Detections
Analytics

CIS Red Hat Enterprise Linux 10 v1.0.0 L1 Server

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Red Hat Enterprise Linux 10 v1.0.0 L1 Server

Updated: 10/22/2025

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 249

File Details

Filename: CIS_Red_Hat_Enterprise_Linux_10_v1.0.0_L1_Server.audit

Size: 985 kB

MD5: 9ea99e3c7369798f8be4d5f483e77589
SHA256: 95c389f58e6c3388b9064519d8187d4ccf93981654f781879bf1b63d2c5feec1

Audit Items

DescriptionCategories
1.1.1.1 Ensure cramfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.2 Ensure freevxfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.3 Ensure hfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.4 Ensure hfsplus kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure jffs2 kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.9 Ensure firewire-core kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.10 Ensure usb-storage kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.11 Ensure unused filesystems kernel modules are not available
1.1.2.1.1 Ensure /tmp is tmpfs or a separate partition

CONFIGURATION MANAGEMENT

1.1.2.1.2 Ensure nodev option set on /tmp partition

CONFIGURATION MANAGEMENT

1.1.2.1.3 Ensure nosuid option set on /tmp partition

CONFIGURATION MANAGEMENT

1.1.2.1.4 Ensure noexec option set on /tmp partition

CONFIGURATION MANAGEMENT

1.1.2.2.1 Ensure /dev/shm is tmpfs or a separate partition
1.1.2.2.2 Ensure nodev option set on /dev/shm partition

CONFIGURATION MANAGEMENT

1.1.2.2.3 Ensure nosuid option set on /dev/shm partition

CONFIGURATION MANAGEMENT

1.1.2.2.4 Ensure noexec option set on /dev/shm partition

CONFIGURATION MANAGEMENT

1.1.2.3.2 Ensure nodev option set on /home partition
1.1.2.3.3 Ensure nosuid option set on /home partition
1.1.2.4.2 Ensure nodev option set on /var partition
1.1.2.4.3 Ensure nosuid option set on /var partition
1.1.2.5.2 Ensure nodev option set on /var/tmp partition

CONFIGURATION MANAGEMENT

1.1.2.5.3 Ensure nosuid option set on /var/tmp partition

CONFIGURATION MANAGEMENT

1.1.2.5.4 Ensure noexec option set on /var/tmp partition

CONFIGURATION MANAGEMENT

1.1.2.6.2 Ensure nodev option set on /var/log partition

CONFIGURATION MANAGEMENT

1.1.2.6.3 Ensure nosuid option set on /var/log partition

CONFIGURATION MANAGEMENT

1.1.2.6.4 Ensure noexec option set on /var/log partition

CONFIGURATION MANAGEMENT

1.1.2.7.2 Ensure nodev option set on /var/log/audit partition

CONFIGURATION MANAGEMENT

1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition

CONFIGURATION MANAGEMENT

1.1.2.7.4 Ensure noexec option set on /var/log/audit partition

CONFIGURATION MANAGEMENT

1.2.1.1 Ensure GPG keys are configured
1.2.1.2 Ensure gpgcheck is configured

CONFIGURATION MANAGEMENT

1.2.1.4 Ensure package manager repositories are configured
1.2.2.1 Ensure updates, patches, and additional security software are installed
1.3.1.1 Ensure SELinux is installed
1.3.1.2 Ensure SELinux is not disabled in bootloader configuration
1.3.1.3 Ensure SELinux policy is configured
1.3.1.4 Ensure the SELinux mode is not disabled

SYSTEM AND COMMUNICATIONS PROTECTION

1.3.1.7 Ensure the MCS Translation Service (mcstrans) is not installed
1.3.1.8 Ensure SETroubleshoot is not installed
1.4.1 Ensure bootloader password is set
1.4.2 Ensure access to bootloader config is configured

CONFIGURATION MANAGEMENT

1.5.1 Ensure core file size is configured

CONFIGURATION MANAGEMENT

1.5.2 Ensure fs.protected_hardlinks is configured

ACCESS CONTROL

1.5.4 Ensure fs.suid_dumpable is configured
1.5.5 Ensure kernel.dmesg_restrict is configured

SYSTEM AND COMMUNICATIONS PROTECTION

1.5.6 Ensure kernel.kptr_restrict is configured

CONFIGURATION MANAGEMENT

1.5.7 Ensure kernel.yama.ptrace_scope is configured

CONFIGURATION MANAGEMENT

1.5.8 Ensure kernel.randomize_va_space is configured

SYSTEM AND INFORMATION INTEGRITY

1.5.9 Ensure systemd-coredump ProcessSizeMax is configured

CONFIGURATION MANAGEMENT

1.5.10 Ensure systemd-coredump Storage is configured

CONFIGURATION MANAGEMENT