CIS Oracle Linux 7 Server L1 v3.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Oracle Linux 7 Server L1 v3.0.0

Updated: 7/2/2021

Authority: CIS

Plugin: Unix

Revision: 1.6

Estimated Item Count: 318

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod

CONFIGURATION MANAGEMENT

1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe

CONFIGURATION MANAGEMENT

1.1.1.3 Ensure mounting of udf filesystems is disabled - lsmod

CONFIGURATION MANAGEMENT

1.1.1.3 Ensure mounting of udf filesystems is disabled - modprobe

CONFIGURATION MANAGEMENT

1.1.2 Ensure /tmp is configured

CONFIGURATION MANAGEMENT

1.1.3 Ensure noexec option set on /tmp partition

ACCESS CONTROL

1.1.4 Ensure nodev option set on /tmp partition

ACCESS CONTROL

1.1.5 Ensure nosuid option set on /tmp partition

ACCESS CONTROL

1.1.6 Ensure /dev/shm is configured - fstab

CONFIGURATION MANAGEMENT

1.1.6 Ensure /dev/shm is configured - mount

CONFIGURATION MANAGEMENT

1.1.7 Ensure noexec option set on /dev/shm partition

ACCESS CONTROL

1.1.8 Ensure nodev option set on /dev/shm partition

ACCESS CONTROL

1.1.9 Ensure nosuid option set on /dev/shm partition

ACCESS CONTROL

1.1.12 Ensure noexec option set on /var/tmp partition

ACCESS CONTROL

1.1.13 Ensure nodev option set on /var/tmp partition

ACCESS CONTROL

1.1.14 Ensure nosuid option set on /var/tmp partition

ACCESS CONTROL

1.1.18 Ensure nodev option set on /home partition

ACCESS CONTROL

1.1.19 Ensure noexec option set on removable media partitions

ACCESS CONTROL

1.1.20 Ensure nodev option set on removable media partitions

ACCESS CONTROL

1.1.21 Ensure nosuid option set on removable media partitions

ACCESS CONTROL

1.1.22 Ensure sticky bit is set on all world-writable directories

ACCESS CONTROL

1.1.23 Disable Automounting

CONFIGURATION MANAGEMENT

1.1.24 Disable USB Storage - lsmod

CONFIGURATION MANAGEMENT

1.1.24 Disable USB Storage - modprobe

CONFIGURATION MANAGEMENT

1.2.1 Ensure GPG keys are configured

SYSTEM AND INFORMATION INTEGRITY

1.2.2 Ensure package manager repositories are configured

SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure gpgcheck is globally activated

SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure sudo is installed

CONFIGURATION MANAGEMENT

1.3.2 Ensure sudo commands use pty

ACCESS CONTROL

1.3.3 Ensure sudo log file exists

AUDIT AND ACCOUNTABILITY

1.4.1 Ensure AIDE is installed

CONFIGURATION MANAGEMENT

1.4.2 Ensure filesystem integrity is regularly checked

SYSTEM AND INFORMATION INTEGRITY

1.5.1 Ensure bootloader password is set

ACCESS CONTROL

1.5.2 Ensure permissions on bootloader config are configured - grub.cfg

SYSTEM AND INFORMATION INTEGRITY

1.5.2 Ensure permissions on bootloader config are configured - user.cfg

SYSTEM AND INFORMATION INTEGRITY

1.5.3 Ensure authentication required for single user mode - emergency.service

SYSTEM AND INFORMATION INTEGRITY

1.5.3 Ensure authentication required for single user mode - rescue.service

SYSTEM AND INFORMATION INTEGRITY

1.6.1 Ensure core dumps are restricted - limits.conf limits.d

ACCESS CONTROL

1.6.1 Ensure core dumps are restricted - sysctl

ACCESS CONTROL

1.6.1 Ensure core dumps are restricted - sysctl.conf sysctl.d

ACCESS CONTROL

1.6.1 Ensure core dumps are restricted - systemd-coredump ProcessSizeMax

ACCESS CONTROL

1.6.1 Ensure core dumps are restricted - systemd-coredump Storage

ACCESS CONTROL

1.6.2 Ensure XD/NX support is enabled

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl

SYSTEM AND INFORMATION INTEGRITY

1.6.3 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf sysctl.d

SYSTEM AND INFORMATION INTEGRITY

1.6.4 Ensure prelink is disabled

CONFIGURATION MANAGEMENT

1.7.1.1 Ensure SELinux is installed

CONFIGURATION MANAGEMENT

1.7.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.7.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux = 0

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.7.1.3 Ensure SELinux policy is configured

ACCESS CONTROL