CIS Red Hat Enterprise Linux 5 L2 v2.2.1

Audit Details

Name: CIS Red Hat Enterprise Linux 5 L2 v2.2.1

Updated: 7/5/2023

Authority: CIS

Plugin: Unix

Revision: 1.9

Estimated Item Count: 81

File Details

Filename: CIS_Red_Hat_EL5_v2.2.1_L2.audit

Size: 196 kB

MD5: 4724ab0f9c245bbbebd7850ab677332d
SHA256: 8639fde832568152b7a0d575d0decef3c030c6d5c68836ee7ff227c816d9e330

Audit Items

DescriptionCategories
1.1.18 Disable Mounting of cramfs Filesystems - install cramfs /bin/true'

CONFIGURATION MANAGEMENT

1.1.19 Disable Mounting of freevxfs Filesystems - install freevxfs /bin/true'

CONFIGURATION MANAGEMENT

1.1.20 Disable Mounting of jffs2 Filesystems - install jffs2 /bin/true'

CONFIGURATION MANAGEMENT

1.1.21 Disable Mounting of hfs Filesystems - install hfs /bin/true'

CONFIGURATION MANAGEMENT

1.1.22 Disable Mounting of hfsplus Filesystems - install hfsplus /bin/true'

CONFIGURATION MANAGEMENT

1.1.23 Disable Mounting of squashfs Filesystems - install squashfs /bin/true'

CONFIGURATION MANAGEMENT

1.1.24 Disable Mounting of udf Filesystems - lsmod

CONFIGURATION MANAGEMENT

1.1.24 Disable Mounting of udf Filesystems - modprobe

CONFIGURATION MANAGEMENT

1.2.4 Disable the rhnsd Daemon

SYSTEM AND INFORMATION INTEGRITY

1.2.5 Disable yum-updatesd

SYSTEM AND INFORMATION INTEGRITY

1.3.1 Install AIDE

AUDIT AND ACCOUNTABILITY

1.3.2 Implement Periodic Execution of File Integrity - 0 5 * * * /usr/sbin/aide --check'

AUDIT AND ACCOUNTABILITY

1.4.1 Enable SELinux in /etc/grub.conf - enforcing != 0

ACCESS CONTROL

1.4.1 Enable SELinux in /etc/grub.conf - selinux != 0

ACCESS CONTROL

1.4.2 Set the SELinux State - SELINUX=enforcing

ACCESS CONTROL

1.4.3 Set the SELinux Policy - SELINUXTYPE=targeted

ACCESS CONTROL

1.4.4 Remove SETroubleshoot

SYSTEM AND INFORMATION INTEGRITY

1.4.5 Disable MCS Translation Service (mcstrans)

SYSTEM AND INFORMATION INTEGRITY

1.4.6 Check for Unconfined Daemons

SYSTEM AND INFORMATION INTEGRITY

2.1.11 Remove xinetd

CONFIGURATION MANAGEMENT

4.2.3 Disable Secure ICMP Redirect Acceptance - net.ipv4.conf.all.secure_redirects = 0

SYSTEM AND INFORMATION INTEGRITY

4.2.3 Disable Secure ICMP Redirect Acceptance - net.ipv4.conf.default.secure_redirects = 0

SYSTEM AND INFORMATION INTEGRITY

4.2.7 Enable RFC-recommended Source Route Validation - net.ipv4.conf.all.rp_filter = 1

SYSTEM AND INFORMATION INTEGRITY

4.2.7 Enable RFC-recommended Source Route Validation - net.ipv4.conf.default.rp_filter = 1

SYSTEM AND INFORMATION INTEGRITY

5.3.1.1 Configure Audit Log Storage Size

AUDIT AND ACCOUNTABILITY

5.3.1.2 Disable System on Audit Log Full - action_mail_acct

AUDIT AND ACCOUNTABILITY

5.3.1.2 Disable System on Audit Log Full - admin_space_left_action

AUDIT AND ACCOUNTABILITY

5.3.1.2 Disable System on Audit Log Full - space_left_action

AUDIT AND ACCOUNTABILITY

5.3.1.3 Keep All Auditing Information

AUDIT AND ACCOUNTABILITY

5.3.2 Enable auditd Service

AUDIT AND ACCOUNTABILITY

5.3.3 Keep All Auditing Information

AUDIT AND ACCOUNTABILITY

5.3.4 Enable Auditing for Processes That Start Prior to auditd

AUDIT AND ACCOUNTABILITY

5.3.5 Record Events That Modify Date and Time Information - adjtimex

CONFIGURATION MANAGEMENT

5.3.5 Record Events That Modify Date and Time Information - arch=b64 -S adjtimex

CONFIGURATION MANAGEMENT

5.3.5 Record Events That Modify Date and Time Information - arch=b64 -S clock_settime

CONFIGURATION MANAGEMENT

5.3.5 Record Events That Modify Date and Time Information - clock_settime

CONFIGURATION MANAGEMENT

5.3.5 Record Events That Modify Date and Time Information - time-change

CONFIGURATION MANAGEMENT

5.3.6 Record Events That Modify User/Group Information - /etc/group

CONFIGURATION MANAGEMENT

5.3.6 Record Events That Modify User/Group Information - /etc/gshadow

CONFIGURATION MANAGEMENT

5.3.6 Record Events That Modify User/Group Information - /etc/passwd

CONFIGURATION MANAGEMENT

5.3.6 Record Events That Modify User/Group Information - /etc/security/opasswd

CONFIGURATION MANAGEMENT

5.3.6 Record Events That Modify User/Group Information - /etc/shadow

CONFIGURATION MANAGEMENT

5.3.7 Record Events That Modify the System's Network Environment - /etc/hosts

CONFIGURATION MANAGEMENT

5.3.7 Record Events That Modify the System's Network Environment - /etc/issue

CONFIGURATION MANAGEMENT

5.3.7 Record Events That Modify the System's Network Environment - /etc/issue.net

CONFIGURATION MANAGEMENT

5.3.7 Record Events That Modify the System's Network Environment - /etc/sysconfig/network

CONFIGURATION MANAGEMENT

5.3.7 Record Events That Modify the System's Network Environment - arch=b32 -S sethostname

CONFIGURATION MANAGEMENT

5.3.7 Record Events That Modify the System's Network Environment - arch=b64 -S sethostname

CONFIGURATION MANAGEMENT

5.3.8 Record Events That Modify the System's Mandatory Access Controls - /etc/selinux/

CONFIGURATION MANAGEMENT

5.3.9 Collect Login and Logout Events - /var/log/btmp

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY