1.1 Install Updates, Patches and Additional Security Software | SYSTEM AND INFORMATION INTEGRITY |
2.1 Create Separate Partition for /tmp | CONFIGURATION MANAGEMENT |
2.2 Set nodev option for /tmp Partition | CONFIGURATION MANAGEMENT |
2.3 Set nosuid option for /tmp Partition | CONFIGURATION MANAGEMENT |
2.4 Set noexec option for /tmp Partition | CONFIGURATION MANAGEMENT |
2.5 Create Separate Partition for /var | CONFIGURATION MANAGEMENT |
2.6 Bind Mount the /var/tmp directory to /tmp | CONFIGURATION MANAGEMENT |
2.7 Create Separate Partition for /var/log | AUDIT AND ACCOUNTABILITY |
2.8 Create Separate Partition for /var/log/audit | AUDIT AND ACCOUNTABILITY |
2.9 Create Separate Partition for /home | CONFIGURATION MANAGEMENT |
2.10 Add nodev Option to /home | CONFIGURATION MANAGEMENT |
2.11 Add nodev Option to Removable Media Partitions | CONFIGURATION MANAGEMENT |
2.12 Add noexec Option to Removable Media Partitions | CONFIGURATION MANAGEMENT |
2.13 Add nosuid Option to Removable Media Partitions | CONFIGURATION MANAGEMENT |
2.14 Add nodev Option to /run/shm Partition | CONFIGURATION MANAGEMENT |
2.15 Add nosuid Option to /run/shm Partition | CONFIGURATION MANAGEMENT |
2.16 Add noexec Option to /run/shm Partition | CONFIGURATION MANAGEMENT |
2.17 Set Sticky Bit on All World-Writable Directories | ACCESS CONTROL |
2.25 Disable Automounting | CONFIGURATION MANAGEMENT |
3.1 Set User/Group Owner on bootloader config | SYSTEM AND INFORMATION INTEGRITY |
3.2 Set Permissions on bootloader config | SYSTEM AND INFORMATION INTEGRITY |
3.3 Set Boot Loader Password - password | SYSTEM AND INFORMATION INTEGRITY |
3.3 Set Boot Loader Password - set superusers | SYSTEM AND INFORMATION INTEGRITY |
3.4 Require Authentication for Single-User Mode | IDENTIFICATION AND AUTHENTICATION |
4.1 Restrict Core Dumps - 'fs.suid.dumpable = 0' | ACCESS CONTROL |
4.1 Restrict Core Dumps - 'hard core 0' | ACCESS CONTROL |
4.1 Restrict Core Dumps - apport | CONFIGURATION MANAGEMENT |
4.1 Restrict Core Dumps - whoopsie | CONFIGURATION MANAGEMENT |
4.2 Enable XD/NX Support on 32-bit x86 Systems | SYSTEM AND INFORMATION INTEGRITY |
4.3 Enable Randomized Virtual Memory Region Placement | SYSTEM AND COMMUNICATIONS PROTECTION |
4.4 Disable Prelink | CONFIGURATION MANAGEMENT |
5.1.1 Ensure NIS is not installed | CONFIGURATION MANAGEMENT |
5.1.2 Ensure rsh server is not enabled - 'exec' | CONFIGURATION MANAGEMENT |
5.1.2 Ensure rsh server is not enabled - 'login' | CONFIGURATION MANAGEMENT |
5.1.2 Ensure rsh server is not enabled - 'shell' | CONFIGURATION MANAGEMENT |
5.1.3 Ensure rsh client is not installed - rsh-client | CONFIGURATION MANAGEMENT |
5.1.3 Ensure rsh client is not installed - rsh-redone-client | CONFIGURATION MANAGEMENT |
5.1.4 Ensure talk server is not enabled - 'ntalk' | CONFIGURATION MANAGEMENT |
5.1.4 Ensure talk server is not enabled - 'talk' | CONFIGURATION MANAGEMENT |
5.1.5 Ensure talk client is not installed | CONFIGURATION MANAGEMENT |
5.1.6 Ensure telnet server is not enabled | CONFIGURATION MANAGEMENT |
5.1.7 Ensure tftp-server is not enabled | CONFIGURATION MANAGEMENT |
5.1.8 Ensure xinetd is not enabled | CONFIGURATION MANAGEMENT |
5.2 Ensure chargen is not enabled | CONFIGURATION MANAGEMENT |
5.3 Ensure daytime is not enabled | CONFIGURATION MANAGEMENT |
5.4 Ensure echo is not enabled | CONFIGURATION MANAGEMENT |
5.5 Ensure discard is not enabled | CONFIGURATION MANAGEMENT |
5.6 Ensure time is not enabled | CONFIGURATION MANAGEMENT |
6.1 Ensure the X Window system is not installed - Review | CONFIGURATION MANAGEMENT |
6.2 Ensure Avahi Server is not enabled | CONFIGURATION MANAGEMENT |