Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - Install libpam-usb to enable multi-factor authentication for PAM sessions [CUST-0285]
- https://your-domain.example.org/controls/CUST-0285/
- - Install 'ecryptfs-utils' and configure for each user. [CUST-0520]
- https://your-domain.example.org/controls/CUST-0520/
- - Install apt-listbugs to display a list of critical bugs prior to each APT installation. [CUST-0810]
- https://your-domain.example.org/controls/CUST-0810/
- - Install debian-goodies so that you can run checkrestart after upgrades to determine which services are using old versions of libraries and need restarting. [CUST-0830]
- https://your-domain.example.org/controls/CUST-0830/
- - Copy /etc/fail2ban/jail.conf to jail.local to prevent it being changed by updates. [DEB-0880]
- https://cisofy.com/controls/DEB-0880/
- - Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122]
- https://cisofy.com/controls/BOOT-5122/
- - Determine runlevel and services at startup [BOOT-5180]
- https://cisofy.com/controls/BOOT-5180/
- - Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [AUTH-9262]
- https://cisofy.com/controls/AUTH-9262/
- - Configure password aging limits to enforce password changing on a regular base [AUTH-9286]
- https://cisofy.com/controls/AUTH-9286/
- - Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328]
- https://cisofy.com/controls/AUTH-9328/
- - Default umask in /etc/init.d/rc could be more strict like 027 [AUTH-9328]
- https://cisofy.com/controls/AUTH-9328/
- - To decrease the impact of a full /home file system, place /home on a separated partition [FILE-6310]
- https://cisofy.com/controls/FILE-6310/
- - To decrease the impact of a full /tmp file system, place /tmp on a separated partition [FILE-6310]
- https://cisofy.com/controls/FILE-6310/
- - To decrease the impact of a full /var file system, place /var on a separated partition [FILE-6310]
- https://cisofy.com/controls/FILE-6310/
- - Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [STRG-1840]
- https://cisofy.com/controls/STRG-1840/
- - Purge old/removed packages (1 found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts. [PKGS-7346]
- https://cisofy.com/controls/PKGS-7346/
- - Install package apt-show-versions for patch management purposes [PKGS-7394]
- https://cisofy.com/controls/PKGS-7394/
- - Check your resolv.conf file and fill in a backup nameserver if possible [NETW-2705]
- https://cisofy.com/controls/NETW-2705/
- - Check iptables rules to see which rules are currently not used [FIRE-4513]
- https://cisofy.com/controls/FIRE-4513/
- - Check what deleted files are still in use and why. [LOGG-2190]
- https://cisofy.com/controls/LOGG-2190/
- - Add a legal banner to /etc/issue, to warn unauthorized users [BANN-7126]
- https://cisofy.com/controls/BANN-7126/
- - Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130]
- https://cisofy.com/controls/BANN-7130/
- - Enable process accounting [ACCT-9622]
- https://cisofy.com/controls/ACCT-9622/
- - Enable sysstat to collect accounting (no results) [ACCT-9626]
- https://cisofy.com/controls/ACCT-9626/
- - Enable auditd to collect audit information [ACCT-9628]
- https://cisofy.com/controls/ACCT-9628/
- - Check ntpq peers output [TIME-3116]
- https://cisofy.com/controls/TIME-3116/
- - Check ntpq peers output for unreliable ntp peers and correct/replace them [TIME-3120]
- https://cisofy.com/controls/TIME-3120/
- - Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350]
- https://cisofy.com/controls/FINT-4350/
- - Determine if automation tools are present for system management [TOOL-5002]
- https://cisofy.com/controls/TOOL-5002/
- - One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000]
- https://cisofy.com/controls/KRNL-6000/
- - Harden compilers like restricting access to root user only [HRDN-7222]
- https://cisofy.com/controls/HRDN-7222/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement