CIS CentOS 6 Workstation L1 v2.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS CentOS 6 Workstation L1 v2.1.0

Updated: 11/1/2021

Authority: CIS

Plugin: Unix

Revision: 1.29

Estimated Item Count: 276

File Details

Filename: CIS_CentOS_6_Workstation_L1_v2.1.0.audit

Size: 376 kB

MD5: 7ce5cbcf4613df64096636e5cfe9bcae

SHA256: 7bf38527130b8e88f7bbc1d623d62ed96194518d13d4b5d68e2831ae7ff107d5

Audit Items

Description	Categories
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/CIS.conf	CONFIGURATION MANAGEMENT
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	CONFIGURATION MANAGEMENT
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - /etc/modprobe.d/CIS.conf	CONFIGURATION MANAGEMENT
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmod	CONFIGURATION MANAGEMENT
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - /etc/modprobe.d/CIS.conf	CONFIGURATION MANAGEMENT
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled- lsmod	CONFIGURATION MANAGEMENT
1.1.1.4 Ensure mounting of hfs filesystems is disabled - /etc/modprobe.d/CIS.conf	CONFIGURATION MANAGEMENT
1.1.1.4 Ensure mounting of hfs filesystems is disabled- lsmod	CONFIGURATION MANAGEMENT
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - /etc/modprobe.d/CIS.conf	CONFIGURATION MANAGEMENT
1.1.1.5 Ensure mounting of hfsplus filesystems is disabled- lsmod	CONFIGURATION MANAGEMENT
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - /etc/modprobe.d/CIS.conf	CONFIGURATION MANAGEMENT
1.1.1.6 Ensure mounting of squashfs filesystems is disabled- lsmod	CONFIGURATION MANAGEMENT
1.1.1.7 Ensure mounting of udf filesystems is disabled - /etc/modprobe.d/CIS.conf	CONFIGURATION MANAGEMENT
1.1.1.7 Ensure mounting of udf filesystems is disabled- lsmod	CONFIGURATION MANAGEMENT
1.1.3 Ensure nodev option set on /tmp partition	ACCESS CONTROL
1.1.4 Ensure nosuid option set on /tmp partition	ACCESS CONTROL
1.1.5 Ensure noexec option set on /tmp partition	ACCESS CONTROL
1.1.8 Ensure nodev option set on /var/tmp partition	ACCESS CONTROL
1.1.9 Ensure nosuid option set on /var/tmp partition	ACCESS CONTROL
1.1.10 Ensure noexec option set on /var/tmp partition	ACCESS CONTROL
1.1.14 Ensure nodev option set on /home partition	ACCESS CONTROL
1.1.15 Ensure nodev option set on /dev/shm partition	ACCESS CONTROL
1.1.16 Ensure nosuid option set on /dev/shm partition	ACCESS CONTROL
1.1.17 Ensure noexec option set on /dev/shm partition	ACCESS CONTROL
1.1.18 Ensure nodev option set on removable media partitions	CONFIGURATION MANAGEMENT
1.1.19 Ensure nosuid option set on removable media partitions	CONFIGURATION MANAGEMENT
1.1.20 Ensure noexec option set on removable media partitions	CONFIGURATION MANAGEMENT
1.1.21 Ensure sticky bit is set on all world-writable directories	ACCESS CONTROL
1.2.1 Ensure package manager repositories are configured	SYSTEM AND INFORMATION INTEGRITY
1.2.2 Ensure GPG keys are configured	SYSTEM AND INFORMATION INTEGRITY
1.2.3 Ensure gpgcheck is globally activated	SYSTEM AND INFORMATION INTEGRITY
1.3.1 Ensure AIDE is installed	CONFIGURATION MANAGEMENT
1.3.2 Ensure filesystem integrity is regularly checked	SYSTEM AND INFORMATION INTEGRITY
1.4.1 Ensure permissions on bootloader config are configured	SYSTEM AND INFORMATION INTEGRITY
1.4.2 Ensure bootloader password is set	SYSTEM AND INFORMATION INTEGRITY
1.4.3 Ensure authentication required for single user mode - rescue.service	SYSTEM AND INFORMATION INTEGRITY
1.4.4 Ensure interactive boot is not enabled	SYSTEM AND INFORMATION INTEGRITY
1.5.1 Ensure core dumps are restricted - limits.conf, limits.d/*	ACCESS CONTROL
1.5.1 Ensure core dumps are restricted - sysctl	ACCESS CONTROL
1.5.2 Ensure XD/NX support is enabled	SYSTEM AND INFORMATION INTEGRITY
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*	SYSTEM AND INFORMATION INTEGRITY
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl	SYSTEM AND INFORMATION INTEGRITY
1.5.4 Ensure prelink is disabled	CONFIGURATION MANAGEMENT
1.7.1.1 Ensure message of the day is configured properly - banner text	ACCESS CONTROL
1.7.1.1 Ensure message of the day is configured properly - mrsv	CONFIGURATION MANAGEMENT
1.7.1.2 Ensure local login warning banner is configured properly - banner text	ACCESS CONTROL
1.7.1.2 Ensure local login warning banner is configured properly - mrsv	CONFIGURATION MANAGEMENT
1.7.1.3 Ensure remote login warning banner is configured properly - banner text	ACCESS CONTROL
1.7.1.3 Ensure remote login warning banner is configured properly - mrsv	CONFIGURATION MANAGEMENT
1.7.1.4 Ensure permissions on /etc/motd are configured	CONFIGURATION MANAGEMENT

Detections

Analytics

CIS CentOS 6 Workstation L1 v2.1.0

Warning! Audit Deprecated

Audit Details

File Details

Audit Items