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.2.1 Configure Connection to the RHN RPM Repositories | SYSTEM AND INFORMATION INTEGRITY |
1.2.2 Verify Red Hat GPG Key is Installed | SYSTEM AND INFORMATION INTEGRITY |
1.2.3 Verify that gpgcheck is Globally Activated | SYSTEM AND INFORMATION INTEGRITY |
1.2.6 Obtain Software Package Updates with yum | CONFIGURATION MANAGEMENT |
1.2.7 Verify Package Integrity Using RPM | AUDIT AND ACCOUNTABILITY |
1.5.1 Set User/Group Owner on /etc/grub.conf | ACCESS CONTROL |
1.5.2 Set Permissions on /etc/grub.conf | ACCESS CONTROL |
1.5.3 Set Boot Loader Password | CONFIGURATION MANAGEMENT |
1.5.4 Require Authentication for Single-User Mode | CONFIGURATION MANAGEMENT |
1.5.5 Disable Interactive Boot | CONFIGURATION MANAGEMENT |
1.6.1 Restrict Core Dumps - * hard core 0' | CONFIGURATION MANAGEMENT |
1.6.1 Restrict Core Dumps - fs.suid_dumpable = 0' | CONFIGURATION MANAGEMENT |
1.6.2 Configure ExecShield - kernel.exec-shield = 1 | CONFIGURATION MANAGEMENT |
1.6.3 Enable Randomized Virtual Memory Region Placement - kernel.randomize_va_space = 2 | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
1.6.4 Enable XD/NX Support on 32-bit x86 Systems - cpuinfo | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
1.6.4 Enable XD/NX Support on 32-bit x86 Systems - kernel-PAE | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
1.6.5 Disable Prelink - PRELINKING=no | CONFIGURATION MANAGEMENT |
1.7 Use the Latest OS Release | SYSTEM AND INFORMATION INTEGRITY |
2.1.1 Remove telnet-server | CONFIGURATION MANAGEMENT |
2.1.2 Remove telnet Clients | CONFIGURATION MANAGEMENT |
2.1.3 Remove rsh-server | CONFIGURATION MANAGEMENT |
2.1.4 Remove rsh | CONFIGURATION MANAGEMENT |
2.1.5 Remove NIS Client | CONFIGURATION MANAGEMENT |
2.1.6 Remove NIS Server | CONFIGURATION MANAGEMENT |
2.1.7 Remove tftp | CONFIGURATION MANAGEMENT |
2.1.8 Remove tftp-server | CONFIGURATION MANAGEMENT |
2.1.9 Remove talk | CONFIGURATION MANAGEMENT |
2.1.10 Remove talk-server | CONFIGURATION MANAGEMENT |
2.1.12 Disable chargen-dgram | CONFIGURATION MANAGEMENT |
2.1.13 Disable chargen-stream | CONFIGURATION MANAGEMENT |
2.1.14 Disable daytime-dgram | CONFIGURATION MANAGEMENT |
2.1.15 Disable daytime-stream | CONFIGURATION MANAGEMENT |
2.1.16 Disable echo-dgram | CONFIGURATION MANAGEMENT |