Detections
Analytics

CIS Rocky Linux 10 v1.0.0 L1 Workstation

Audit Details

Name: CIS Rocky Linux 10 v1.0.0 L1 Workstation

Updated: 10/30/2025

Authority: CIS

Plugin: Unix

Revision: 1.0

Estimated Item Count: 243

File Details

Filename: CIS_Rocky_Linux_10_v1.0.0_L1_Workstation.audit

Size: 1.19 MB

MD5: f0e28257270a7dee7ec9053b99fd77f2
SHA256: 89ab7dad83f231ae8e971fb24721ac3fa637605c7b197b8616b5a6e481e5e20d

Audit Items

DescriptionCategories
1.1.1.1 Ensure cramfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.2 Ensure freevxfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.3 Ensure hfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.4 Ensure hfsplus kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure jffs2 kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.11 Ensure unused filesystems kernel modules are not available

CONFIGURATION MANAGEMENT

1.1.2.1.1 Ensure /tmp is tmpfs or a separate partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.1.2 Ensure nodev option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.1.3 Ensure nosuid option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.1.4 Ensure noexec option set on /tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.1 Ensure /dev/shm is tmpfs or a separate partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.2 Ensure nodev option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.3 Ensure nosuid option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.4 Ensure noexec option set on /dev/shm partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.3.2 Ensure nodev option set on /home partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.3.3 Ensure nosuid option set on /home partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.2 Ensure nodev option set on /var partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.3 Ensure nosuid option set on /var partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.2 Ensure nodev option set on /var/tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.3 Ensure nosuid option set on /var/tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.4 Ensure noexec option set on /var/tmp partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.2 Ensure nodev option set on /var/log partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.3 Ensure nosuid option set on /var/log partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.4 Ensure noexec option set on /var/log partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.2 Ensure nodev option set on /var/log/audit partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.4 Ensure noexec option set on /var/log/audit partition

ACCESS CONTROL, MEDIA PROTECTION

1.2.1.1 Ensure GPG keys are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.2 Ensure gpgcheck is configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.4 Ensure package manager repositories are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.2.1 Ensure updates, patches, and additional security software are installed

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1.1 Ensure SELinux is installed

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.2 Ensure SELinux is not disabled in bootloader configuration

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.3 Ensure SELinux policy is configured

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.4 Ensure the SELinux mode is not disabled

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.7 Ensure the MCS Translation Service (mcstrans) is not installed

CONFIGURATION MANAGEMENT

1.4.1 Ensure bootloader password is set

ACCESS CONTROL, MEDIA PROTECTION

1.4.2 Ensure access to bootloader config is configured

ACCESS CONTROL, MEDIA PROTECTION

1.5.1 Ensure core file size is configured

ACCESS CONTROL

1.5.2 Ensure fs.protected_hardlinks is configured

CONFIGURATION MANAGEMENT

1.5.4 Ensure fs.suid_dumpable is configured

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.5.5 Ensure kernel.dmesg_restrict is configured

ACCESS CONTROL, MEDIA PROTECTION

1.5.6 Ensure kernel.kptr_restrict is configured

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

1.5.7 Ensure kernel.yama.ptrace_scope is configured

CONFIGURATION MANAGEMENT

1.5.8 Ensure kernel.randomize_va_space is configured

SYSTEM AND INFORMATION INTEGRITY

1.5.9 Ensure systemd-coredump ProcessSizeMax is configured

CONFIGURATION MANAGEMENT

1.5.10 Ensure systemd-coredump Storage is configured

CONFIGURATION MANAGEMENT

1.6.1 Ensure system wide crypto policy is not set to legacy

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure system wide crypto policy disables sha1 hash and signature support

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy macs are configured

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION