Detections
Analytics

CIS Red Hat Enterprise Linux 10 v1.0.0 L2 Workstation

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Red Hat Enterprise Linux 10 v1.0.0 L2 Workstation

Updated: 10/22/2025

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 82

File Details

Filename: CIS_Red_Hat_Enterprise_Linux_10_v1.0.0_L2_Workstation.audit

Size: 297 kB

MD5: 0cc24f96fcd07af8c41c626f873573c3
SHA256: edc35837e53c0e4588e7d33d83c81c2a09db804dd41f41bbccf77831be934378

Audit Items

DescriptionCategories
1.1.1.6 Ensure overlay kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.7 Ensure squashfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.8 Ensure udf kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.9 Ensure firewire-core kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.10 Ensure usb-storage kernel module is not available

CONFIGURATION MANAGEMENT

1.1.2.3.1 Ensure separate partition exists for /home
1.1.2.4.1 Ensure separate partition exists for /var
1.1.2.5.1 Ensure separate partition exists for /var/tmp
1.1.2.6.1 Ensure separate partition exists for /var/log
1.1.2.7.1 Ensure separate partition exists for /var/log/audit
1.2.1.3 Ensure repo_gpgcheck is globally activated
1.2.1.5 Ensure weak dependencies are configured
1.3.1.5 Ensure the SELinux mode is enforcing

SYSTEM AND INFORMATION INTEGRITY

1.3.1.6 Ensure no unconfined services exist
1.5.3 Ensure fs.protected_symlinks is configured

ACCESS CONTROL

1.8.4 Ensure GDM automount is configured

IDENTIFICATION AND AUTHENTICATION

1.8.6 Ensure Xwayland is configured
2.1.1 Ensure autofs services are not in use
2.1.2 Ensure avahi daemon services are not in use
2.1.3 Ensure cockpit web services are not in use
2.2.2 Ensure ldap client is not installed
3.1.3 Ensure bluetooth services are not in use
5.2.4 Ensure users must provide password for escalation
5.3.2.1.3 Ensure password failed attempts lockout includes root account
5.4.1.2 Ensure minimum password days is configured

IDENTIFICATION AND AUTHENTICATION

5.4.3.1 Ensure nologin is not listed in /etc/shells
6.3.1.1 Ensure auditd packages are installed
6.3.1.2 Ensure auditing for processes that start prior to auditd is enabled

AUDIT AND ACCOUNTABILITY

6.3.1.3 Ensure audit_backlog_limit is configured
6.3.1.4 Ensure auditd service is enabled and active

AUDIT AND ACCOUNTABILITY

6.3.2.1 Ensure audit log storage size is configured
6.3.2.2 Ensure audit logs are not automatically deleted
6.3.2.3 Ensure system is disabled when audit logs are full

AUDIT AND ACCOUNTABILITY

6.3.2.4 Ensure system warns when audit logs are low on space
6.3.3.1 Ensure modification of the /etc/sudoers file is collected

AUDIT AND ACCOUNTABILITY

6.3.3.2 Ensure actions as another user are always logged

ACCESS CONTROL

6.3.3.3 Ensure events that modify the sudo log file are collected
6.3.3.4 Ensure events that modify date and time information are collected
6.3.3.5 Ensure events that modify sethostname and setdomainname are collected
6.3.3.6 Ensure events that modify /etc/issue and /etc/issue.net are collected
6.3.3.7 Ensure events that modify /etc/hosts and /etc/hostname are collected
6.3.3.8 Ensure events that modify /etc/sysconfig/network and /etc/sysconfig/network-scripts/ are collected
6.3.3.9 Ensure events that modify /etc/NetworkManager directory are collected
6.3.3.10 Ensure use of privileged commands are collected
6.3.3.11 Ensure unsuccessful file access attempts are collected

AUDIT AND ACCOUNTABILITY

6.3.3.12 Ensure events that modify /etc/group information are collected

AUDIT AND ACCOUNTABILITY

6.3.3.13 Ensure events that modify /etc/passwd information are collected

AUDIT AND ACCOUNTABILITY

6.3.3.14 Ensure events that modify /etc/shadow and /etc/gshadow are collected

AUDIT AND ACCOUNTABILITY

6.3.3.15 Ensure events that modify /etc/security/opasswd are collected

AUDIT AND ACCOUNTABILITY

6.3.3.16 Ensure events that modify /etc/nsswitch.conf file are collected

AUDIT AND ACCOUNTABILITY