CIS AlmaLinux OS 9 Workstation L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS AlmaLinux OS 9 Workstation L1 v1.0.0

Updated: 7/23/2024

Authority: CIS

Plugin: Unix

Revision: 1.32

Estimated Item Count: 196

File Details

Filename: CIS_AlmaLinux_OS_9_v1.0.0_L1_Workstation.audit

Size: 556 kB

MD5: ca0770c3190d917247f284d197fff867
SHA256: 593c95066d711c73b7e3173a0a60ad850050924533653f2c298b2545d781ad39

Audit Items

DescriptionCategories
1.1.2.1 Ensure /tmp is a separate partition
1.1.2.2 Ensure nodev option set on /tmp partition
1.1.2.3 Ensure noexec option set on /tmp partition
1.1.2.4 Ensure nosuid option set on /tmp partition
1.1.3.2 Ensure nodev option set on /var partition
1.1.3.3 Ensure nosuid option set on /var partition
1.1.4.2 Ensure noexec option set on /var/tmp partition
1.1.4.3 Ensure nosuid option set on /var/tmp partition
1.1.4.4 Ensure nodev option set on /var/tmp partition
1.1.5.2 Ensure nodev option set on /var/log partition
1.1.5.3 Ensure noexec option set on /var/log partition
1.1.5.4 Ensure nosuid option set on /var/log partition
1.1.6.2 Ensure noexec option set on /var/log/audit partition
1.1.6.3 Ensure nodev option set on /var/log/audit partition
1.1.6.4 Ensure nosuid option set on /var/log/audit partition
1.1.7.2 Ensure nodev option set on /home partition
1.1.7.3 Ensure nosuid option set on /home partition
1.1.8.1 Ensure /dev/shm is a separate partition
1.1.8.2 Ensure nodev option set on /dev/shm partition
1.1.8.3 Ensure noexec option set on /dev/shm partition
1.1.8.4 Ensure nosuid option set on /dev/shm partition
1.2.1 Ensure GPG keys are configured
1.2.2 Ensure gpgcheck is globally activated
1.2.3 Ensure package manager repositories are configured
1.3.1 Ensure AIDE is installed
1.3.2 Ensure filesystem integrity is regularly checked
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools
1.4.1 Ensure bootloader password is set
1.4.2 Ensure permissions on bootloader config are configured
1.5.1 Ensure core dump storage is disabled
1.5.2 Ensure core dump backtraces are disabled
1.5.3 Ensure address space layout randomization (ASLR) is enabled
1.6.1.1 Ensure SELinux is installed
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration
1.6.1.3 Ensure SELinux policy is configured
1.6.1.4 Ensure the SELinux mode is not disabled
1.6.1.6 Ensure no unconfined services exist
1.6.1.8 Ensure the MCS Translation Service (mcstrans) is not installed
1.7.1 Ensure message of the day is configured properly
1.7.2 Ensure local login warning banner is configured properly
1.7.3 Ensure remote login warning banner is configured properly
1.7.4 Ensure permissions on /etc/motd are configured
1.7.5 Ensure permissions on /etc/issue are configured
1.7.6 Ensure permissions on /etc/issue.net are configured
1.8.2 Ensure GDM login banner is configured
1.8.3 Ensure GDM disable-user-list option is enabled
1.8.4 Ensure GDM screen locks when the user is idle
1.8.5 Ensure GDM screen locks cannot be overridden
1.8.8 Ensure GDM autorun-never is enabled
1.8.9 Ensure GDM autorun-never is not overridden