Nov 28, 2023 |
Nov 17, 2023 Functional Update- 5.2.10 Ensure SSH PermitUserEnvironment is disabled
- 5.2.11 Ensure SSH IgnoreRhosts is enabled
- 5.2.17 Ensure SSH warning banner is configured
- 5.2.18 Ensure SSH MaxAuthTries is set to 4 or less
- 5.2.19 Ensure SSH MaxStartups is configured
- 5.2.20 Ensure SSH MaxSessions is set to 10 or less
- 5.2.21 Ensure SSH LoginGraceTime is set to one minute or less
- 5.2.22 Ensure SSH Idle Timeout Interval is configured
- 5.2.4 Ensure SSH access is limited
- 5.2.5 Ensure SSH LogLevel is appropriate
- 5.2.6 Ensure SSH PAM is enabled
- 5.2.7 Ensure SSH root login is disabled
- 5.2.8 Ensure SSH HostbasedAuthentication is disabled
- 5.2.9 Ensure SSH PermitEmptyPasswords is disabled
|
Nov 14, 2023 |
Nov 6, 2023 Functional Update- 4.2.1.1.1 Ensure systemd-journal-remote is installed
- 4.2.1.1.2 Ensure systemd-journal-remote is configured
- 4.2.1.1.3 Ensure systemd-journal-remote is enabled
- 4.2.1.1.4 Ensure journald is not configured to receive logs from a remote client
- 4.2.1.2 Ensure journald service is enabled
- 4.2.1.3 Ensure journald is configured to compress large log files
- 4.2.1.4 Ensure journald is configured to write logfiles to persistent disk
- 4.2.1.5 Ensure journald is not configured to send logs to rsyslog
- 4.2.1.6 Ensure journald log rotation is configured per site policy
- 4.2.1.7 Ensure journald default file permissions configured
- 4.2.2.1 Ensure rsyslog is installed
- 4.2.2.2 Ensure rsyslog service is enabled
- 4.2.2.3 Ensure journald is configured to send logs to rsyslog
- 4.2.2.4 Ensure rsyslog default file permissions are configured
- 4.2.2.5 Ensure logging is configured
- 4.2.2.6 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.2.7 Ensure rsyslog is not configured to receive logs from a remote client
Informational Update- 4.2.1.1.1 Ensure systemd-journal-remote is installed
- 4.2.1.1.2 Ensure systemd-journal-remote is configured
- 4.2.1.1.3 Ensure systemd-journal-remote is enabled
- 4.2.1.1.4 Ensure journald is not configured to receive logs from a remote client
- 4.2.1.2 Ensure journald service is enabled
- 4.2.1.3 Ensure journald is configured to compress large log files
- 4.2.1.4 Ensure journald is configured to write logfiles to persistent disk
- 4.2.1.5 Ensure journald is not configured to send logs to rsyslog
- 4.2.1.6 Ensure journald log rotation is configured per site policy
- 4.2.1.7 Ensure journald default file permissions configured
- 4.2.2.1 Ensure rsyslog is installed
- 4.2.2.2 Ensure rsyslog service is enabled
- 4.2.2.3 Ensure journald is configured to send logs to rsyslog
- 4.2.2.4 Ensure rsyslog default file permissions are configured
- 4.2.2.5 Ensure logging is configured
- 4.2.2.6 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.2.7 Ensure rsyslog is not configured to receive logs from a remote client
Added- 4.2.3 Ensure all logfiles have appropriate access configured
Removed- 4.2.2.5 Ensure logging is configured - '*.emerg :omusrmsg:*'
- 4.2.3 Ensure all logfiles have appropriate permissions and ownership
|
Oct 27, 2023 Functional Update- 4.2.2.1 Ensure rsyslog is installed
- 4.2.2.2 Ensure rsyslog service is enabled
- 4.2.2.3 Ensure journald is configured to send logs to rsyslog
- 4.2.2.4 Ensure rsyslog default file permissions are configured
- 4.2.2.5 Ensure logging is configured
- 4.2.2.5 Ensure logging is configured - '*.emerg :omusrmsg:*'
- 4.2.2.6 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.2.7 Ensure rsyslog is not configured to receive logs from a remote client
- 6.2.1 Ensure accounts in /etc/passwd use shadowed passwords
- 6.2.2 Ensure /etc/shadow password fields are not empty
|
Oct 24, 2023 Functional Update- 5.2.10 Ensure SSH PermitUserEnvironment is disabled
- 5.2.11 Ensure SSH IgnoreRhosts is enabled
- 5.2.17 Ensure SSH warning banner is configured
- 5.2.18 Ensure SSH MaxAuthTries is set to 4 or less
- 5.2.19 Ensure SSH MaxStartups is configured
- 5.2.20 Ensure SSH MaxSessions is set to 10 or less
- 5.2.21 Ensure SSH LoginGraceTime is set to one minute or less
- 5.2.4 Ensure SSH access is limited
- 5.2.5 Ensure SSH LogLevel is appropriate
- 5.2.6 Ensure SSH PAM is enabled
- 5.2.7 Ensure SSH root login is disabled
- 5.2.8 Ensure SSH HostbasedAuthentication is disabled
- 5.2.9 Ensure SSH PermitEmptyPasswords is disabled
Added- 5.2.13 Ensure only strong Ciphers are used
- 5.2.14 Ensure only strong MAC algorithms are used
- 5.2.15 Ensure only strong Key Exchange algorithms are used
- 5.2.22 Ensure SSH Idle Timeout Interval is configured
Removed- 5.2.13 Ensure only strong Ciphers are used - approved ciphers
- 5.2.13 Ensure only strong Ciphers are used - weak ciphers
- 5.2.14 Ensure only strong MAC algorithms are used - approved MACs
- 5.2.14 Ensure only strong MAC algorithms are used - weak MACs
- 5.2.15 Ensure only strong Key Exchange algorithms are used - approved algorithms
- 5.2.15 Ensure only strong Key Exchange algorithms are used - weak algorithms
- 5.2.22 Ensure SSH Idle Timeout Interval is configured - 'ClientAliveCountMax'
- 5.2.22 Ensure SSH Idle Timeout Interval is configured - 'ClientAliveInterval'
|
Oct 6, 2023 Functional Update- 2.2.16 Ensure rsync service is either not installed or masked
|
Sep 19, 2023 Functional Update- 3.1.2 Ensure wireless interfaces are disabled
- 4.1.4.3 Ensure only authorized groups are assigned ownership of audit log files
- 4.1.4.5 Ensure audit configuration files are 640 or more restrictive
- 4.1.4.6 Ensure audit configuration files are owned by root
- 4.1.4.7 Ensure audit configuration files belong to group root
- 4.2.2.1 Ensure rsyslog is installed
- 4.2.2.2 Ensure rsyslog service is enabled
- 4.2.2.3 Ensure journald is configured to send logs to rsyslog
- 4.2.2.4 Ensure rsyslog default file permissions are configured
- 4.2.2.5 Ensure logging is configured
- 4.2.2.5 Ensure logging is configured - '*.emerg :omusrmsg:*'
- 4.2.2.6 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.2.7 Ensure rsyslog is not configured to receive logs from a remote client
- 4.2.3 Ensure all logfiles have appropriate permissions and ownership
- 6.1.10 Ensure no unowned files or directories exist
- 6.1.11 Ensure no ungrouped files or directories exist
- 6.1.12 Audit SUID executables
- 6.1.13 Audit SGID executables
- 6.1.9 Ensure no world writable files exist
Miscellaneous- Metadata updated.
- References updated.
- Variables updated.
|
Sep 5, 2023 Functional Update- 4.2.1.1.1 Ensure systemd-journal-remote is installed
- 4.2.1.1.2 Ensure systemd-journal-remote is configured
- 4.2.1.1.3 Ensure systemd-journal-remote is enabled
- 4.2.1.2 Ensure journald service is enabled
- 4.2.1.3 Ensure journald is configured to compress large log files
- 4.2.1.4 Ensure journald is configured to write logfiles to persistent disk
- 4.2.1.5 Ensure journald is not configured to send logs to rsyslog
- 4.2.1.6 Ensure journald log rotation is configured per site policy
- 4.2.1.7 Ensure journald default file permissions configured
Informational Update- 4.2.1.1.1 Ensure systemd-journal-remote is installed
- 4.2.1.1.2 Ensure systemd-journal-remote is configured
- 4.2.1.1.3 Ensure systemd-journal-remote is enabled
- 4.2.1.2 Ensure journald service is enabled
- 4.2.1.3 Ensure journald is configured to compress large log files
- 4.2.1.4 Ensure journald is configured to write logfiles to persistent disk
- 4.2.1.5 Ensure journald is not configured to send logs to rsyslog
- 4.2.1.6 Ensure journald log rotation is configured per site policy
- 4.2.1.7 Ensure journald default file permissions configured
Added- 4.2.1.1.4 Ensure journald is not configured to receive logs from a remote client
Removed- 4.2.1.1.4 Ensure journald is not configured to recieve logs from a remote client
|
Aug 29, 2023 Functional Update- 3.5.2.5 Ensure nftables base chains exist - forward
- 3.5.2.5 Ensure nftables base chains exist - input
- 3.5.2.5 Ensure nftables base chains exist - output
|
