Detections
Analytics

CIS Red Hat Enterprise Linux 10 v1.0.0 L2 Server

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Red Hat Enterprise Linux 10 v1.0.0 L2 Server

Updated: 10/22/2025

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 81

File Details

Filename: CIS_Red_Hat_Enterprise_Linux_10_v1.0.0_L2_Server.audit

Size: 283 kB

MD5: 57ba09572c78f7ec12e84719b2625ab7
SHA256: ad1d099703d3f820cfee10f8e2a6ea64d9848a466e69226d2eb9d17eed2270f4

Audit Items

DescriptionCategories
1.1.1.6 Ensure overlay kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.7 Ensure squashfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.8 Ensure udf kernel module is not available

CONFIGURATION MANAGEMENT

1.1.2.3.1 Ensure separate partition exists for /home
1.1.2.4.1 Ensure separate partition exists for /var
1.1.2.5.1 Ensure separate partition exists for /var/tmp
1.1.2.6.1 Ensure separate partition exists for /var/log
1.1.2.7.1 Ensure separate partition exists for /var/log/audit
1.2.1.3 Ensure repo_gpgcheck is globally activated
1.2.1.5 Ensure weak dependencies are configured
1.3.1.5 Ensure the SELinux mode is enforcing

SYSTEM AND INFORMATION INTEGRITY

1.3.1.6 Ensure no unconfined services exist
1.5.3 Ensure fs.protected_symlinks is configured

ACCESS CONTROL

1.8.6 Ensure Xwayland is configured
2.1.3 Ensure cockpit web services are not in use
2.1.19 Ensure GNOME Display Manager is removed
2.1.20 Ensure X window server services are not in use
2.2.2 Ensure ldap client is not installed
3.3.1.1 Ensure net.ipv4.ip_forward is configured

CONFIGURATION MANAGEMENT

5.1.8 Ensure sshd DisableForwarding is enabled
5.1.9 Ensure sshd GSSAPIAuthentication is disabled

CONFIGURATION MANAGEMENT

5.2.4 Ensure users must provide password for escalation
5.3.2.1.3 Ensure password failed attempts lockout includes root account
5.4.1.2 Ensure minimum password days is configured

IDENTIFICATION AND AUTHENTICATION

5.4.3.1 Ensure nologin is not listed in /etc/shells
6.3.1.1 Ensure auditd packages are installed
6.3.1.2 Ensure auditing for processes that start prior to auditd is enabled

AUDIT AND ACCOUNTABILITY

6.3.1.3 Ensure audit_backlog_limit is configured
6.3.1.4 Ensure auditd service is enabled and active

AUDIT AND ACCOUNTABILITY

6.3.2.1 Ensure audit log storage size is configured
6.3.2.2 Ensure audit logs are not automatically deleted
6.3.2.3 Ensure system is disabled when audit logs are full

AUDIT AND ACCOUNTABILITY

6.3.2.4 Ensure system warns when audit logs are low on space
6.3.3.1 Ensure modification of the /etc/sudoers file is collected

AUDIT AND ACCOUNTABILITY

6.3.3.2 Ensure actions as another user are always logged

ACCESS CONTROL

6.3.3.3 Ensure events that modify the sudo log file are collected
6.3.3.4 Ensure events that modify date and time information are collected
6.3.3.5 Ensure events that modify sethostname and setdomainname are collected
6.3.3.6 Ensure events that modify /etc/issue and /etc/issue.net are collected
6.3.3.7 Ensure events that modify /etc/hosts and /etc/hostname are collected
6.3.3.8 Ensure events that modify /etc/sysconfig/network and /etc/sysconfig/network-scripts/ are collected
6.3.3.9 Ensure events that modify /etc/NetworkManager directory are collected
6.3.3.10 Ensure use of privileged commands are collected
6.3.3.11 Ensure unsuccessful file access attempts are collected

AUDIT AND ACCOUNTABILITY

6.3.3.12 Ensure events that modify /etc/group information are collected

AUDIT AND ACCOUNTABILITY

6.3.3.13 Ensure events that modify /etc/passwd information are collected

AUDIT AND ACCOUNTABILITY

6.3.3.14 Ensure events that modify /etc/shadow and /etc/gshadow are collected

AUDIT AND ACCOUNTABILITY

6.3.3.15 Ensure events that modify /etc/security/opasswd are collected

AUDIT AND ACCOUNTABILITY

6.3.3.16 Ensure events that modify /etc/nsswitch.conf file are collected

AUDIT AND ACCOUNTABILITY

6.3.3.17 Ensure events that modify /etc/pam.conf and /etc/pam.d/ information are collected

AUDIT AND ACCOUNTABILITY