Detections
Analytics

Revision 1.12

Oct 5, 2020
Functional Update
  • 1.1.10 Ensure noexec option set on /var/tmp partition
  • 1.1.14 Ensure nodev option set on /home partition
  • 1.1.15 Ensure nodev option set on /dev/shm partition
  • 1.1.16 Ensure nosuid option set on /dev/shm partition
  • 1.1.17 Ensure noexec option set on /dev/shm partition
  • 1.1.18 Ensure nodev option set on removable media partitions
  • 1.1.19 Ensure nosuid option set on removable media partitions
  • 1.1.20 Ensure noexec option set on removable media partitions
  • 1.1.22 Disable Automounting
  • 1.1.3 Ensure nodev option set on /tmp partition
  • 1.1.4 Ensure nosuid option set on /tmp partition
  • 1.1.5 Ensure noexec option set on /tmp partition
  • 1.1.8 Ensure nodev option set on /var/tmp partition
  • 1.1.9 Ensure nosuid option set on /var/tmp partition
  • 1.4.2 Ensure filesystem integrity is regularly checked
  • 1.6.1 Ensure XD/NX support is enabled
  • 1.6.4 Ensure core dumps are restricted - processsizemax
  • 1.6.4 Ensure core dumps are restricted - storage
  • 1.8.2 Ensure GDM login banner is configured - banner-message-enable
  • 1.8.2 Ensure GDM login banner is configured - banner-message-text
  • 2.2.1.1 Ensure time synchronization is in use
  • 2.2.1.2 Ensure systemd-timesyncd is configured - FallbackNTP
  • 2.2.1.2 Ensure systemd-timesyncd is configured - NTP
  • 2.2.1.2 Ensure systemd-timesyncd is configured - RootDistanceMaxSec
  • 2.2.1.3 Ensure chrony is configured - server
  • 2.2.1.3 Ensure chrony is configured - uid
  • 2.2.1.4 Ensure ntp is configured - restrict -4
  • 2.2.1.4 Ensure ntp is configured - restrict -6
  • 2.2.1.4 Ensure ntp is configured - server
  • 2.2.1.4 Ensure ntp is configured - user
  • 3.5.1.1 Ensure a Firewall package is installed
  • 3.5.2.1 Ensure ufw service is enabled - systemctl
  • 3.5.2.1 Ensure ufw service is enabled - ufw
  • 3.5.2.2 Ensure default deny firewall policy
  • 3.5.2.3 Ensure loopback traffic is configured - v4
  • 3.5.2.3 Ensure loopback traffic is configured - v6
  • 3.5.2.4 Ensure outbound connections are configured
  • 3.5.2.5 Ensure firewall rules exist for all open ports
  • 3.5.3.1 Ensure iptables are flushed - v4
  • 3.5.3.1 Ensure iptables are flushed - v6
  • 3.5.3.2 Ensure a table exists
  • 3.5.3.3 Ensure base chains exist - forward
  • 3.5.3.3 Ensure base chains exist - input
  • 3.5.3.3 Ensure base chains exist - output
  • 3.5.3.4 Ensure loopback traffic is configured - lo
  • 3.5.3.4 Ensure loopback traffic is configured - v4
  • 3.5.3.4 Ensure loopback traffic is configured - v6
  • 3.5.3.5 Ensure outbound and established connections are configured
  • 3.5.3.6 Ensure default deny firewall policy - forward
  • 3.5.3.6 Ensure default deny firewall policy - input
  • 3.5.3.6 Ensure default deny firewall policy - output
  • 3.5.3.7 Ensure nftables service is enabled
  • 3.5.3.8 Ensure nftables rules are permanent
  • 3.5.4.1.1 Ensure default deny firewall policy - 'Chain FORWARD'
  • 3.5.4.1.1 Ensure default deny firewall policy - 'Chain INPUT'
  • 3.5.4.1.1 Ensure default deny firewall policy - 'Chain OUTPUT'
  • 3.5.4.1.2 Ensure loopback traffic is configured
  • 3.5.4.1.3 Ensure outbound and established connections are configured
  • 3.5.4.1.4 Ensure firewall rules exist for all open ports
  • 3.5.4.2.1 Ensure IPv6 default deny firewall policy - 'Chain FORWARD'
  • 3.5.4.2.1 Ensure IPv6 default deny firewall policy - 'Chain INPUT'
  • 3.5.4.2.1 Ensure IPv6 default deny firewall policy - 'Chain OUTPUT'
  • 3.5.4.2.2 Ensure IPv6 loopback traffic is configured
  • 3.5.4.2.3 Ensure IPv6 outbound and established connections are configured
  • 3.5.4.2.4 Ensure IPv6 firewall rules exist for all open ports
  • 4.2.1.1 Ensure rsyslog is installed
  • 4.2.1.2 Ensure rsyslog Service is enabled
  • 4.2.1.3 Ensure logging is configured - '*.*;mail.none;news.none -/var/log/messages'
  • 4.2.1.3 Ensure logging is configured - '*.=warning;*.=err -/var/log/warn'
  • 4.2.1.3 Ensure logging is configured - '*.crit /var/log/warn'
  • 4.2.1.3 Ensure logging is configured - '*.emerg :omusrmsg:*'
  • 4.2.1.3 Ensure logging is configured - 'auth,authpriv.* /var/log/auth.log'
  • 4.2.1.3 Ensure logging is configured - 'local0,local1.* -/var/log/localmessages'
  • 4.2.1.3 Ensure logging is configured - 'local2,local3.* -/var/log/localmessages'
  • 4.2.1.3 Ensure logging is configured - 'local4,local5.* -/var/log/localmessages'
  • 4.2.1.3 Ensure logging is configured - 'local6,local7.* -/var/log/localmessages'
  • 4.2.1.3 Ensure logging is configured - 'mail.* -/var/log/mail'
  • 4.2.1.3 Ensure logging is configured - 'mail.err /var/log/mail.err'
  • 4.2.1.3 Ensure logging is configured - 'mail.info -/var/log/mail.info'
  • 4.2.1.3 Ensure logging is configured - 'mail.warning -/var/log/mail.warn'
  • 4.2.1.3 Ensure logging is configured - 'news.crit -/var/log/news/news.crit'
  • 4.2.1.3 Ensure logging is configured - 'news.err -/var/log/news/news.err'
  • 4.2.1.3 Ensure logging is configured - 'news.notice -/var/log/news/news.notice'
  • 4.2.1.3 ensure logging is configured - '*.*;mail.none;news.none -/var/log/messages'
  • 4.2.1.3 ensure logging is configured - '*.=warning;*.=err -/var/log/warn'
  • 4.2.1.3 ensure logging is configured - '*.crit /var/log/warn'
  • 4.2.1.3 ensure logging is configured - '*.emerg :omusrmsg:*'
  • 4.2.1.3 ensure logging is configured - 'local0,local1.* -/var/log/localmessages'
  • 4.2.1.3 ensure logging is configured - 'local2,local3.* -/var/log/localmessages'
  • 4.2.1.3 ensure logging is configured - 'local4,local5.* -/var/log/localmessages'
  • 4.2.1.3 ensure logging is configured - 'local6,local7.* -/var/log/localmessages'
  • 4.2.1.3 ensure logging is configured - 'mail.* -/var/log/mail'
  • 4.2.1.3 ensure logging is configured - 'mail.err /var/log/mail.err'
  • 4.2.1.3 ensure logging is configured - 'mail.info -/var/log/mail.info'
  • 4.2.1.3 ensure logging is configured - 'mail.warning -/var/log/mail.warn'
  • 4.2.1.3 ensure logging is configured - 'news.crit -/var/log/news/news.crit'
  • 4.2.1.3 ensure logging is configured - 'news.err -/var/log/news/news.err'
  • 4.2.1.3 ensure logging is configured - 'news.notice -/var/log/news/news.notice'
  • 4.2.1.4 Ensure rsyslog default file permissions configured
  • 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts - InputTCPServerRun
  • 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts - ModLoad
  • 5.3.1 Ensure password creation requirements are configured - 'dcredit'
  • 5.3.1 Ensure password creation requirements are configured - 'lcredit'
  • 5.3.1 Ensure password creation requirements are configured - 'ocredit'
  • 5.3.1 Ensure password creation requirements are configured - 'ucredit'
Miscellaneous
  • Platform check updated.