Detections
Analytics

CIS Red Hat Enterprise Linux 10 v1.0.0 L1 Workstation

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Red Hat Enterprise Linux 10 v1.0.0 L1 Workstation

Updated: 10/22/2025

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 243

File Details

Filename: CIS_Red_Hat_Enterprise_Linux_10_v1.0.0_L1_Workstation.audit

Size: 959 kB

MD5: 2ad0a07ba025299ae2d39c7831b34010
SHA256: 511c4d7ebfed7724dbf482feb37f1292e326f52fa2122ab65355205d8393abaf

Audit Items

DescriptionCategories
1.1.1.1 Ensure cramfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.2 Ensure freevxfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.3 Ensure hfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.4 Ensure hfsplus kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure jffs2 kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.11 Ensure unused filesystems kernel modules are not available
1.1.2.1.1 Ensure /tmp is tmpfs or a separate partition

CONFIGURATION MANAGEMENT

1.1.2.1.2 Ensure nodev option set on /tmp partition

CONFIGURATION MANAGEMENT

1.1.2.1.3 Ensure nosuid option set on /tmp partition

CONFIGURATION MANAGEMENT

1.1.2.1.4 Ensure noexec option set on /tmp partition

CONFIGURATION MANAGEMENT

1.1.2.2.1 Ensure /dev/shm is tmpfs or a separate partition
1.1.2.2.2 Ensure nodev option set on /dev/shm partition

CONFIGURATION MANAGEMENT

1.1.2.2.3 Ensure nosuid option set on /dev/shm partition

CONFIGURATION MANAGEMENT

1.1.2.2.4 Ensure noexec option set on /dev/shm partition

CONFIGURATION MANAGEMENT

1.1.2.3.2 Ensure nodev option set on /home partition
1.1.2.3.3 Ensure nosuid option set on /home partition
1.1.2.4.2 Ensure nodev option set on /var partition
1.1.2.4.3 Ensure nosuid option set on /var partition
1.1.2.5.2 Ensure nodev option set on /var/tmp partition

CONFIGURATION MANAGEMENT

1.1.2.5.3 Ensure nosuid option set on /var/tmp partition

CONFIGURATION MANAGEMENT

1.1.2.5.4 Ensure noexec option set on /var/tmp partition

CONFIGURATION MANAGEMENT

1.1.2.6.2 Ensure nodev option set on /var/log partition

CONFIGURATION MANAGEMENT

1.1.2.6.3 Ensure nosuid option set on /var/log partition

CONFIGURATION MANAGEMENT

1.1.2.6.4 Ensure noexec option set on /var/log partition

CONFIGURATION MANAGEMENT

1.1.2.7.2 Ensure nodev option set on /var/log/audit partition

CONFIGURATION MANAGEMENT

1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition

CONFIGURATION MANAGEMENT

1.1.2.7.4 Ensure noexec option set on /var/log/audit partition

CONFIGURATION MANAGEMENT

1.2.1.1 Ensure GPG keys are configured
1.2.1.2 Ensure gpgcheck is configured

CONFIGURATION MANAGEMENT

1.2.1.4 Ensure package manager repositories are configured
1.2.2.1 Ensure updates, patches, and additional security software are installed
1.3.1.1 Ensure SELinux is installed
1.3.1.2 Ensure SELinux is not disabled in bootloader configuration
1.3.1.3 Ensure SELinux policy is configured
1.3.1.4 Ensure the SELinux mode is not disabled

SYSTEM AND COMMUNICATIONS PROTECTION

1.3.1.7 Ensure the MCS Translation Service (mcstrans) is not installed
1.4.1 Ensure bootloader password is set
1.4.2 Ensure access to bootloader config is configured

CONFIGURATION MANAGEMENT

1.5.1 Ensure core file size is configured

CONFIGURATION MANAGEMENT

1.5.2 Ensure fs.protected_hardlinks is configured

ACCESS CONTROL

1.5.4 Ensure fs.suid_dumpable is configured
1.5.5 Ensure kernel.dmesg_restrict is configured

SYSTEM AND COMMUNICATIONS PROTECTION

1.5.6 Ensure kernel.kptr_restrict is configured

CONFIGURATION MANAGEMENT

1.5.7 Ensure kernel.yama.ptrace_scope is configured

CONFIGURATION MANAGEMENT

1.5.8 Ensure kernel.randomize_va_space is configured

SYSTEM AND INFORMATION INTEGRITY

1.5.9 Ensure systemd-coredump ProcessSizeMax is configured

CONFIGURATION MANAGEMENT

1.5.10 Ensure systemd-coredump Storage is configured

CONFIGURATION MANAGEMENT

1.6.1 Ensure system wide crypto policy is not set to legacy
1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support
1.6.3 Ensure system wide crypto policy macs are configured