Revision 1.5Jun 9, 2020
Functional Update
- 1.1.11 Ensure separate partition exists for /var/log
- 1.1.12 Ensure separate partition exists for /var/log/audit
- 1.1.13 Ensure separate partition exists for /home
- 1.1.2 Ensure separate partition exists for /tmp
- 1.1.6 Ensure separate partition exists for /var
- 1.1.7 Ensure separate partition exists for /var/tmp
- 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing=0
- 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux=0
- 1.6.1.2 Ensure the SELinux state is enforcing
- 1.6.1.3 Ensure SELinux policy is configured
- 1.6.1.4 Ensure SETroubleshoot is not installed
- 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed
- 1.6.1.6 Ensure no unconfined daemons exist
- 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration
- 1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode
- 1.6.2.2 Ensure all AppArmor Profiles are enforcing - processes unconfined
- 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded
- 1.6.3 Ensure SELinux or AppArmor are installed
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat (64-bit)
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown (64-bit)
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr/removexattr
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl xattr (64-bit)
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (64-bit)
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (64-bit)
- 4.1.13 Ensure successful file system mounts are collected - auditctl (32-bit)
- 4.1.13 Ensure successful file system mounts are collected - auditctl (64-bit)
- 4.1.14 Ensure file deletion events by users are collected - auditctl (32-bit)
- 4.1.14 Ensure file deletion events by users are collected - auditctl (64-bit)
- 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit)
- 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)
- 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit)
- 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit)
- 4.1.6 Ensure events that modify the system's network environment are collected - auditctl sethostname (32-bit)
- 4.1.6 Ensure events that modify the system's network environment are collected - auditctl sethostname (64-bit)
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor.d/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor.d/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux/
- 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/profile
Informational Update
- 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing=0
- 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux=0
- 1.6.1.2 Ensure the SELinux state is enforcing
- 1.6.1.3 Ensure SELinux policy is configured
- 1.6.1.4 Ensure SETroubleshoot is not installed
- 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed
- 1.6.1.6 Ensure no unconfined daemons exist
- 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration
- 1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode
- 1.6.2.2 Ensure all AppArmor Profiles are enforcing - processes unconfined
- 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded
- 1.6.3 Ensure SELinux or AppArmor are installed
Added
- 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module
- 4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module
- 4.1.8 Ensure login and logout events are collected - /var/log/faillog
- 4.1.8 Ensure login and logout events are collected - auditctl /var/log/faillog
- 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/bash.bashrc*
Removed
- 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module (32-bit)
- 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module (64-bit)
- 4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module (64-bit)
- 4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module (32-bit)
- 4.1.8 Ensure login and logout events are collected - /var/run/faillock/
- 4.1.8 Ensure login and logout events are collected - auditctl /var/run/faillock/
- 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/bashrc
