Tenable Cisco Firepower Management Center OS Best Practices Audit

Audit Details

Name: Tenable Cisco Firepower Management Center OS Best Practices Audit

Updated: 9/19/2022

Authority: TNS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 390

File Details

Filename: Tenable_Best_Practices_Cisco_Firepower_Management_Center_OS.audit

Size: 751 kB

MD5: f3c619fb89202f36d4e388cd6902bf97
SHA256: 6cee831ef526f598a596b8b7ac420e88aaf9727eaf17d67b656c8fb78869b1f9

Audit Items

DescriptionCategories
Audit SGID executables

ACCESS CONTROL

Audit SUID executables

ACCESS CONTROL

Audit system file permissions - dpkg

SYSTEM AND INFORMATION INTEGRITY

Audit system file permissions - rpm

SYSTEM AND INFORMATION INTEGRITY

Audit system file permissions - zypper

SYSTEM AND INFORMATION INTEGRITY

chrony is not installed - NTP server

AUDIT AND ACCOUNTABILITY

chrony is not installed - User

ACCESS CONTROL

Disable Automounting

CONFIGURATION MANAGEMENT

Ensure /etc/hosts.allow is configured

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure /etc/hosts.deny is configured

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure access to the su command is restricted - pam_wheel.so

ACCESS CONTROL

Ensure access to the su command is restricted - wheel group contains root

ACCESS CONTROL

Ensure address space layout randomization (ASLR) is enabled - sysctl

SYSTEM AND INFORMATION INTEGRITY

Ensure address space layout randomization (ASLR) is enabled - sysctl.conf

SYSTEM AND INFORMATION INTEGRITY

Ensure AIDE is installed - dpkg

CONFIGURATION MANAGEMENT

Ensure AIDE is installed - rpm

AUDIT AND ACCOUNTABILITY

Ensure AIDE is installed - zypper

AUDIT AND ACCOUNTABILITY

Ensure all groups in /etc/passwd exist in /etc/group

ACCESS CONTROL

Ensure all users last password change date is in the past

IDENTIFICATION AND AUTHENTICATION

Ensure all users' home directories exist

CONFIGURATION MANAGEMENT

Ensure at/cron is restricted to authorized users - at.allow

ACCESS CONTROL

Ensure at/cron is restricted to authorized users - at.deny

ACCESS CONTROL

Ensure at/cron is restricted to authorized users - cron.allow

ACCESS CONTROL

Ensure at/cron is restricted to authorized users - cron.deny

ACCESS CONTROL

Ensure audit log storage size is configured

AUDIT AND ACCOUNTABILITY

Ensure audit logs are not automatically deleted

AUDIT AND ACCOUNTABILITY

Ensure authentication required for single user mode

SYSTEM AND INFORMATION INTEGRITY

Ensure Avahi Server is not enabled

CONFIGURATION MANAGEMENT

Ensure bogus ICMP responses are ignored - /etc/sysctl

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure bogus ICMP responses are ignored - sysctl

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure broadcast ICMP requests are ignored - /etc/sysctl

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure broadcast ICMP requests are ignored - sysctl

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers

AUDIT AND ACCOUNTABILITY

Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.d

AUDIT AND ACCOUNTABILITY

Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers

AUDIT AND ACCOUNTABILITY

Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.d

AUDIT AND ACCOUNTABILITY

Ensure chrony is configured - NTP server

AUDIT AND ACCOUNTABILITY

Ensure chrony is configured - User

ACCESS CONTROL

Ensure core dumps are restricted - limits.conf

ACCESS CONTROL

Ensure core dumps are restricted - sysctl

ACCESS CONTROL

Ensure core dumps are restricted - sysctl.conf

ACCESS CONTROL, CONFIGURATION MANAGEMENT

Ensure CUPS Server is not enabled

CONFIGURATION MANAGEMENT

Ensure daytime services are not enabled

CONFIGURATION MANAGEMENT

Ensure DCCP is disabled

CONFIGURATION MANAGEMENT

Ensure default deny firewall policy - Chain FORWARD

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure default deny firewall policy - Chain INPUT

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure default deny firewall policy - Chain OUTPUT

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure default group for the root account is GID 0

ACCESS CONTROL

Ensure default user shell timeout is 900 seconds or less - /etc/profile

ACCESS CONTROL

Ensure DHCP Server is not enabled

CONFIGURATION MANAGEMENT