CIS Red Hat EL7 Workstation L2 v3.0.1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Red Hat EL7 Workstation L2 v3.0.1

Updated: 11/17/2021

Authority: CIS

Plugin: Unix

Revision: 1.4

Estimated Item Count: 138

Audit Items

Description	Categories
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmod	CONFIGURATION MANAGEMENT
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobe	CONFIGURATION MANAGEMENT
1.1.1.4 Ensure mounting of FAT filesystems is limited - /etc/fstab	CONFIGURATION MANAGEMENT
1.1.1.4 Ensure mounting of FAT filesystems is limited - lsmod fat	CONFIGURATION MANAGEMENT
1.1.1.4 Ensure mounting of FAT filesystems is limited - lsmod msdos	CONFIGURATION MANAGEMENT
1.1.1.4 Ensure mounting of FAT filesystems is limited - lsmod vfat	CONFIGURATION MANAGEMENT
1.1.1.4 Ensure mounting of FAT filesystems is limited - modprobe fat	CONFIGURATION MANAGEMENT
1.1.1.4 Ensure mounting of FAT filesystems is limited - modprobe msdos	CONFIGURATION MANAGEMENT
1.1.1.4 Ensure mounting of FAT filesystems is limited - modprobe vfat	CONFIGURATION MANAGEMENT
1.1.10 Ensure separate partition exists for /var	CONFIGURATION MANAGEMENT
1.1.11 Ensure separate partition exists for /var/tmp	CONFIGURATION MANAGEMENT
1.1.15 Ensure separate partition exists for /var/log	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
1.1.16 Ensure separate partition exists for /var/log/audit	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
1.1.17 Ensure separate partition exists for /home	CONFIGURATION MANAGEMENT
1.1.23 Disable Automounting
1.1.24 Disable USB Storage - lsmod	CONFIGURATION MANAGEMENT
1.1.24 Disable USB Storage - modprobe	CONFIGURATION MANAGEMENT
1.2.5 Disable the rhnsd Daemon
1.7.1.5 Ensure the SELinux mode is enforcing - /etc/selinux/config	ACCESS CONTROL
1.7.1.5 Ensure the SELinux mode is enforcing - getenforce	ACCESS CONTROL
2.2.3 Ensure Avahi Server is not installed - avahi	CONFIGURATION MANAGEMENT
2.2.3 Ensure Avahi Server is not installed - avahi-autoipd	CONFIGURATION MANAGEMENT
3.1.1 Disable IPv6	SYSTEM AND INFORMATION INTEGRITY
3.1.2 Ensure wireless interfaces are disabled	CONFIGURATION MANAGEMENT
3.4.1 Ensure DCCP is disabled - lsmod	CONFIGURATION MANAGEMENT
3.4.2 Ensure SCTP is disabled - lsmod	CONFIGURATION MANAGEMENT
3.4.2 Ensure SCTP is disabled - modprobe	CONFIGURATION MANAGEMENT
4.1.1.1 Ensure auditd is installed - audit	CONFIGURATION MANAGEMENT
4.1.1.1 Ensure auditd is installed - audit-libs	CONFIGURATION MANAGEMENT
4.1.1.2 Ensure auditd service is enabled and running - enabled	AUDIT AND ACCOUNTABILITY
4.1.1.2 Ensure auditd service is enabled and running - running	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY
4.1.2.1 Ensure audit log storage size is configured	AUDIT AND ACCOUNTABILITY
4.1.2.2 Ensure audit logs are not automatically deleted	AUDIT AND ACCOUNTABILITY
4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root'	AUDIT AND ACCOUNTABILITY
4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt'	AUDIT AND ACCOUNTABILITY
4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email'	AUDIT AND ACCOUNTABILITY
4.1.2.4 Ensure audit_backlog_limit is sufficient	AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY
4.1.3 Ensure events that modify date and time information are collected - auditctl /etc/localtime	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - /etc/localtime	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - adjtimex (32-bit)	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - adjtimex (64-bit)	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit)	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit)	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit)	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - clock_settime (32-bit)	AUDIT AND ACCOUNTABILITY
4.1.3 Ensure events that modify date and time information are collected - clock_settime (64-bit)	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify user/group information are collected - '/etc/group'	AUDIT AND ACCOUNTABILITY
4.1.4 Ensure events that modify user/group information are collected - '/etc/gshadow'	AUDIT AND ACCOUNTABILITY

Detections

Analytics

CIS Red Hat EL7 Workstation L2 v3.0.1

Warning! Audit Deprecated

Audit Details

Audit Items