SHARE
TWEET

Untitled

a guest Feb 17th, 2020 64 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.   * Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122]
  2.       https://cisofy.com/lynis/controls/BOOT-5122/
  3.  
  4.   * When possible set expire dates for all password protected accounts [AUTH-9282]
  5.       https://cisofy.com/lynis/controls/AUTH-9282/
  6.  
  7.   * To decrease the impact of a full /home file system, place /home on a separate partition [FILE-6310]
  8.       https://cisofy.com/lynis/controls/FILE-6310/
  9.  
  10.   * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310]
  11.       https://cisofy.com/lynis/controls/FILE-6310/
  12.  
  13.   * To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310]
  14.       https://cisofy.com/lynis/controls/FILE-6310/
  15.  
  16.   * Consider disabling unused kernel modules [FILE-6430]
  17.     - Details  : /etc/modprobe.d/blacklist.conf
  18.     - Solution : Add 'install MODULENAME /bin/true' (without quotes)
  19.       https://cisofy.com/lynis/controls/FILE-6430/
  20.  
  21.   * Check DNS configuration for the dns domain name [NAME-4028]
  22.       https://cisofy.com/lynis/controls/NAME-4028/
  23.  
  24.   * Split resolving between localhost and the hostname of the system [NAME-4406]
  25.       https://cisofy.com/lynis/controls/NAME-4406/
  26.  
  27.   * Purge old/removed packages (1 found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts. [PKGS-7346]
  28.       https://cisofy.com/lynis/controls/PKGS-7346/
  29.  
  30.   * Check iptables rules to see which rules are currently not used [FIRE-4513]
  31.       https://cisofy.com/lynis/controls/FIRE-4513/
  32.  
  33.   * Consider hardening SSH configuration [SSH-7408]
  34.     - Details  : Port (set 22 to )
  35.       https://cisofy.com/lynis/controls/SSH-7408/
  36.  
  37.   * Enable logging to an external logging host for archiving purposes and additional protection [LOGG-2154]
  38.       https://cisofy.com/lynis/controls/LOGG-2154/
  39.  
  40.   * Check what deleted files are still in use and why. [LOGG-2190]
  41.       https://cisofy.com/lynis/controls/LOGG-2190/
  42.  
  43.   * Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130]
  44.       https://cisofy.com/lynis/controls/BANN-7130/
  45.  
  46.   * Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules [ACCT-9630]
  47.       https://cisofy.com/lynis/controls/ACCT-9630/
  48.  
  49.   * Consider restricting file permissions [FILE-7524]
  50.     - Details  : See screen output or log file
  51.     - Solution : Use chmod to change file permissions
  52.       https://cisofy.com/lynis/controls/FILE-7524/
  53.  
  54.   * Double check the permissions of home directories as some might be not strict enough. [HOME-9304]
  55.       https://cisofy.com/lynis/controls/HOME-9304/
  56.  
  57.   * One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000]
  58.     - Solution : Change sysctl value or disable test (skip-test=KRNL-6000:<sysctl-key>)
  59.       https://cisofy.com/lynis/controls/KRNL-6000/
  60.  
  61.   * Harden compilers like restricting access to root user only [HRDN-7222]
  62.       https://cisofy.com/lynis/controls/HRDN-7222/
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top