Detections
Analytics

Revision 1.16May 16, 2023

Functional Update
  • 3.4.1.1 Ensure firewalld is installed - firewalld
  • 3.4.1.1 Ensure firewalld is installed - iptables
  • 3.4.1.2 Ensure iptables-services not installed with firewalld
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - inactive
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - installed
  • 3.4.1.3 Ensure nftables either not installed or masked with firewalld - masked
  • 3.4.1.4 Ensure firewalld service enabled and running - enabled
  • 3.4.1.4 Ensure firewalld service enabled and running - running
  • 3.4.1.5 Ensure firewalld default zone is set
  • 3.4.1.6 Ensure network interfaces are assigned to appropriate zone
  • 3.4.1.7 Ensure firewalld drops unnecessary services and ports
  • 3.4.2.1 Ensure nftables is installed
  • 3.4.2.10 Ensure nftables service is enabled
  • 3.4.2.11 Ensure nftables rules are permanent - forward
  • 3.4.2.11 Ensure nftables rules are permanent - input
  • 3.4.2.11 Ensure nftables rules are permanent - output
  • 3.4.2.2 Ensure firewalld is either not installed or masked with nftables
  • 3.4.2.2 Ensure firewalld is either not installed or masked with nftables - masked
  • 3.4.2.2 Ensure firewalld is either not installed or masked with nftables - stopped
  • 3.4.2.3 Ensure iptables-services not installed with nftables
  • 3.4.2.4 Ensure iptables are flushed with nftables - ip6tables
  • 3.4.2.4 Ensure iptables are flushed with nftables - iptables
  • 3.4.2.5 Ensure an nftables table exists
  • 3.4.2.6 Ensure nftables base chains exist - hook forward
  • 3.4.2.6 Ensure nftables base chains exist - hook input
  • 3.4.2.6 Ensure nftables base chains exist - hook output
  • 3.4.2.7 Ensure nftables loopback traffic is configured - 'iif lo accept'
  • 3.4.2.7 Ensure nftables loopback traffic is configured - 'ip saddr'
  • 3.4.2.7 Ensure nftables loopback traffic is configured - 'ip sddr'
  • 3.4.2.7 Ensure nftables loopback traffic is configured - 'ip6 saddr'
  • 3.4.2.7 Ensure nftables loopback traffic is configured - 'ip6 sddr'
  • 3.4.2.8 Ensure nftables outbound and established connections are configured - input
  • 3.4.2.8 Ensure nftables outbound and established connections are configured - output
  • 3.4.2.9 Ensure nftables default deny firewall policy - hook forward
  • 3.4.2.9 Ensure nftables default deny firewall policy - hook input
  • 3.4.2.9 Ensure nftables default deny firewall policy - hook output
  • 3.4.3.1.1 Ensure iptables packages are installed
  • 3.4.3.1.2 Ensure nftables is not installed with iptables
  • 3.4.3.1.3 Ensure firewalld is either not installed or masked with iptables
  • 3.4.3.2.1 Ensure iptables loopback traffic is configured - INPUT
  • 3.4.3.2.1 Ensure iptables loopback traffic is configured - OUTPUT
  • 3.4.3.2.2 Ensure iptables outbound and established connections are configured
  • 3.4.3.2.3 Ensure iptables rules exist for all open ports
  • 3.4.3.2.4 Ensure iptables default deny firewall policy - Chain FORWARD
  • 3.4.3.2.4 Ensure iptables default deny firewall policy - Chain INPUT
  • 3.4.3.2.4 Ensure iptables default deny firewall policy - Chain OUTPUT
  • 3.4.3.2.5 Ensure iptables rules are saved
  • 3.4.3.2.6 Ensure iptables is enabled and active - active
  • 3.4.3.2.6 Ensure iptables is enabled and active - enabled
  • 3.4.3.3.1 Ensure ip6tables loopback traffic is configured - INPUT
  • 3.4.3.3.1 Ensure ip6tables loopback traffic is configured - OUTPUT
  • 3.4.3.3.2 Ensure ip6tables outbound and established connections are configured
  • 3.4.3.3.3 Ensure ip6tables firewall rules exist for all open ports
  • 3.4.3.3.4 Ensure ip6tables default deny firewall policy - Chain FORWARD
  • 3.4.3.3.4 Ensure ip6tables default deny firewall policy - Chain INPUT
  • 3.4.3.3.4 Ensure ip6tables default deny firewall policy - Chain OUTPUT
  • 3.4.3.3.5 Ensure ip6tables rules are saved
  • 3.4.3.3.6 Ensure ip6tables is enabled and active - active
  • 3.4.3.3.6 Ensure ip6tables is enabled and active - enabled
  • 4.2.1.1 Ensure rsyslog is installed
  • 4.2.1.2 Ensure rsyslog service is enabled
  • 4.2.1.3 Ensure journald is configured to send logs to rsyslog
  • 4.2.1.4 Ensure rsyslog default file permissions are configured
  • 4.2.1.5 Ensure logging is configured
  • 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host
  • 4.2.2.1.1 Ensure systemd-journal-remote is installed
  • 4.2.2.1.3 Ensure systemd-journal-remote is enabled
  • 4.2.2.2 Ensure journald service is enabled
  • 4.2.2.3 Ensure journald is configured to compress large log files
  • 4.2.2.4 Ensure journald is configured to write logfiles to persistent disk
  • 4.2.2.5 Ensure journald is not configured to send logs to rsyslog
  • 4.2.2.6 Ensure journald log rotation is configured per site policy
  • 4.2.2.7 Ensure journald default file permissions configured
  • 5.6.1.1 Ensure password expiration is 365 days or less - users
  • 5.6.1.2 Ensure minimum days between password changes is 7 or more - users
  • 5.6.1.3 Ensure password expiration warning days is 7 or more - users
  • 5.6.1.4 Ensure inactive password lock is 30 days or less - useradd
  • 5.6.1.4 Ensure inactive password lock is 30 days or less - users
Informational Update
  • 4.2.1.1 Ensure rsyslog is installed
  • 4.2.1.2 Ensure rsyslog service is enabled
  • 4.2.1.3 Ensure journald is configured to send logs to rsyslog
  • 4.2.1.5 Ensure logging is configured
  • 4.2.2.1.1 Ensure systemd-journal-remote is installed
  • 4.2.2.1.3 Ensure systemd-journal-remote is enabled
  • 4.2.2.2 Ensure journald service is enabled
  • 4.2.2.3 Ensure journald is configured to compress large log files
  • 4.2.2.4 Ensure journald is configured to write logfiles to persistent disk
  • 4.2.2.5 Ensure journald is not configured to send logs to rsyslog
  • 4.2.2.6 Ensure journald log rotation is configured per site policy
  • 4.2.2.7 Ensure journald default file permissions configured
Miscellaneous
  • Variables updated.
Added
  • 4.2.1.7 Ensure rsyslog is not configured to recieve logs from a remote client - imtcp
  • 4.2.1.7 Ensure rsyslog is not configured to recieve logs from a remote client - imtcp 514
  • 4.2.2.1.2 Ensure systemd-journal-remote is configured - Cert
  • 4.2.2.1.2 Ensure systemd-journal-remote is configured - Key
  • 4.2.2.1.2 Ensure systemd-journal-remote is configured - Trusted Cert
  • 4.2.2.1.2 Ensure systemd-journal-remote is configured - URL
  • 4.2.2.1.4 Ensure journald is not configured to recieve logs from a remote client
Removed
  • 4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote client - InputTCPServerRun
  • 4.2.1.7 Ensure rsyslog is not configured to receive logs from a remote client - imtcp
  • 4.2.2.1.2 Ensure systemd-journal-remote is configured
  • 4.2.2.1.4 Ensure journald is not configured to receive logs from a remote client