Detections
Analytics

CIS Debian Linux 12 v1.0.1 L1 Server

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Debian Linux 12 v1.0.1 L1 Server

Updated: 10/29/2024

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 240

File Details

Filename: CIS_Debian_Linux_12_v1.0.1_L1_Server.audit

Size: 766 kB

MD5: 4ab03a9a08333ead0f3e9e6139e5d91b
SHA256: 03b51aecb7171e18da6dad2c78e6cc16ef8dcdea4af5d71012aa4fd167ad2a78

Audit Items

DescriptionCategories
1.1.1.1 Ensure cramfs kernel module is not available
1.1.1.2 Ensure freevxfs kernel module is not available
1.1.1.3 Ensure hfs kernel module is not available
1.1.1.4 Ensure hfsplus kernel module is not available
1.1.1.5 Ensure jffs2 kernel module is not available
1.1.1.8 Ensure usb-storage kernel module is not available
1.1.2.1.1 Ensure /tmp is a separate partition
1.1.2.1.2 Ensure nodev option set on /tmp partition
1.1.2.1.3 Ensure nosuid option set on /tmp partition
1.1.2.1.4 Ensure noexec option set on /tmp partition
1.1.2.2.1 Ensure /dev/shm is a separate partition
1.1.2.2.2 Ensure nodev option set on /dev/shm partition
1.1.2.2.3 Ensure nosuid option set on /dev/shm partition
1.1.2.2.4 Ensure noexec option set on /dev/shm partition
1.1.2.3.2 Ensure nodev option set on /home partition
1.1.2.3.3 Ensure nosuid option set on /home partition
1.1.2.4.2 Ensure nodev option set on /var partition
1.1.2.4.3 Ensure nosuid option set on /var partition
1.1.2.5.2 Ensure nodev option set on /var/tmp partition
1.1.2.5.3 Ensure nosuid option set on /var/tmp partition
1.1.2.5.4 Ensure noexec option set on /var/tmp partition
1.1.2.6.2 Ensure nodev option set on /var/log partition
1.1.2.6.3 Ensure nosuid option set on /var/log partition
1.1.2.6.4 Ensure noexec option set on /var/log partition
1.1.2.7.2 Ensure nodev option set on /var/log/audit partition
1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition
1.1.2.7.4 Ensure noexec option set on /var/log/audit partition
1.2.1.1 Ensure GPG keys are configured
1.2.1.2 Ensure package manager repositories are configured
1.2.2.1 Ensure updates, patches, and additional security software are installed
1.3.1.1 Ensure AppArmor is installed
1.3.1.2 Ensure AppArmor is enabled in the bootloader configuration
1.3.1.3 Ensure all AppArmor Profiles are in enforce or complain mode
1.4.1 Ensure bootloader password is set
1.4.2 Ensure access to bootloader config is configured
1.5.1 Ensure address space layout randomization is enabled
1.5.2 Ensure ptrace_scope is restricted
1.5.3 Ensure core dumps are restricted
1.5.4 Ensure prelink is not installed
1.6.1 Ensure message of the day is configured properly
1.6.2 Ensure local login warning banner is configured properly
1.6.3 Ensure remote login warning banner is configured properly
1.6.4 Ensure access to /etc/motd is configured
1.6.5 Ensure access to /etc/issue is configured
1.6.6 Ensure access to /etc/issue.net is configured
1.7.2 Ensure GDM login banner is configured
1.7.3 Ensure GDM disable-user-list option is enabled
1.7.4 Ensure GDM screen locks when the user is idle
1.7.5 Ensure GDM screen locks cannot be overridden
1.7.6 Ensure GDM automatic mounting of removable media is disabled