Jan 6, 2025 Informational Update- 1.1.1.1 Ensure cramfs kernel module is not available
- 1.1.1.2 Ensure freevxfs kernel module is not available
- 1.1.1.3 Ensure hfs kernel module is not available
- 1.1.1.4 Ensure hfsplus kernel module is not available
- 1.1.1.5 Ensure jffs2 kernel module is not available
- 1.1.1.9 Ensure usb-storage kernel module is not available
- 1.7.2 Ensure GDM login banner is configured
- 1.7.3 Ensure GDM disable-user-list option is enabled
- 1.7.4 Ensure GDM screen locks when the user is idle
- 1.7.6 Ensure GDM automatic mounting of removable media is disabled
- 1.7.8 Ensure GDM autorun-never is enabled
- 2.2.4 Ensure telnet client is not installed
- 2.2.6 Ensure ftp client is not installed
- 2.3.2.1 Ensure systemd-timesyncd configured with authorized timeserver
- 2.3.3.1 Ensure chrony is configured with authorized timeserver
- 2.4.1.8 Ensure crontab is restricted to authorized users
- 2.4.2.1 Ensure at is restricted to authorized users
- 3.1.2 Ensure wireless interfaces are disabled
- 5.1.2 Ensure permissions on SSH private host key files are configured
- 5.1.3 Ensure permissions on SSH public host key files are configured
- 5.3.3.2.1 Ensure password number of changed characters is configured
- 5.3.3.2.2 Ensure minimum password length is configured
- 5.3.3.2.3 Ensure password complexity is configured
- 5.3.3.2.4 Ensure password same consecutive characters is configured
- 5.3.3.2.5 Ensure password maximum sequential characters is configured
- 5.3.3.2.6 Ensure password dictionary check is enabled
- 5.3.3.2.7 Ensure password quality checking is enforced
- 5.3.3.2.8 Ensure password quality is enforced for the root user
- 5.4.2.7 Ensure system accounts do not have a valid login shell
- 5.4.2.8 Ensure accounts without a valid login shell are locked
- 5.4.3.3 Ensure default user umask is configured
- 6.1.1.3 Ensure journald log file rotation is configured
- 6.1.2.1.2 Ensure systemd-journal-upload authentication is configured
- 6.1.2.2 Ensure journald ForwardToSyslog is disabled
- 6.1.2.3 Ensure journald Compress is configured
- 6.1.2.4 Ensure journald Storage is configured
- 6.1.3.3 Ensure journald is configured to send logs to rsyslog
- 6.1.3.4 Ensure rsyslog log file creation mode is configured
- 6.1.3.6 Ensure rsyslog is configured to send logs to a remote log host
- 6.1.4.1 Ensure access to all logfiles has been configured
- 7.1.10 Ensure permissions on /etc/security/opasswd are configured
- 7.1.11 Ensure world writable files and directories are secured
- 7.2.10 Ensure local interactive user dot files access is configured
- 7.2.9 Ensure local interactive user home directories are configured
|
Nov 6, 2024 Functional Update- 7.1.11 Ensure world writable files and directories are secured
- 7.1.12 Ensure no files or directories without an owner and a group exist
- 7.1.13 Ensure SUID and SGID files are reviewed
|
