Detections
Analytics

Tenable Cisco Firepower Management Center OS Best Practices Audit

Audit Details

Name: Tenable Cisco Firepower Management Center OS Best Practices Audit

Updated: 12/8/2023

Authority: TNS

Plugin: Unix

Revision: 1.16

Estimated Item Count: 390

File Details

Filename: Tenable_Best_Practices_Cisco_Firepower_Management_Center_OS.audit

Size: 772 kB

MD5: 70df093653703e6fdac6b6e719b77175
SHA256: 9205f61897ae3e4ec55d30215497acaffa3f759e01627115add1eb9494ba952a

Audit Changelog

 
Revision 1.16

Dec 8, 2023

Functional Update
  • Ensure permissions on /etc/shadow- are configured
Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.15

Nov 3, 2023

Miscellaneous
  • Metadata updated.
Revision 1.14

Nov 1, 2023

Miscellaneous
  • Platform check updated.
  • References updated.
Revision 1.13

Jul 5, 2023

Functional Update
  • Ensure audit logs are not automatically deleted
  • Ensure system is disabled when audit logs are full - 'action_mail_acct = root'
  • Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt'
  • Ensure system is disabled when audit logs are full - 'space_left_action = email'
Miscellaneous
  • References updated.
Revision 1.12

Jun 2, 2023

Functional Update
  • Ensure ntp is configured - restrict -4
Revision 1.11

Apr 12, 2023

Functional Update
  • Ensure minimum days between password changes is 7 or more
  • Ensure password expiration is 365 days or less
  • Ensure password expiration warning days is 7 or more
Miscellaneous
  • Metadata updated.
  • Variables updated.
Revision 1.10

Apr 10, 2023

Functional Update
  • Ensure ntp is configured - restrict -4
Revision 1.9

Mar 20, 2023

Functional Update
  • Ensure SSH IgnoreRhosts is enabled
  • Ensure SSH LoginGraceTime is set to one minute or less
  • Ensure events that modify date and time information are collected - audit.rules time-change
Revision 1.8

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.7

Jan 10, 2023

Functional Update
  • Ensure message of the day is configured properly
  • Ensure permissions on /etc/motd are configured
Miscellaneous
  • Metadata updated.
  • References updated.
  • Variables updated.