CIS Debian Linux 11 Server L2 v.1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Debian Linux 11 Server L2 v.1.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.20

Estimated Item Count: 69

File Details

Filename: CIS_Debian_Linux_11_v1.0.0_L2_Server.audit

Size: 223 kB

MD5: 08e19c9b979a23d4b945a640ab5bff1f

SHA256: 145ecf08e63dcb4d8679aca52bd426858e0147302df0c9eca9f491a8d785c715

Audit Items

Description	Categories
1.1.1.2 Ensure mounting of squashfs filesystems is disabled
1.1.1.3 Ensure mounting of udf filesystems is disabled
1.1.3.1 Ensure separate partition exists for /var
1.1.4.1 Ensure separate partition exists for /var/tmp
1.1.5.1 Ensure separate partition exists for /var/log
1.1.6.1 Ensure separate partition exists for /var/log/audit
1.1.7.1 Ensure separate partition exists for /home
1.6.1.4 Ensure all AppArmor Profiles are enforcing - complain
1.6.1.4 Ensure all AppArmor Profiles are enforcing - loaded
1.6.1.4 Ensure all AppArmor Profiles are enforcing - unconfined
1.8.1 Ensure GNOME Display Manager is removed
3.1.3 Ensure DCCP is disabled - blacklist
3.1.3 Ensure DCCP is disabled - lsmod
3.1.3 Ensure DCCP is disabled - modprobe
3.1.4 Ensure SCTP is disabled - blacklist
3.1.4 Ensure SCTP is disabled - lsmod
3.1.4 Ensure SCTP is disabled - modprobe
3.1.5 Ensure RDS is disabled - blacklist
3.1.5 Ensure RDS is disabled - lsmod
3.1.5 Ensure RDS is disabled - modprobe
3.1.6 Ensure TIPC is disabled - blacklist
3.1.6 Ensure TIPC is disabled - lsmod
3.1.6 Ensure TIPC is disabled - modprobe
4.1.1.1 Ensure auditd is installed
4.1.1.2 Ensure auditd service is enabled and active - active
4.1.1.2 Ensure auditd service is enabled and active - enabled
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.1.4 Ensure audit_backlog_limit is sufficient
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root'
4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action'
4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email'
4.1.3.1 Ensure changes to system administration scope (sudoers) is collected
4.1.3.2 Ensure actions as another user are always logged
4.1.3.3 Ensure events that modify the sudo log file are collected
4.1.3.4 Ensure events that modify date and time information are collected
4.1.3.5 Ensure events that modify the system's network environment are collected
4.1.3.6 Ensure use of privileged commands are collected
4.1.3.7 Ensure unsuccessful file access attempts are collected
4.1.3.8 Ensure events that modify user/group information are collected
4.1.3.9 Ensure discretionary access control permission modification events are collected
4.1.3.10 Ensure successful file system mounts are collected
4.1.3.11 Ensure session initiation information is collected
4.1.3.12 Ensure login and logout events are collected
4.1.3.13 Ensure file deletion events by users are collected
4.1.3.14 Ensure events that modify the system's Mandatory Access Controls are collected
4.1.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded
4.1.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded
4.1.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded

Detections

Analytics

CIS Debian Linux 11 Server L2 v.1.0.0

Warning! Audit Deprecated

Audit Details

File Details

Audit Items