Detections
Analytics

CIS Oracle Linux 7 Workstation L2 v3.1.1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Oracle Linux 7 Workstation L2 v3.1.1

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.12

Estimated Item Count: 132

File Details

Filename: CIS_Oracle_Linux_7_v3.1.1_Workstation_L2.audit

Size: 368 kB

MD5: a431db3157ae15e5b924d642880170c5
SHA256: df7c13ec438e505ded2f9a0a74cbcf06f2130195ae335c2b6d23bc1a371db24f

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmod
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobe
1.1.10 Ensure separate partition exists for /var
1.1.11 Ensure separate partition exists for /var/tmp
1.1.15 Ensure separate partition exists for /var/log
1.1.16 Ensure separate partition exists for /var/log/audit
1.1.17 Ensure separate partition exists for /home
1.1.23 Disable Automounting
1.1.24 Disable USB Storage - lsmod
1.1.24 Disable USB Storage - modprobe
1.6.1.5 Ensure the SELinux mode is enforcing - /etc/selinux/config
1.6.1.5 Ensure the SELinux mode is enforcing - getenforce
2.2.3 Ensure Avahi Server is not installed - avahi
2.2.3 Ensure Avahi Server is not installed - avahi-autoipd
3.1.1 Disable IPv6
3.1.2 Ensure wireless interfaces are disabled
3.4.1 Ensure DCCP is disabled - lsmod
3.4.2 Ensure SCTP is disabled - lsmod
3.4.2 Ensure SCTP is disabled - modprobe
4.1.1.1 Ensure auditd is installed - audit
4.1.1.1 Ensure auditd is installed - audit-libs
4.1.1.2 Ensure auditd service is enabled and running - enabled
4.1.1.2 Ensure auditd service is enabled and running - running
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root'
4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt'
4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email'
4.1.2.4 Ensure audit_backlog_limit is sufficient
4.1.3 Ensure events that modify date and time information are collected - auditctl /etc/localtime
4.1.3 Ensure events that modify date and time information are collected - /etc/localtime
4.1.3 Ensure events that modify date and time information are collected - adjtimex (32-bit)
4.1.3 Ensure events that modify date and time information are collected - adjtimex (64-bit)
4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit)
4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)
4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit)
4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit)
4.1.3 Ensure events that modify date and time information are collected - clock_settime (32-bit)
4.1.3 Ensure events that modify date and time information are collected - clock_settime (64-bit)
4.1.4 Ensure events that modify user/group information are collected - '/etc/group'
4.1.4 Ensure events that modify user/group information are collected - '/etc/gshadow'
4.1.4 Ensure events that modify user/group information are collected - '/etc/passwd'
4.1.4 Ensure events that modify user/group information are collected - '/etc/security/opasswd'
4.1.4 Ensure events that modify user/group information are collected - '/etc/shadow'
4.1.4 Ensure events that modify user/group information are collected - auditctl '/etc/group'
4.1.4 Ensure events that modify user/group information are collected - auditctl '/etc/gshadow'
4.1.4 Ensure events that modify user/group information are collected - auditctl '/etc/passwd'
4.1.4 Ensure events that modify user/group information are collected - auditctl '/etc/security/opasswd'
4.1.4 Ensure events that modify user/group information are collected - auditctl '/etc/shadow'