CIS Rocky Linux 8 Server L1 v1.0.0

Audit Details

Name: CIS Rocky Linux 8 Server L1 v1.0.0

Updated: 11/28/2022

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 334

File Details

Filename: CIS_Rocky_Linux_8_v1.0.0_L1_Server.audit

Size: 897 kB

MD5: 90782a0130023dcaea4da3992bd604fa
SHA256: c89a553e73f8135a4ebac4e82133540f3009a883dcb90c8e2c893529f16f2796

Audit Changelog

 
Revision 1.5

Nov 28, 2022

Functional Update
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - masked
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - stopped
  • 5.2.10 Ensure SSH PermitUserEnvironment is disabled - sshd output
  • 5.2.11 Ensure SSH IgnoreRhosts is enabled - sshd output
  • 5.2.15 Ensure SSH warning banner is configured
  • 5.2.16 Ensure SSH MaxAuthTries is set to 4 or less - sshd output
  • 5.2.19 Ensure SSH LoginGraceTime is set to one minute or less - sshd output
  • 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax sshd output
  • 5.2.20 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval sshd output
  • 5.2.4 Ensure SSH access is limited - sshd output
  • 5.2.5 Ensure SSH LogLevel is appropriate - sshd output
  • 5.2.6 Ensure SSH PAM is enabled - sshd output
  • 5.2.7 Ensure SSH root login is disabled - sshd output
  • 5.2.8 Ensure SSH HostbasedAuthentication is disabled - sshd output
  • 5.2.9 Ensure SSH PermitEmptyPasswords is disabled - sshd output
Revision 1.4

Sep 19, 2022

Functional Update
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - masked
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - stopped
  • 5.6.1.5 Ensure all users last password change date is in the past
Miscellaneous
  • References updated.
Revision 1.3

Jul 12, 2022

Functional Update
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - masked
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - stopped
  • 5.2.17 Ensure SSH MaxStartups is configured - sshd output
  • 5.2.17 Ensure SSH MaxStartups is configured - sshd_config
Revision 1.2

Jun 29, 2022

Functional Update
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - masked
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - stopped
  • 3.4.3.1.3 Ensure firewalld is either not installed or masked with iptables - stopped
Revision 1.1

Jun 3, 2022

Functional Update
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - masked
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - stopped
  • 6.2.11 Ensure users' home directories permissions are 750 or more restrictive
Added
  • 1.3.2 Ensure filesystem integrity is regularly checked - cron
  • 1.3.2 Ensure filesystem integrity is regularly checked - systemctl is-enabled aidecheck.service
  • 1.3.2 Ensure filesystem integrity is regularly checked - systemctl is-enabled aidecheck.timer
  • 1.3.2 Ensure filesystem integrity is regularly checked - systemctl status aidecheck.timer
Removed
  • 1.3.2 Ensure filesystem integrity is regularly checked