Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
CIS Debian 10 Workstation L2 v2.0.0
Changelog
Revision 1.7
Changelog
Revision 1.7
Jun 6, 2024
Functional Update
1.1.1.6 Ensure mounting of squashfs filesystems is disabled
1.1.1.7 Ensure mounting of udf filesystems is disabled
1.1.10 Disable USB Storage
1.1.3.1 Ensure separate partition exists for /var
1.1.4.1 Ensure separate partition exists for /var/tmp
1.1.5.1 Ensure separate partition exists for /var/log
1.1.6.1 Ensure separate partition exists for /var/log/audit
1.1.7.1 Ensure separate partition exists for /home
1.1.9 Disable Automounting
1.6.1.4 Ensure all AppArmor Profiles are enforcing
2.2.3 Ensure CUPS is not installed
3.1.4 Ensure DCCP is disabled
3.1.5 Ensure SCTP is disabled
3.1.6 Ensure RDS is disabled
3.1.7 Ensure TIPC is disabled
4.2.16 Ensure SSH AllowTcpForwarding is disabled
4.3.4 Ensure users must provide password for privilege escalation
4.5.6 Ensure nologin is not listed in /etc/shells
5.2.1.1 Ensure auditd is installed
5.2.1.2 Ensure auditd service is enabled and active
5.2.2.1 Ensure audit log storage size is configured
5.2.2.2 Ensure audit logs are not automatically deleted
5.2.2.3 Ensure system is disabled when audit logs are full
5.2.3.1 Ensure changes to system administration scope (sudoers) is collected
5.2.3.10 Ensure successful file system mounts are collected
5.2.3.11 Ensure session initiation information is collected
5.2.3.12 Ensure login and logout events are collected
5.2.3.13 Ensure file deletion events by users are collected
5.2.3.14 Ensure events that modify the system's Mandatory Access Controls are collected
5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded
5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded
5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded
5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded
5.2.3.19 Ensure kernel module loading unloading and modification is collected
5.2.3.2 Ensure actions as another user are always logged
5.2.3.20 Ensure the audit configuration is immutable
5.2.3.21 Ensure the running and on disk configuration is the same
5.2.3.3 Ensure events that modify the sudo log file are collected
5.2.3.4 Ensure events that modify date and time information are collected
5.2.3.5 Ensure events that modify the system's network environment are collected
5.2.3.6 Ensure use of privileged commands are collected
5.2.3.7 Ensure unsuccessful file access attempts are collected
5.2.3.8 Ensure events that modify user/group information are collected
5.2.3.9 Ensure discretionary access control permission modification events are collected
5.2.4.10 Ensure audit tools belong to group root
5.2.4.3 Ensure only authorized groups are assigned ownership of audit log files
5.2.4.4 Ensure the audit log directory is 0750 or more restrictive
5.2.4.8 Ensure audit tools are 755 or more restrictive
5.2.4.9 Ensure audit tools are owned by root
Informational Update
1.1.1.6 Ensure mounting of squashfs filesystems is disabled
1.1.1.7 Ensure mounting of udf filesystems is disabled
1.1.10 Disable USB Storage
1.1.3.1 Ensure separate partition exists for /var
1.1.4.1 Ensure separate partition exists for /var/tmp
1.1.5.1 Ensure separate partition exists for /var/log
1.1.6.1 Ensure separate partition exists for /var/log/audit
1.1.7.1 Ensure separate partition exists for /home
1.1.9 Disable Automounting
1.6.1.4 Ensure all AppArmor Profiles are enforcing
1.8.6 Ensure GDM automatic mounting of removable media is disabled
1.8.7 Ensure GDM disabling automatic mounting of removable media is not overridden
2.2.3 Ensure CUPS is not installed
3.1.4 Ensure DCCP is disabled
3.1.5 Ensure SCTP is disabled
3.1.6 Ensure RDS is disabled
3.1.7 Ensure TIPC is disabled
4.2.16 Ensure SSH AllowTcpForwarding is disabled
4.3.4 Ensure users must provide password for privilege escalation
4.5.6 Ensure nologin is not listed in /etc/shells
5.2.1.1 Ensure auditd is installed
5.2.1.2 Ensure auditd service is enabled and active
5.2.1.3 Ensure auditing for processes that start prior to auditd is enabled
5.2.1.4 Ensure audit_backlog_limit is sufficient
5.2.2.1 Ensure audit log storage size is configured
5.2.2.2 Ensure audit logs are not automatically deleted
5.2.2.3 Ensure system is disabled when audit logs are full
5.2.3.1 Ensure changes to system administration scope (sudoers) is collected
5.2.3.10 Ensure successful file system mounts are collected
5.2.3.11 Ensure session initiation information is collected
5.2.3.12 Ensure login and logout events are collected
5.2.3.13 Ensure file deletion events by users are collected
5.2.3.14 Ensure events that modify the system's Mandatory Access Controls are collected
5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded
5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded
5.2.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded
5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded
5.2.3.19 Ensure kernel module loading unloading and modification is collected
5.2.3.2 Ensure actions as another user are always logged
5.2.3.20 Ensure the audit configuration is immutable
5.2.3.21 Ensure the running and on disk configuration is the same
5.2.3.3 Ensure events that modify the sudo log file are collected
5.2.3.4 Ensure events that modify date and time information are collected
5.2.3.5 Ensure events that modify the system's network environment are collected
5.2.3.6 Ensure use of privileged commands are collected
5.2.3.7 Ensure unsuccessful file access attempts are collected
5.2.3.8 Ensure events that modify user/group information are collected
5.2.3.9 Ensure discretionary access control permission modification events are collected
5.2.4.1 Ensure audit log files are mode 0640 or less permissive
5.2.4.10 Ensure audit tools belong to group root
5.2.4.2 Ensure only authorized users own audit log files
5.2.4.3 Ensure only authorized groups are assigned ownership of audit log files
5.2.4.4 Ensure the audit log directory is 0750 or more restrictive
5.2.4.5 Ensure audit configuration files are 640 or more restrictive
5.2.4.6 Ensure audit configuration files are owned by root
5.2.4.7 Ensure audit configuration files belong to group root
5.2.4.8 Ensure audit tools are 755 or more restrictive
5.2.4.9 Ensure audit tools are owned by root
Miscellaneous
Metadata updated.
References updated.
Variables updated.