Feb 8, 2022 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Oct 5, 2021 Functional Update- 2.1.1.3 Ensure chrony is configured - OPTIONS
- 5.4.1.5 Ensure all users last password change date is in the past
|
Aug 4, 2021 Functional Update- 1.5.1 Ensure core dumps are restricted - /etc/sysctl.conf, /etc/sysctl.d/*
|
Jun 17, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Jun 9, 2021 Functional Update- 1.4.2 Ensure authentication required for single user mode - emergency.service
- 1.4.2 Ensure authentication required for single user mode - rescue.service
- 1.5.1 Ensure core dumps are restricted - /etc/sysctl.conf, /etc/sysctl.d/*
|
May 14, 2021 Functional Update- 3.5.2.2 Ensure IPv6 loopback traffic is configured - OUTPUT
Miscellaneous- Platform check updated.
- References updated.
Added- 3.5.2.2 Ensure IPv6 loopback traffic is configured - INPUT ACCEPT
- 3.5.2.2 Ensure IPv6 loopback traffic is configured - INPUT DROP
- CIS_Amazon_Linux_2_v1.0.0_L1.audit from CIS Amazon Linux 2 Benchmark Level 1
Removed- 3.5.2.2 Ensure IPv6 loopback traffic is configured - INPUT
- CIS Amazon Linux 2 Benchmark Level 1
|
Apr 21, 2021 Functional Update- 5.4.1.4 Ensure inactive password lock is 30 days or less - useradd
- 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bashrc
- 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile
- 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile.d/*.sh
|
Mar 22, 2021 Functional Update- 3.5.1.1 Ensure default deny firewall policy - Chain FORWARD
- 3.5.1.1 Ensure default deny firewall policy - Chain INPUT
- 3.5.1.1 Ensure default deny firewall policy - Chain OUTPUT
- 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARD
- 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain INPUT
- 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT
- 3.5.2.2 Ensure IPv6 loopback traffic is configured - INPUT
- 3.5.2.2 Ensure IPv6 loopback traffic is configured - OUTPUT
Miscellaneous- Metadata updated.
- References updated.
|
Oct 14, 2020 Functional Update- 4.2.4 Ensure permissions on all logfiles are configured
|
Oct 5, 2020 Functional Update- 2.1.1.1 Ensure time synchronization is in use
- 2.1.1.2 Ensure ntp is configured - daemon
- 2.1.1.2 Ensure ntp is configured - remote server
- 2.1.1.2 Ensure ntp is configured - restrict -4
- 2.1.1.2 Ensure ntp is configured - restrict -6
- 2.1.1.3 Ensure chrony is configured - OPTIONS
- 2.1.1.3 Ensure chrony is configured - remote server
- 4.2.1.1 Ensure rsyslog Service is enabled
- 4.2.1.2 Ensure logging is configured
- 4.2.1.3 Ensure rsyslog default file permissions configured
- 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - $InputTCPServerRun 514
- 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - $ModLoad imtcp
- 4.2.2.1 Ensure syslog-ng service is enabled
- 4.2.2.2 Ensure logging is configured
- 4.2.2.3 Ensure syslog-ng default file permissions configured
- 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserver
- 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log src
- 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts
- 4.2.3 Ensure rsyslog or syslog-ng is installed
|
