1.1.18 Disable Mounting of cramfs Filesystems - install cramfs /bin/true' | CONFIGURATION MANAGEMENT |
1.1.19 Disable Mounting of freevxfs Filesystems - install freevxfs /bin/true' | CONFIGURATION MANAGEMENT |
1.1.20 Disable Mounting of jffs2 Filesystems - install jffs2 /bin/true' | CONFIGURATION MANAGEMENT |
1.1.21 Disable Mounting of hfs Filesystems - install hfs /bin/true' | CONFIGURATION MANAGEMENT |
1.1.22 Disable Mounting of hfsplus Filesystems - install hfsplus /bin/true' | CONFIGURATION MANAGEMENT |
1.1.23 Disable Mounting of squashfs Filesystems - install squashfs /bin/true' | CONFIGURATION MANAGEMENT |
1.1.24 Disable Mounting of udf Filesystems - lsmod | CONFIGURATION MANAGEMENT |
1.1.24 Disable Mounting of udf Filesystems - modprobe | CONFIGURATION MANAGEMENT |
1.2.4 Disable the rhnsd Daemon | SYSTEM AND INFORMATION INTEGRITY |
1.2.5 Disable yum-updatesd | SYSTEM AND INFORMATION INTEGRITY |
1.3.1 Install AIDE | AUDIT AND ACCOUNTABILITY |
1.3.2 Implement Periodic Execution of File Integrity - 0 5 * * * /usr/sbin/aide --check' | AUDIT AND ACCOUNTABILITY |
1.4.1 Enable SELinux in /etc/grub.conf - enforcing != 0 | ACCESS CONTROL |
1.4.1 Enable SELinux in /etc/grub.conf - selinux != 0 | ACCESS CONTROL |
1.4.2 Set the SELinux State - SELINUX=enforcing | ACCESS CONTROL |
1.4.3 Set the SELinux Policy - SELINUXTYPE=targeted | ACCESS CONTROL |
1.4.4 Remove SETroubleshoot | SYSTEM AND INFORMATION INTEGRITY |
1.4.5 Disable MCS Translation Service (mcstrans) | SYSTEM AND INFORMATION INTEGRITY |
1.4.6 Check for Unconfined Daemons | SYSTEM AND INFORMATION INTEGRITY |
2.1.11 Remove xinetd | CONFIGURATION MANAGEMENT |
4.2.3 Disable Secure ICMP Redirect Acceptance - net.ipv4.conf.all.secure_redirects = 0 | SYSTEM AND INFORMATION INTEGRITY |
4.2.3 Disable Secure ICMP Redirect Acceptance - net.ipv4.conf.default.secure_redirects = 0 | SYSTEM AND INFORMATION INTEGRITY |
4.2.7 Enable RFC-recommended Source Route Validation - net.ipv4.conf.all.rp_filter = 1 | SYSTEM AND INFORMATION INTEGRITY |
4.2.7 Enable RFC-recommended Source Route Validation - net.ipv4.conf.default.rp_filter = 1 | SYSTEM AND INFORMATION INTEGRITY |
5.3.1.1 Configure Audit Log Storage Size | AUDIT AND ACCOUNTABILITY |
5.3.1.2 Disable System on Audit Log Full - action_mail_acct | AUDIT AND ACCOUNTABILITY |
5.3.1.2 Disable System on Audit Log Full - admin_space_left_action | AUDIT AND ACCOUNTABILITY |
5.3.1.2 Disable System on Audit Log Full - space_left_action | AUDIT AND ACCOUNTABILITY |
5.3.1.3 Keep All Auditing Information | AUDIT AND ACCOUNTABILITY |
5.3.2 Enable auditd Service | AUDIT AND ACCOUNTABILITY |
5.3.3 Keep All Auditing Information | AUDIT AND ACCOUNTABILITY |
5.3.4 Enable Auditing for Processes That Start Prior to auditd | AUDIT AND ACCOUNTABILITY |
5.3.5 Record Events That Modify Date and Time Information - adjtimex | CONFIGURATION MANAGEMENT |
5.3.5 Record Events That Modify Date and Time Information - arch=b64 -S adjtimex | CONFIGURATION MANAGEMENT |
5.3.5 Record Events That Modify Date and Time Information - arch=b64 -S clock_settime | CONFIGURATION MANAGEMENT |
5.3.5 Record Events That Modify Date and Time Information - clock_settime | CONFIGURATION MANAGEMENT |
5.3.5 Record Events That Modify Date and Time Information - time-change | CONFIGURATION MANAGEMENT |
5.3.6 Record Events That Modify User/Group Information - /etc/group | CONFIGURATION MANAGEMENT |
5.3.6 Record Events That Modify User/Group Information - /etc/gshadow | CONFIGURATION MANAGEMENT |
5.3.6 Record Events That Modify User/Group Information - /etc/passwd | CONFIGURATION MANAGEMENT |
5.3.6 Record Events That Modify User/Group Information - /etc/security/opasswd | CONFIGURATION MANAGEMENT |
5.3.6 Record Events That Modify User/Group Information - /etc/shadow | CONFIGURATION MANAGEMENT |
5.3.7 Record Events That Modify the System's Network Environment - /etc/hosts | CONFIGURATION MANAGEMENT |
5.3.7 Record Events That Modify the System's Network Environment - /etc/issue | CONFIGURATION MANAGEMENT |
5.3.7 Record Events That Modify the System's Network Environment - /etc/issue.net | CONFIGURATION MANAGEMENT |
5.3.7 Record Events That Modify the System's Network Environment - /etc/sysconfig/network | CONFIGURATION MANAGEMENT |
5.3.7 Record Events That Modify the System's Network Environment - arch=b32 -S sethostname | CONFIGURATION MANAGEMENT |
5.3.7 Record Events That Modify the System's Network Environment - arch=b64 -S sethostname | CONFIGURATION MANAGEMENT |
5.3.8 Record Events That Modify the System's Mandatory Access Controls - /etc/selinux/ | CONFIGURATION MANAGEMENT |
5.3.9 Collect Login and Logout Events - /var/log/btmp | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |