Revision 1.8Jun 14, 2024
Functional Update
- 1.1.1.1 Ensure mounting of squashfs filesystems is disabled
- 1.1.10 Ensure separate partition exists for /var
- 1.1.11 Ensure separate partition exists for /var/tmp
- 1.1.15 Ensure separate partition exists for /var/log
- 1.1.16 Ensure separate partition exists for /var/log/audit
- 1.1.17 Ensure separate partition exists for /home
- 1.7.1.4 Ensure all AppArmor Profiles are enforcing
- 4.1.1.1 Ensure auditd is installed
- 4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
- 4.1.11 Ensure use of privileged commands is collected
- 4.1.17 Ensure the audit configuration is immutable
- 4.1.2.1 Ensure audit log storage size is configured
- 4.1.2.2 Ensure audit logs are not automatically deleted
- 4.1.2.4 Ensure audit_backlog_limit is sufficient
- 5.2.20 Ensure SSH AllowTcpForwarding is disabled
- 5.2.6 Ensure SSH X11 forwarding is disabled
- 6.1.1 Audit system file permissions
Informational Update
- 1.1.1.1 Ensure mounting of squashfs filesystems is disabled
- 1.1.10 Ensure separate partition exists for /var
- 1.1.11 Ensure separate partition exists for /var/tmp
- 1.1.15 Ensure separate partition exists for /var/log
- 1.1.16 Ensure separate partition exists for /var/log/audit
- 1.1.17 Ensure separate partition exists for /home
- 1.7.1.4 Ensure all AppArmor Profiles are enforcing
- 4.1.1.1 Ensure auditd is installed
- 4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
- 4.1.11 Ensure use of privileged commands is collected
- 4.1.17 Ensure the audit configuration is immutable
- 4.1.2.1 Ensure audit log storage size is configured
- 4.1.2.2 Ensure audit logs are not automatically deleted
- 4.1.2.4 Ensure audit_backlog_limit is sufficient
- 5.2.20 Ensure SSH AllowTcpForwarding is disabled
- 5.2.6 Ensure SSH X11 forwarding is disabled
- 6.1.1 Audit system file permissions
Miscellaneous
- Metadata updated.
- References updated.
- See also link updated.
- Variables updated.
Added
- 1.1.1.3 Ensure mounting of FAT filesystems is limited
- 3.1.1 Disable IPv6
- 3.4.1 Ensure DCCP is disabled
- 3.4.2 Ensure SCTP is disabled
- 4.1.1.2 Ensure auditd service is enabled and running
- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected
- 4.1.12 Ensure successful file system mounts are collected
- 4.1.13 Ensure file deletion events by users are collected
- 4.1.14 Ensure changes to system administration scope (sudoers) is collected
- 4.1.15 Ensure system administrator actions (sudolog) are collected
- 4.1.16 Ensure kernel module loading and unloading is collected
- 4.1.2.3 Ensure system is disabled when audit logs are full
- 4.1.3 Ensure events that modify date and time information are collected
- 4.1.4 Ensure events that modify user/group information are collected
- 4.1.5 Ensure events that modify the system's network environment are collected
- 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected
- 4.1.7 Ensure login and logout events are collected
- 4.1.8 Ensure session initiation information is collected
- 4.1.9 Ensure discretionary access control permission modification events are collected