| 1.1.1.8 Ensure mounting of FAT filesystems is disabled - lsmod | CONFIGURATION MANAGEMENT |
| 1.1.1.8 Ensure mounting of FAT filesystems is disabled - modprobe | CONFIGURATION MANAGEMENT |
| 1.1.2 Ensure separate partition exists for /tmp | CONFIGURATION MANAGEMENT |
| 1.1.6 Ensure separate partition exists for /var | CONFIGURATION MANAGEMENT |
| 1.1.7 Ensure separate partition exists for /var/tmp | CONFIGURATION MANAGEMENT |
| 1.1.15 Ensure separate partition exists for /var/log | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 1.1.16 Ensure separate partition exists for /var/log/audit | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 1.1.17 Ensure separate partition exists for /home | CONFIGURATION MANAGEMENT |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/grub.cfg selinux=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/grub.conf enforcing=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/grub.conf selinux=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/menu.lst enforcing=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub/menu.lst selinux=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/grub.cfg enforcing=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/grub.cfg selinux=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/grub.conf enforcing=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/grub.conf selinux=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/menu.lst enforcing=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/menu.lst selinux=0 | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.2 Ensure the SELinux state is enforcing | ACCESS CONTROL |
| 1.6.1.3 Ensure SELinux policy is configured | ACCESS CONTROL |
| 1.6.1.4 Ensure SETroubleshoot is not installed - dpkg | CONFIGURATION MANAGEMENT |
| 1.6.1.4 Ensure SETroubleshoot is not installed - rpm | CONFIGURATION MANAGEMENT |
| 1.6.1.4 Ensure SETroubleshoot is not installed - zypper | CONFIGURATION MANAGEMENT |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed - dpkg | CONFIGURATION MANAGEMENT |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed - rpm | CONFIGURATION MANAGEMENT |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed - zypper | CONFIGURATION MANAGEMENT |
| 1.6.1.6 Ensure no unconfined daemons exist | ACCESS CONTROL |
| 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration - /boot/grub/grub.cfg apparmor=0 | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration - /boot/grub/grub.conf apparmor=0 | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration - /boot/grub/menu.lst apparmor=0 | ACCESS CONTROL |
| 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration - /boot/grub2/grub.cfg apparmor=0 | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration - /boot/grub2/grub.conf apparmor=0 | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration - /boot/grub2/menu.lst apparmor=0 | ACCESS CONTROL |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - 0 processes are unconfirmed | ACCESS CONTROL |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - 0 profiles are in complain mode | ACCESS CONTROL |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profile are loaded | ACCESS CONTROL |
| 1.6.3 Ensure SELinux or AppArmor are installed | |
| 4.1.1.1 Ensure audit log storage size is configured | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'action_mail_acct = root' | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt' | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'space_left_action = email' | AUDIT AND ACCOUNTABILITY |
| 4.1.1.3 Ensure audit logs are not automatically deleted | AUDIT AND ACCOUNTABILITY |
| 4.1.2 Ensure auditd service is enabled | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure auditing for processes that start prior to auditd is enabled | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 4.1.3 Ensure auditing for processes that start prior to auditd is enabled - /boot/grub/grub.conf | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure auditing for processes that start prior to auditd is enabled - /etc/default/grub | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 adjtimex | AUDIT AND ACCOUNTABILITY |
