CIS Red Hat EL8 Server L2 v1.0.1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Red Hat EL8 Server L2 v1.0.1

Updated: 6/1/2022

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.5

Estimated Item Count: 126

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of vFAT filesystems is limited - lsmod
1.1.1.2 Ensure mounting of vFAT filesystems is limited - modprobe
1.1.6 Ensure separate partition exists for /var
1.1.7 Ensure separate partition exists for /var/tmp
1.1.11 Ensure separate partition exists for /var/log
1.1.12 Ensure separate partition exists for /var/log/audit
1.1.13 Ensure separate partition exists for /home
1.7.1.1 Ensure SELinux is installed
1.7.1.2 Ensure SELinux is not disabled in bootloader configuration
1.7.1.3 Ensure SELinux policy is configured
1.7.1.4 Ensure the SELinux state is enforcing
1.7.1.5 Ensure no unconfined services exist
1.7.1.6 Ensure SETroubleshoot is not installed
1.7.1.7 Ensure the MCS Translation Service (mcstrans) is not installed
1.11 Ensure system-wide crypto policy is FUTURE or FIPS
3.3.1 Ensure DCCP is disabled
3.3.2 Ensure SCTP is disabled
3.3.3 Ensure RDS is disabled
3.3.4 Ensure TIPC is disabled
3.6 Disable IPv6
4.1.1.1 Ensure auditd is installed - 'audit-libs'
4.1.1.1 Ensure auditd is installed - 'audit'
4.1.1.2 Ensure auditd service is enabled
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.1.4 Ensure audit_backlog_limit is sufficient
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root'
4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt'
4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email'
4.1.3 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers
4.1.3 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.d
4.1.3 Ensure changes to system administration scope (sudoers) is collected - sudoers
4.1.3 Ensure changes to system administration scope (sudoers) is collected - sudoers.d
4.1.4 Ensure login and logout events are collected - /var/log/lastlog
4.1.4 Ensure login and logout events are collected - /var/run/faillock
4.1.4 Ensure login and logout events are collected - auditctl /var/log/lastlog
4.1.4 Ensure login and logout events are collected - auditctl /var/run/faillock
4.1.5 Ensure session initiation information is collected - auditctl btmp
4.1.5 Ensure session initiation information is collected - auditctl utmp
4.1.5 Ensure session initiation information is collected - auditctl wtmp
4.1.5 Ensure session initiation information is collected - btmp
4.1.5 Ensure session initiation information is collected - utmp
4.1.5 Ensure session initiation information is collected - wtmp
4.1.6 Ensure events that modify date and time information are collected - /etc/localtime
4.1.6 Ensure events that modify date and time information are collected - adjtimex
4.1.6 Ensure events that modify date and time information are collected - adjtimex (64-bit)
4.1.6 Ensure events that modify date and time information are collected - auditctl /etc/localtime
4.1.6 Ensure events that modify date and time information are collected - auditctl adjtimex
4.1.6 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)