| Ensure broadcast ICMP requests are ignored - /etc/sysctl | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure chrony is configured - User | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure core dumps are restricted - limits.conf | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure default deny firewall policy - Chain OUTPUT | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure discretionary access control permission modification events are collected - auditctl b32 chmod fchmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - auditctl b32 chown fchown | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - b64 chmod fchmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - b64 setxattr | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify date and time information are collected - audit.rules b32 clock_settime | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify the system's network environment are collected - /etc/issue | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify user/group information are collected - /etc/security/opasswd | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure iptables is installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure iptables is installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure kernel module loading and unloading is collected - auditctl modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - auditctl rmmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - insmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - rmmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure login and logout events are collected - auditctl lastlog | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure mounting of cramfs filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of freevxfs filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of jffs2 filesystems is disabled - lsmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of jffs2 filesystems is disabled - modprobe | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of squashfs filesystems is disabled - lsmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure mounting of udf filesystems is disabled - lsmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure no unconfined daemons exist | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure nodev option set on /dev/shm partition | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure ntp is configured - OPTIONS or ExecStart -u ntp:ntp | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure packet redirect sending is disabled - /etc/sysctl ipv4 default send | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure password creation requirements are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure password creation requirements are configured - /etc/pam.d/* try_first_pass | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure password creation requirements are configured - pwquality.conf lcredit | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure password reuse is limited - pam_pwhistory.so | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure permissions on /etc/cron.d are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure permissions on /etc/gshadow- are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure permissions on /etc/passwd- are configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure prelink is disabled - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure remote rsyslog messages are only accepted on designated log hosts - InputTCPServerRun | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure remote rsyslog messages are only accepted on designated log hosts - ModLoad | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure remote syslog-ng messages are only accepted on designated log hosts | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure rsh server is not enabled - rexec | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure rsyslog default file permissions configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure rsyslog Service is enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure separate partition exists for /var/log/audit | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Ensure session initiation information is collected - auditctl btmp | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure source routed packets are not accepted - /etc/sysctl ipv4 all acccept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure source routed packets are not accepted - sysctl ipv4 default accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure sticky bit is set on all world-writable directories | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure successful file system mounts are collected - b64 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
