Mar 18, 2024 Functional Update- 5.2.2 Ensure permissions on SSH private host key files are configured
- 5.2.3 Ensure permissions on SSH public host key files are configured
Added- 4.2.3 Ensure all logfiles have appropriate permissions and ownership
Removed- 4.2.3 Ensure all logfiles have appropriate access configured
|
Feb 14, 2024 Added- 3.4.1.1 Ensure nftables is installed - firewall misconfigured
- 3.4.1.1 Ensure nftables is installed - firewalld
- 3.4.1.1 Ensure nftables is installed - nftables
- 3.4.1.2 Ensure a single firewall configuration utility is in use - firewall misconfigured
- 3.4.1.2 Ensure a single firewall configuration utility is in use - firewalld
- 3.4.1.2 Ensure a single firewall configuration utility is in use - nftables
- 3.4.2.1 Ensure firewalld default zone is set - firewall misconfigured
- 3.4.2.1 Ensure firewalld default zone is set - firewalld
- 3.4.2.1 Ensure firewalld default zone is set - nftables
- 3.4.2.2 Ensure at least one nftables table exists - firewall misconfigured
- 3.4.2.2 Ensure at least one nftables table exists - firewalld
- 3.4.2.2 Ensure at least one nftables table exists - nftables
- 3.4.2.3 Ensure nftables base chains exist - firewall misconfigured
- 3.4.2.3 Ensure nftables base chains exist - firewalld
- 3.4.2.3 Ensure nftables base chains exist - nftables
- 3.4.2.4 Ensure host based firewall loopback traffic is configured - firewall misconfigured
- 3.4.2.4 Ensure host based firewall loopback traffic is configured - firewalld
- 3.4.2.4 Ensure host based firewall loopback traffic is configured - nftables
- 3.4.2.5 Ensure firewalld drops unnecessary services and ports - firewall misconfigured
- 3.4.2.5 Ensure firewalld drops unnecessary services and ports - firewalld
- 3.4.2.5 Ensure firewalld drops unnecessary services and ports - nftables
- 3.4.2.6 Ensure nftables established connections are configured - firewall misconfigured
- 3.4.2.6 Ensure nftables established connections are configured - firewalld
- 3.4.2.6 Ensure nftables established connections are configured - nftables
- 3.4.2.7 Ensure nftables default deny firewall policy - firewall misconfigured
- 3.4.2.7 Ensure nftables default deny firewall policy - firewalld
- 3.4.2.7 Ensure nftables default deny firewall policy - nftables
Removed- 3.4.1.1 Ensure nftables is installed
- 3.4.1.2 Ensure a single firewall configuration utility is in use
- 3.4.2.1 Ensure firewalld default zone is set
- 3.4.2.2 Ensure at least one nftables table exists
- 3.4.2.3 Ensure nftables base chains exist - hook forward
- 3.4.2.3 Ensure nftables base chains exist - hook input
- 3.4.2.3 Ensure nftables base chains exist - hook output
- 3.4.2.4 Ensure host based firewall loopback traffic is configured
- 3.4.2.5 Ensure firewalld drops unnecessary services and ports
- 3.4.2.6 Ensure nftables established connections are configured
- 3.4.2.7 Ensure nftables default deny firewall policy - hook forward
- 3.4.2.7 Ensure nftables default deny firewall policy - hook input
|
Feb 5, 2024 Functional Update- 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax sshd output
|
Jan 22, 2024 Functional Update- 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax sshd output
|
Dec 27, 2023 Functional Update- 3.4.2.5 Ensure firewalld drops unnecessary services and ports
- 4.2.2.1.1 Ensure systemd-journal-remote is installed
- 4.2.2.1.2 Ensure systemd-journal-remote is configured
- 4.2.2.1.3 Ensure systemd-journal-remote is enabled
- 4.2.2.1.4 Ensure journald is not configured to receive logs from a remote client
- 4.2.2.2 Ensure journald service is enabled
- 4.2.2.3 Ensure journald is configured to compress large log files
- 4.2.2.4 Ensure journald is configured to write logfiles to persistent disk
- 4.2.2.5 Ensure journald is not configured to send logs to rsyslog
- 4.2.2.6 Ensure journald log rotation is configured per site policy
- 4.2.2.7 Ensure journald default file permissions configured
- 5.3.2 Ensure sudo commands use pty
- 5.5.2 Ensure lockout for failed password attempts is configured - unlock_time
|
Dec 8, 2023 Functional Update- 4.2.1.1 Ensure rsyslog is installed
- 4.2.1.2 Ensure rsyslog service is enabled
- 4.2.1.3 Ensure journald is configured to send logs to rsyslog
- 4.2.1.4 Ensure rsyslog default file permissions are configured
- 4.2.1.5 Ensure logging is configured
- 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote client
- 4.2.2.1.1 Ensure systemd-journal-remote is installed
- 4.2.2.1.2 Ensure systemd-journal-remote is configured
- 4.2.2.1.3 Ensure systemd-journal-remote is enabled
- 4.2.2.1.4 Ensure journald is not configured to receive logs from a remote client
- 4.2.2.2 Ensure journald service is enabled
- 4.2.2.3 Ensure journald is configured to compress large log files
- 4.2.2.4 Ensure journald is configured to write logfiles to persistent disk
- 4.2.2.5 Ensure journald is not configured to send logs to rsyslog
- 4.2.2.6 Ensure journald log rotation is configured per site policy
- 4.2.2.7 Ensure journald default file permissions configured
|
Nov 17, 2023 Functional Update- 5.2.10 Ensure SSH PermitUserEnvironment is disabled - sshd output
- 5.2.11 Ensure SSH IgnoreRhosts is enabled - sshd output
- 5.2.12 Ensure SSH X11 forwarding is disabled - sshd output
- 5.2.15 Ensure SSH warning banner is configured
- 5.2.16 Ensure SSH MaxAuthTries is set to 4 or less - sshd output
- 5.2.17 Ensure SSH MaxStartups is configured - sshd output
- 5.2.18 Ensure SSH MaxSessions is set to 10 or less - sshd output
- 5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd output
- 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax sshd output
- 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval sshd output
- 5.2.4 Ensure SSH access is limited - sshd output
- 5.2.5 Ensure SSH LogLevel is appropriate - sshd output
- 5.2.6 Ensure SSH PAM is enabled - sshd output
- 5.2.7 Ensure SSH root login is disabled - sshd output
- 5.2.8 Ensure SSH HostbasedAuthentication is disabled - sshd output
- 5.2.9 Ensure SSH PermitEmptyPasswords is disabled - sshd output
|
Nov 6, 2023 Functional Update- 4.2.1.1 Ensure rsyslog is installed
- 4.2.1.2 Ensure rsyslog service is enabled
- 4.2.1.3 Ensure journald is configured to send logs to rsyslog
- 4.2.1.4 Ensure rsyslog default file permissions are configured
- 4.2.1.5 Ensure logging is configured
- 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote client
- 4.2.2.1.1 Ensure systemd-journal-remote is installed
- 4.2.2.1.2 Ensure systemd-journal-remote is configured
- 4.2.2.1.3 Ensure systemd-journal-remote is enabled
- 4.2.2.2 Ensure journald service is enabled
- 4.2.2.3 Ensure journald is configured to compress large log files
- 4.2.2.4 Ensure journald is configured to write logfiles to persistent disk
- 4.2.2.5 Ensure journald is not configured to send logs to rsyslog
- 4.2.2.6 Ensure journald log rotation is configured per site policy
- 4.2.2.7 Ensure journald default file permissions configured
- 5.4.1 Ensure custom authselect profile is used
Informational Update- 4.2.1.1 Ensure rsyslog is installed
- 4.2.1.2 Ensure rsyslog service is enabled
- 4.2.1.3 Ensure journald is configured to send logs to rsyslog
- 4.2.1.4 Ensure rsyslog default file permissions are configured
- 4.2.1.5 Ensure logging is configured
- 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote client
- 4.2.2.1.1 Ensure systemd-journal-remote is installed
- 4.2.2.1.2 Ensure systemd-journal-remote is configured
- 4.2.2.1.3 Ensure systemd-journal-remote is enabled
- 4.2.2.2 Ensure journald service is enabled
- 4.2.2.3 Ensure journald is configured to compress large log files
- 4.2.2.4 Ensure journald is configured to write logfiles to persistent disk
- 4.2.2.5 Ensure journald is not configured to send logs to rsyslog
- 4.2.2.6 Ensure journald log rotation is configured per site policy
- 4.2.2.7 Ensure journald default file permissions configured
Added- 4.2.2.1.4 Ensure journald is not configured to receive logs from a remote client
- 4.2.3 Ensure all logfiles have appropriate access configured
Removed- 4.2.2.1.2 Ensure systemd-journal-remote is configured - URL
- 4.2.2.1.4 Ensure journald is not configured to recieve logs from a remote client
- 4.2.3 Ensure all logfiles have appropriate permissions and ownership
|
Oct 27, 2023 Functional Update- 1.6.1.4 Ensure the SELinux mode is not disabled - getenforce
- 4.2.1.1 Ensure rsyslog is installed
- 4.2.1.2 Ensure rsyslog service is enabled
- 4.2.1.3 Ensure journald is configured to send logs to rsyslog
- 4.2.1.4 Ensure rsyslog default file permissions are configured
- 4.2.1.5 Ensure logging is configured
- 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote client
- 5.4.1 Ensure custom authselect profile is used
- 5.6.1.2 Ensure minimum days between password changes is configured - login.defs
- 6.2.1 Ensure accounts in /etc/passwd use shadowed passwords
- 6.2.2 Ensure /etc/shadow password fields are not empty
|
Oct 3, 2023 Functional Update- 5.6.1.5 Ensure all users last password change date is in the past
Informational Update- 5.6.5 Ensure default user umask is 027 or more restrictive - default user umask
- 5.6.5 Ensure default user umask is 027 or more restrictive - less restrictive system wide umask
|