May 7, 2024 Functional Update- 2.1.2.1 Ensure chrony is configured with authorized timeserver
- 2.1.2.2 Ensure chrony is running as user _chrony
- 2.1.2.3 Ensure chrony is enabled and running
|
Apr 22, 2024 Functional Update- 5.1.2.6 Ensure rsyslog is configured to send logs to a remote log host
|
Apr 10, 2024 Functional Update- 1.8.2 Ensure GDM login banner is configured
- 1.8.3 Ensure GDM disable-user-list option is enabled
- 1.8.4 Ensure GDM screen locks when the user is idle
- 1.8.5 Ensure GDM screen locks cannot be overridden
- 1.8.8 Ensure GDM autorun-never is enabled
- 1.8.9 Ensure GDM autorun-never is not overridden
|
Mar 18, 2024 Functional Update- 4.2.2 Ensure permissions on SSH private host key files are configured
- 4.2.3 Ensure permissions on SSH public host key files are configured
- 5.1.3 Ensure all logfiles have appropriate access configured
- 6.1.11 Ensure world writable files and directories are secured
- 6.1.12 Ensure no unowned or ungrouped files or directories exist
- 6.1.13 Ensure SUID and SGID files are reviewed
- 6.2.12 Ensure local interactive user dot files access is configured
|
Mar 1, 2024 Functional Update- 3.4.1.7 Ensure ufw default deny firewall policy
|
Feb 12, 2024 Functional Update- 4.2.20 Ensure SSH LoginGraceTime is set to one minute or less
- 4.2.5 Ensure SSH LogLevel is appropriate
- 4.3.1 Ensure sudo is installed
|
Feb 8, 2024 Functional Update- 2.4 Ensure nonessential services are removed or masked
- 3.1.1 Ensure IPv6 status is identified
- 3.4.1.5 Ensure ufw outbound connections are configured
- 3.4.2.3 Ensure iptables are flushed with nftables
- 3.4.2.7 Ensure nftables outbound and established connections are configured
- 3.4.3.2.3 Ensure iptables outbound and established connections are configured
- 3.4.3.3.3 Ensure ip6tables outbound and established connections are configured
- 5.1.1.6 Ensure journald log rotation is configured per site policy
- 6.1.13 Ensure SUID and SGID files are reviewed
Informational Update- 6.1.13 Ensure SUID and SGID files are reviewed
|
Jan 29, 2024 Functional Update- 3.1.1 Ensure IPv6 status is identified
- 4.2.12 Ensure SSH X11 forwarding is disabled
Informational Update- 3.1.1 Ensure IPv6 status is identified
|
Jan 3, 2024 Functional Update- 2.2.13 Ensure SNMP Server is not installed
|
Dec 27, 2023 Functional Update- 5.1.1.1.1 Ensure systemd-journal-remote is installed
- 5.1.1.1.2 Ensure systemd-journal-remote is configured
- 5.1.1.1.3 Ensure systemd-journal-remote is enabled
- 5.1.1.1.4 Ensure journald is not configured to receive logs from a remote client
- 5.1.1.2 Ensure journald service is enabled
- 5.1.1.3 Ensure journald is configured to compress large log files
- 5.1.1.4 Ensure journald is configured to write logfiles to persistent disk
- 5.1.1.5 Ensure journald is not configured to send logs to rsyslog
- 5.1.1.6 Ensure journald log rotation is configured per site policy
- 5.1.1.7 Ensure journald default file permissions configured
- 5.1.2.1 Ensure rsyslog is installed
- 5.1.2.2 Ensure rsyslog service is enabled
- 5.1.2.3 Ensure journald is configured to send logs to rsyslog
- 5.1.2.4 Ensure rsyslog default file permissions are configured
- 5.1.2.5 Ensure logging is configured
- 5.1.2.6 Ensure rsyslog is configured to send logs to a remote log host
- 5.1.2.7 Ensure rsyslog is not configured to receive logs from a remote client
|