Detections
Analytics

CIS Debian Linux 11 Workstation L2 v.1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Debian Linux 11 Workstation L2 v.1.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.21

Estimated Item Count: 75

File Details

Filename: CIS_Debian_Linux_11_v1.0.0_L2_Workstation.audit

Size: 251 kB

MD5: 84775be988619560e8c9cae063075ee5
SHA256: d60050c9a0411f8d9cbd3ffb283aac4774ea73bba4badb3cb045f1af6d755b53

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of squashfs filesystems is disabled
1.1.1.3 Ensure mounting of udf filesystems is disabled
1.1.3.1 Ensure separate partition exists for /var
1.1.4.1 Ensure separate partition exists for /var/tmp
1.1.5.1 Ensure separate partition exists for /var/log
1.1.6.1 Ensure separate partition exists for /var/log/audit
1.1.7.1 Ensure separate partition exists for /home
1.1.9 Disable Automounting
1.1.10 Disable USB Storage - blacklist
1.1.10 Disable USB Storage - lsmod
1.1.10 Disable USB Storage - modprobe
1.6.1.4 Ensure all AppArmor Profiles are enforcing - complain
1.6.1.4 Ensure all AppArmor Profiles are enforcing - loaded
1.6.1.4 Ensure all AppArmor Profiles are enforcing - unconfined
1.8.6 Ensure GDM automatic mounting of removable media is disabled
1.8.7 Ensure GDM disabling automatic mounting of removable media is not overridden
2.2.3 Ensure CUPS is not installed
3.1.2 Ensure wireless interfaces are disabled
3.1.3 Ensure DCCP is disabled - blacklist
3.1.3 Ensure DCCP is disabled - lsmod
3.1.3 Ensure DCCP is disabled - modprobe
3.1.4 Ensure SCTP is disabled - blacklist
3.1.4 Ensure SCTP is disabled - lsmod
3.1.4 Ensure SCTP is disabled - modprobe
3.1.5 Ensure RDS is disabled - blacklist
3.1.5 Ensure RDS is disabled - lsmod
3.1.5 Ensure RDS is disabled - modprobe
3.1.6 Ensure TIPC is disabled - blacklist
3.1.6 Ensure TIPC is disabled - lsmod
3.1.6 Ensure TIPC is disabled - modprobe
4.1.1.1 Ensure auditd is installed
4.1.1.2 Ensure auditd service is enabled and active - active
4.1.1.2 Ensure auditd service is enabled and active - enabled
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.1.4 Ensure audit_backlog_limit is sufficient
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root'
4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action'
4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email'
4.1.3.1 Ensure changes to system administration scope (sudoers) is collected
4.1.3.2 Ensure actions as another user are always logged
4.1.3.3 Ensure events that modify the sudo log file are collected
4.1.3.4 Ensure events that modify date and time information are collected
4.1.3.5 Ensure events that modify the system's network environment are collected
4.1.3.6 Ensure use of privileged commands are collected
4.1.3.7 Ensure unsuccessful file access attempts are collected
4.1.3.8 Ensure events that modify user/group information are collected
4.1.3.9 Ensure discretionary access control permission modification events are collected
4.1.3.10 Ensure successful file system mounts are collected