1.1.1.2 Ensure mounting of squashfs filesystems is disabled

CSCv7|9.2

1.1.1.3 Ensure mounting of udf filesystems is disabled

1.1.3.1 Ensure separate partition exists for /var

CSCv7|14.6

1.1.4.1 Ensure separate partition exists for /var/tmp

1.1.5.1 Ensure separate partition exists for /var/log

CSCv7|6.4

1.1.6.1 Ensure separate partition exists for /var/log/audit

1.1.7.1 Ensure separate partition exists for /home

1.6.1.4 Ensure all AppArmor Profiles are enforcing - complain

1.6.1.4 Ensure all AppArmor Profiles are enforcing - loaded

1.6.1.4 Ensure all AppArmor Profiles are enforcing - unconfined

1.8.1 Ensure GNOME Display Manager is removed

3.1.3 Ensure DCCP is disabled - blacklist

3.1.4 Ensure SCTP is disabled - blacklist

3.1.6 Ensure TIPC is disabled - blacklist

CSCv7|6.2

4.1.1.2 Ensure auditd service is enabled and active - active

CSCv7|6.3

4.1.1.2 Ensure auditd service is enabled and active - enabled

4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled

4.1.1.4 Ensure audit_backlog_limit is sufficient

4.1.2.1 Ensure audit log storage size is configured

4.1.2.2 Ensure audit logs are not automatically deleted

4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root'

4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action'

4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email'

4.1.3.1 Ensure changes to system administration scope (sudoers) is collected

CSCv7|4.8

4.1.3.2 Ensure actions as another user are always logged

CSCv7|4.9

4.1.3.3 Ensure events that modify the sudo log file are collected

4.1.3.4 Ensure events that modify date and time information are collected

CSCv7|5.5

4.1.3.5 Ensure events that modify the system's network environment are collected

4.1.3.6 Ensure use of privileged commands are collected

4.1.3.7 Ensure unsuccessful file access attempts are collected

CSCv7|14.9

4.1.3.8 Ensure events that modify user/group information are collected

4.1.3.9 Ensure discretionary access control permission modification events are collected

4.1.3.10 Ensure successful file system mounts are collected

4.1.3.11 Ensure session initiation information is collected

CSCv7|16.13

4.1.3.12 Ensure login and logout events are collected

CSCv7|16.11

4.1.3.13 Ensure file deletion events by users are collected

4.1.3.14 Ensure events that modify the system's Mandatory Access Controls are collected

4.1.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded

4.1.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded

4.1.3.17 Ensure successful and unsuccessful attempts to use the chacl command are recorded

4.1.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded

4.1.3.19 Ensure kernel module loading unloading and modification is collected

4.1.3.20 Ensure the audit configuration is immutable

4.1.3.21 Ensure the running and on disk configuration is the same

4.1.4.1 Ensure audit log files are mode 0640 or less permissive

4.1.4.2 Ensure only authorized users own audit log files

4.1.4.3 Ensure only authorized groups are assigned ownership of audit log files

4.1.4.3 Ensure only authorized groups are assigned ownership of audit log files - auditd.conf log_group

4.1.4.4 Ensure the audit log directory is 0750 or more restrictive

4.1.4.5 Ensure audit configuration files are 640 or more restrictive

4.1.4.6 Ensure audit configuration files are owned by root

4.1.4.7 Ensure audit configuration files belong to group root

4.1.4.8 Ensure audit tools are 755 or more restrictive

4.1.4.9 Ensure audit tools are owned by root

4.1.4.10 Ensure audit tools belong to group root

5.2.12 Ensure SSH X11 forwarding is disabled

5.2.16 Ensure SSH AllowTcpForwarding is disabled

5.3.4 Ensure users must provide password for privilege escalation

CSCv7|4.3

CIS_Debian_Linux_11_v1.0.0_L2_Server.audit from CIS Debian Linux 11 Benchmark

Detections

Analytics

Revision 1.12

Oct 24, 2023

Functional Update

Miscellaneous