Detections
Analytics

Revision 1.21

Jun 9, 2021
Functional Update
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 1.9 Ensure updates, patches, and additional security software are installed
  • 2.2.1.1 Ensure time synchronization is in use
  • 3.4.4.2.2 Ensure IPv6 loopback traffic is configured
  • 3.4.4.2.3 Ensure IPv6 outbound and established connections are configured
  • 3.4.4.2.4 Ensure IPv6 firewall rules exist for all open ports - firewall rules
  • 3.4.4.2.4 Ensure IPv6 firewall rules exist for all open ports - ports
  • 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - InputTCPServerRun
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - ModLoad imtcp
  • 5.2.19 Ensure SSH MaxSessions is set to 4 or less
  • 5.7 Ensure access to the su command is restricted - wheel group contains root
  • 6.2.7 Ensure users' home directories permissions are 750 or more restrictive
  • 6.2.8 Ensure users own their home directories
  • 6.2.9 Ensure users' dot files are not group or world writable
Informational Update
  • 3.4.4.2.2 Ensure IPv6 loopback traffic is configured
  • 3.4.4.2.3 Ensure IPv6 outbound and established connections are configured
  • 3.4.4.2.4 Ensure IPv6 firewall rules exist for all open ports - firewall rules
  • 3.4.4.2.4 Ensure IPv6 firewall rules exist for all open ports - ports
  • 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - InputTCPServerRun
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - ModLoad imtcp
Miscellaneous
  • References updated.
  • Variables updated.
Added
  • 1.1.2 Ensure /tmp is configured - config check
  • 3.1.1 Ensure IP forwarding is disabled - ipv4 /etc/sysctl.conf /etc/sysctl.d/*
  • 3.1.1 Ensure IP forwarding is disabled - ipv4 sysctl
  • 3.1.1 Ensure IP forwarding is disabled - ipv6 /etc/sysctl.conf /etc/sysctl.d/*
  • 3.1.1 Ensure IP forwarding is disabled - ipv6 sysctl
Removed
  • 1.1.2 Ensure /tmp is configured - systemctl
  • 3.1.1 Ensure IP forwarding is disabled - /etc/sysctl.conf /etc/sysctl.d/*
  • 3.1.1 Ensure IP forwarding is disabled - sysctl