Revision 1.20Feb 16, 2021
Functional Update
- 3.4.4.1.1 Ensure default deny firewall policy - Chain FORWARD
- 3.4.4.1.1 Ensure default deny firewall policy - Chain INPUT
- 3.4.4.1.1 Ensure default deny firewall policy - Chain OUTPUT
- 3.4.4.2.2 Ensure IPv6 loopback traffic is configured
- 3.4.4.2.3 Ensure IPv6 outbound and established connections are configured
- 3.4.4.2.4 Ensure IPv6 firewall rules exist for all open ports - firewall rules
- 3.4.4.2.4 Ensure IPv6 firewall rules exist for all open ports - ports
- 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - InputTCPServerRun
- 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - ModLoad imtcp
- 5.5.5 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.sh
Informational Update
- 3.4.4.2.2 Ensure IPv6 loopback traffic is configured
- 3.4.4.2.3 Ensure IPv6 outbound and established connections are configured
- 3.4.4.2.4 Ensure IPv6 firewall rules exist for all open ports - firewall rules
- 3.4.4.2.4 Ensure IPv6 firewall rules exist for all open ports - ports
- 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - InputTCPServerRun
- 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - ModLoad imtcp
Miscellaneous
- Metadata updated.
- References updated.
Added
- 1.6.1 Ensure core dumps are restricted - systemctl coredump.service - ProcessSizeMax
- 1.6.1 Ensure core dumps are restricted - systemctl coredump.service - Storage
