API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 22nd, 2017
182
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
VIM 4.19 KB | None | 0 0
raw download clone embed print report diff
  1.   - Install libpam-usb to enable multi-factor authentication for PAM sessions [CUST-0285]
  2.       https://your-domain.example.org/controls/CUST-0285/
  3.   - Install 'ecryptfs-utils' and configure for each user. [CUST-0520]
  4.       https://your-domain.example.org/controls/CUST-0520/
  5.   - Install apt-listbugs to display a list of critical bugs prior to each APT installation. [CUST-0810]
  6.       https://your-domain.example.org/controls/CUST-0810/
  7.   - Install debian-goodies so that you can run checkrestart after upgrades to determine which services are using old versions of libraries and need restarting. [CUST-0830]
  8.       https://your-domain.example.org/controls/CUST-0830/
  9.   - Copy /etc/fail2ban/jail.conf to jail.local to prevent it being changed by updates. [DEB-0880]
  10.       https://cisofy.com/controls/DEB-0880/
  11.   - Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122]
  12.       https://cisofy.com/controls/BOOT-5122/
  13.   - Determine runlevel and services at startup [BOOT-5180]
  14.       https://cisofy.com/controls/BOOT-5180/
  15.   - Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [AUTH-9262]
  16.       https://cisofy.com/controls/AUTH-9262/
  17.   - Configure password aging limits to enforce password changing on a regular base [AUTH-9286]
  18.       https://cisofy.com/controls/AUTH-9286/
  19.   - Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328]
  20.       https://cisofy.com/controls/AUTH-9328/
  21.   - Default umask in /etc/init.d/rc could be more strict like 027 [AUTH-9328]
  22.       https://cisofy.com/controls/AUTH-9328/
  23.   - To decrease the impact of a full /home file system, place /home on a separated partition [FILE-6310]
  24.       https://cisofy.com/controls/FILE-6310/
  25.   - To decrease the impact of a full /tmp file system, place /tmp on a separated partition [FILE-6310]
  26.       https://cisofy.com/controls/FILE-6310/
  27.   - To decrease the impact of a full /var file system, place /var on a separated partition [FILE-6310]
  28.       https://cisofy.com/controls/FILE-6310/
  29.   - Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [STRG-1840]
  30.       https://cisofy.com/controls/STRG-1840/
  31.   - Purge old/removed packages (1 found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts. [PKGS-7346]
  32.       https://cisofy.com/controls/PKGS-7346/
  33.   - Install package apt-show-versions for patch management purposes [PKGS-7394]
  34.       https://cisofy.com/controls/PKGS-7394/
  35.   - Check your resolv.conf file and fill in a backup nameserver if possible [NETW-2705]
  36.       https://cisofy.com/controls/NETW-2705/
  37.   - Check iptables rules to see which rules are currently not used [FIRE-4513]
  38.       https://cisofy.com/controls/FIRE-4513/
  39.   - Check what deleted files are still in use and why. [LOGG-2190]
  40.       https://cisofy.com/controls/LOGG-2190/
  41.   - Add a legal banner to /etc/issue, to warn unauthorized users [BANN-7126]
  42.       https://cisofy.com/controls/BANN-7126/
  43.   - Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130]
  44.       https://cisofy.com/controls/BANN-7130/
  45.   - Enable process accounting [ACCT-9622]
  46.       https://cisofy.com/controls/ACCT-9622/
  47.   - Enable sysstat to collect accounting (no results) [ACCT-9626]
  48.       https://cisofy.com/controls/ACCT-9626/
  49.   - Enable auditd to collect audit information [ACCT-9628]
  50.       https://cisofy.com/controls/ACCT-9628/
  51.   - Check ntpq peers output [TIME-3116]
  52.       https://cisofy.com/controls/TIME-3116/
  53.   - Check ntpq peers output for unreliable ntp peers and correct/replace them [TIME-3120]
  54.       https://cisofy.com/controls/TIME-3120/
  55.   - Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350]
  56.       https://cisofy.com/controls/FINT-4350/
  57.   - Determine if automation tools are present for system management [TOOL-5002]
  58.       https://cisofy.com/controls/TOOL-5002/
  59.   - One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000]
  60.       https://cisofy.com/controls/KRNL-6000/
  61.   - Harden compilers like restricting access to root user only [HRDN-7222]
  62.       https://cisofy.com/controls/HRDN-7222/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!