Jan 10, 2023 Functional Update- 4.2.2.1 Ensure journald is configured to send logs to rsyslog
- 4.2.2.2 Ensure journald is configured to compress large log files
- 4.2.2.3 Ensure journald is configured to write logfiles to persistent disk
- 5.4.1 Ensure password creation requirements are configured - retry
- 5.4.1 Ensure password creation requirements are configured - try_first_pass
|
Jan 4, 2023 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
- Variables updated.
|
Dec 7, 2022 Functional Update- 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
- 5.4.1 Ensure password creation requirements are configured - minlen
- 5.4.1 Ensure password creation requirements are configured - retry
|
Sep 19, 2022 Functional Update- 5.5.1.5 Ensure all users last password change date is in the past
|
Jul 27, 2022 Functional Update- 5.2.10 Ensure SSH root login is disabled
- 5.2.11 Ensure SSH PermitEmptyPasswords is disabled
- 5.2.12 Ensure SSH PermitUserEnvironment is disabled
- 5.2.2 Ensure SSH access is limited
- 5.2.5 Ensure SSH LogLevel is appropriate
- 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less
- 5.2.8 Ensure SSH IgnoreRhosts is enabled
- 5.2.9 Ensure SSH HostbasedAuthentication is disabled
|
Apr 25, 2022 Miscellaneous- References updated.
- Variables updated.
|
Mar 29, 2022 Miscellaneous- Metadata updated.
- References updated.
|
Jun 17, 2021 Miscellaneous- Metadata updated.
- References updated.
|
Oct 14, 2020 Functional Update- 4.2.3 Ensure permissions on all logfiles are configured
|
Oct 5, 2020 Functional Update- 1.4.2 Ensure filesystem integrity is regularly checked
- 2.2.1.2 Ensure chrony is configured - ntp server
- 2.2.1.2 Ensure chrony is configured - user
- 3.4.1.1 Ensure a Firewall package is installed
- 3.4.4.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARD
- 3.4.4.2.1 Ensure IPv6 default deny firewall policy - Chain INPUT
- 3.4.4.2.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT
- 3.4.4.2.2 Ensure IPv6 loopback traffic is configured - INPUT
- 3.4.4.2.2 Ensure IPv6 loopback traffic is configured - OUTPUT
- 3.4.4.2.3 Ensure IPv6 outbound and established connections are configured
- 3.4.4.2.4 Ensure IPv6 firewall rules exist for all open ports
- 4.2.1.1 Ensure rsyslog is installed
- 4.2.1.2 Ensure rsyslog Service is enabled
- 4.2.1.3 Ensure rsyslog default file permissions configured
- 4.2.1.4 Ensure logging is configured
- 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host
- 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - InputTCPServerRun 514
- 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. - ModLoad imtcp
- 5.4.1 Ensure password creation requirements are configured - password complexity
|