Mar 24, 2020 Added- 5.3.3 Ensure password reuse is limited
Removed- 5.3.3 Ensure password reuse is limited - pam_pwhistory.so
- 5.3.3 Ensure password reuse is limited - pam_unix.so
|
Jan 15, 2020 Miscellaneous- Audit deprecated.
- Metadata updated.
|
Jul 22, 2019 Functional Update- 1.5.1 Ensure core dumps are restricted - limits.conf
- 5.4.2 Ensure system accounts are non-login
Informational Update- 5.4.2 Ensure system accounts are non-login
|
May 21, 2019 Functional Update- 2.2.15 Ensure mail transfer agent is configured for local-only mode - main.cf
|
Mar 4, 2019 Functional Update- 1.7.2 Ensure GDM login banner is configured - banner-message-text
Added- 1.7.1.1 Ensure message of the day is configured properly - banner text
- 1.7.1.1 Ensure message of the day is configured properly - mrsv
- 1.7.1.2 Ensure local login warning banner is configured properly - banner text
- 1.7.1.2 Ensure local login warning banner is configured properly - mrsv
- 1.7.1.3 Ensure remote login warning banner is configured properly - banner text
- 1.7.1.3 Ensure remote login warning banner is configured properly - mrsv
Removed- 1.7.1.1 Ensure message of the day is configured properly
- 1.7.1.2 Ensure local login warning banner is configured properly
- 1.7.1.3 Ensure remote login warning banner is configured properly
|
Feb 7, 2019 Miscellaneous- Metadata updated.
- References updated.
|
Dec 13, 2018 |
Aug 20, 2018 Functional Update- 1.5.1 Ensure core dumps are restricted - limits.conf
- 1.5.1 Ensure core dumps are restricted - sysctl
- 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl
|
Aug 14, 2018 Functional Update- 1.5.1 Ensure core dumps are restricted - sysctl.conf
- 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf
- 3.1.1 Ensure IP forwarding is disabled - /etc/sysctl
- 3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl ipv4 all send
- 3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl ipv4 default send
- 3.2.1 Ensure source routed packets are not accepted - /etc/sysctl ipv4 all acccept
- 3.2.1 Ensure source routed packets are not accepted - /etc/sysctl ipv4 default accept
- 3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 all accept
- 3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 default accept
- 3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 all secure
- 3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 default secure
- 3.2.4 Ensure suspicious packets are logged - /etc/sysctl ipv4 all log_martians
- 3.2.4 Ensure suspicious packets are logged - /etc/sysctl ipv4 default log_martians
- 3.2.5 Ensure broadcast ICMP requests are ignored - /etc/sysctl
- 3.2.6 Ensure bogus ICMP responses are ignored - /etc/sysctl
- 3.2.7 Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 all rp_filter
- 3.2.7 Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 default rp_filter
- 3.2.8 Ensure TCP SYN Cookies is enabled - /etc/sysctl
- 3.3.1 Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 all accept
- 3.3.1 Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 default accept
- 3.3.2 Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 all accept
- 3.3.2 Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 default accept
- 3.7 Ensure wireless interfaces are disabled
- 5.4.1.5 Ensure all users last password change date is in the past
- 5.5 Ensure root login is restricted to system console
Informational Update- 1.4.4 Ensure interactive boot is not enabled
- 2.2.1.2 NTP is not installed - restrict -4
- 2.2.1.2 NTP is not installed - restrict -6
- 2.2.1.2 NTP is not installed - server
- 2.2.1.3 chrony is not installed - NTP server
- 2.2.1.3 chrony is not installed - User
- 4.2.1.2 Ensure logging is configured
- 4.2.2.2 Ensure logging is configured
- 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts
- 4.3 Ensure logrotate is configured
- 5.2.11 Ensure only approved MAC algorithms are used
- 6.1.11 Audit SUID executables
- 6.1.12 Audit SGID executables
- 6.1.13 Audit SUID executables
- 6.1.14 Audit SGID executables
|