Detections
Analytics

Revision 1.16May 19, 2023

Functional Update
  • 3.2.1 Ensure IP forwarding is disabled - ipv6
  • 3.3.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.all.accept_source_route = 0'
  • 3.3.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.default.accept_source_route = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.all.accept_redirects = 0'
  • 3.3.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0'
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - net.ipv6.conf.all.accept_ra = 0
  • 3.3.9 Ensure IPv6 router advertisements are not accepted - net.ipv6.conf.default.accept_ra = 0
  • 3.4.2.7 Ensure nftables loopback traffic is configured - 'ip6 saddr'
  • 3.4.3.3.1 Ensure ip6tables loopback traffic is configured - INPUT
  • 3.4.3.3.1 Ensure ip6tables loopback traffic is configured - OUTPUT
  • 3.4.3.3.2 Ensure ip6tables outbound and established connections are configured
  • 3.4.3.3.3 Ensure ip6tables firewall rules exist for all open ports
  • 3.4.3.3.4 Ensure ip6tables default deny firewall policy - Chain FORWARD
  • 3.4.3.3.4 Ensure ip6tables default deny firewall policy - Chain INPUT
  • 3.4.3.3.4 Ensure ip6tables default deny firewall policy - Chain OUTPUT
  • 3.4.3.3.5 Ensure ip6tables rules are saved
  • 3.4.3.3.6 Ensure ip6tables is enabled and active - active
  • 3.4.3.3.6 Ensure ip6tables is enabled and active - enabled
  • 5.2.10 Ensure SSH PermitUserEnvironment is disabled - sshd output
  • 5.2.11 Ensure SSH IgnoreRhosts is enabled - sshd output
  • 5.2.15 Ensure SSH warning banner is configured
  • 5.2.16 Ensure SSH MaxAuthTries is set to 4 or less - sshd output
  • 5.2.17 Ensure SSH MaxStartups is configured - sshd output
  • 5.2.18 Ensure SSH MaxSessions is set to 10 or less - sshd output
  • 5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd output
  • 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax sshd output
  • 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval sshd output
  • 5.2.4 Ensure SSH access is limited - sshd output
  • 5.2.5 Ensure SSH LogLevel is appropriate - sshd output
  • 5.2.6 Ensure SSH PAM is enabled - sshd output
  • 5.2.7 Ensure SSH root login is disabled - sshd output
  • 5.2.8 Ensure SSH HostbasedAuthentication is disabled - sshd output
  • 5.2.9 Ensure SSH PermitEmptyPasswords is disabled - sshd output
  • 5.5.1 Ensure password creation requirements are configured - enforce-for-root