Oct 3, 2023 Informational Update- 5.5.5 Ensure default user umask is 027 or more restrictive - default user umask
- 5.5.5 Ensure default user umask is 027 or more restrictive - less restrictive system wide umask
|
Aug 9, 2022 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Jul 12, 2022 Functional Update- 3.1.1 Ensure IP forwarding is disabled - sysctl ipv6
- 3.1.1 Ensure IP forwarding is disabled - sysctl.conf ipv6
- 3.2.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.all.accept_source_route = 0'
- 3.2.1 Ensure source routed packets are not accepted - 'net.ipv6.conf.default.accept_source_route = 0'
- 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv6.conf.all.accept_source_route
- 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv6.conf.default.accept_source_route
- 3.2.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.all.accept_redirects = 0'
- 3.2.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0'
- 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv6.conf.all.accept_redirects
- 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv6.conf.default.accept_redirects
- 3.2.9 Ensure IPv6 router advertisements are not accepted - net.ipv6.conf.all.accept_ra = 0
- 3.2.9 Ensure IPv6 router advertisements are not accepted - net.ipv6.conf.default.accept_ra = 0
- 3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.all.accept_ra
- 3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.default.accept_ra
- 5.2.18 Ensure SSH MaxStartups is configured - sshd output
- 5.2.18 Ensure SSH MaxStartups is configured - sshd_config
|
Jun 29, 2022 Functional Update- 3.4.3.1.3 Ensure firewalld is either not installed or masked with iptables - stopped
|
Jun 3, 2022 Functional Update- 6.2.7 Ensure users' home directories permissions are 750 or more restrictive
Added- 1.4.2 Ensure filesystem integrity is regularly checked - cron
- 1.4.2 Ensure filesystem integrity is regularly checked - systemctl is-enabled aidecheck.service
- 1.4.2 Ensure filesystem integrity is regularly checked - systemctl is-enabled aidecheck.timer
- 1.4.2 Ensure filesystem integrity is regularly checked - systemctl status aidecheck.timer
Removed- 1.4.2 Ensure filesystem integrity is regularly checked
|
May 11, 2022 Functional Update- 2.2.10 Ensure FTP Server is not enabled
- 2.2.11 Ensure DNS Server is not enabled
- 2.2.12 Ensure NFS is not enabled
- 2.2.13 Ensure RPC is not enabled
- 2.2.14 Ensure LDAP server is not enabled
- 2.2.15 Ensure DHCP Server is not enabled
- 2.2.17 Ensure NIS Server is not enabled
- 2.2.4 Ensure Avahi Server is not enabled - avahi-daemon.service
- 2.2.4 Ensure Avahi Server is not enabled - avahi-daemon.socket
- 2.2.6 Ensure HTTP Proxy Server is not enabled
- 2.2.7 Ensure Samba is not enabled
- 2.2.8 Ensure IMAP and POP3 server is not enabled
- 2.2.9 Ensure HTTP server is not enabled
|
Apr 25, 2022 |