SHOW:
|
|
- or go back to the newest paste.
| 1 | - Install libpam-usb to enable multi-factor authentication for PAM sessions [CUST-0285] | |
| 2 | https://your-domain.example.org/controls/CUST-0285/ | |
| 3 | - Install 'ecryptfs-utils' and configure for each user. [CUST-0520] | |
| 4 | https://your-domain.example.org/controls/CUST-0520/ | |
| 5 | - Install apt-listbugs to display a list of critical bugs prior to each APT installation. [CUST-0810] | |
| 6 | https://your-domain.example.org/controls/CUST-0810/ | |
| 7 | - Install debian-goodies so that you can run checkrestart after upgrades to determine which services are using old versions of libraries and need restarting. [CUST-0830] | |
| 8 | https://your-domain.example.org/controls/CUST-0830/ | |
| 9 | - Copy /etc/fail2ban/jail.conf to jail.local to prevent it being changed by updates. [DEB-0880] | |
| 10 | https://cisofy.com/controls/DEB-0880/ | |
| 11 | - Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122] | |
| 12 | https://cisofy.com/controls/BOOT-5122/ | |
| 13 | - Determine runlevel and services at startup [BOOT-5180] | |
| 14 | https://cisofy.com/controls/BOOT-5180/ | |
| 15 | - Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [AUTH-9262] | |
| 16 | https://cisofy.com/controls/AUTH-9262/ | |
| 17 | - Configure password aging limits to enforce password changing on a regular base [AUTH-9286] | |
| 18 | https://cisofy.com/controls/AUTH-9286/ | |
| 19 | - Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328] | |
| 20 | https://cisofy.com/controls/AUTH-9328/ | |
| 21 | - Default umask in /etc/init.d/rc could be more strict like 027 [AUTH-9328] | |
| 22 | https://cisofy.com/controls/AUTH-9328/ | |
| 23 | - To decrease the impact of a full /home file system, place /home on a separated partition [FILE-6310] | |
| 24 | https://cisofy.com/controls/FILE-6310/ | |
| 25 | - To decrease the impact of a full /tmp file system, place /tmp on a separated partition [FILE-6310] | |
| 26 | https://cisofy.com/controls/FILE-6310/ | |
| 27 | - To decrease the impact of a full /var file system, place /var on a separated partition [FILE-6310] | |
| 28 | https://cisofy.com/controls/FILE-6310/ | |
| 29 | - Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [STRG-1840] | |
| 30 | https://cisofy.com/controls/STRG-1840/ | |
| 31 | - Purge old/removed packages (1 found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts. [PKGS-7346] | |
| 32 | https://cisofy.com/controls/PKGS-7346/ | |
| 33 | - Install package apt-show-versions for patch management purposes [PKGS-7394] | |
| 34 | https://cisofy.com/controls/PKGS-7394/ | |
| 35 | - Check your resolv.conf file and fill in a backup nameserver if possible [NETW-2705] | |
| 36 | https://cisofy.com/controls/NETW-2705/ | |
| 37 | - Check iptables rules to see which rules are currently not used [FIRE-4513] | |
| 38 | https://cisofy.com/controls/FIRE-4513/ | |
| 39 | - Check what deleted files are still in use and why. [LOGG-2190] | |
| 40 | https://cisofy.com/controls/LOGG-2190/ | |
| 41 | - Add a legal banner to /etc/issue, to warn unauthorized users [BANN-7126] | |
| 42 | https://cisofy.com/controls/BANN-7126/ | |
| 43 | - Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130] | |
| 44 | https://cisofy.com/controls/BANN-7130/ | |
| 45 | - Enable process accounting [ACCT-9622] | |
| 46 | https://cisofy.com/controls/ACCT-9622/ | |
| 47 | - Enable sysstat to collect accounting (no results) [ACCT-9626] | |
| 48 | https://cisofy.com/controls/ACCT-9626/ | |
| 49 | - Enable auditd to collect audit information [ACCT-9628] | |
| 50 | https://cisofy.com/controls/ACCT-9628/ | |
| 51 | - Check ntpq peers output [TIME-3116] | |
| 52 | https://cisofy.com/controls/TIME-3116/ | |
| 53 | - Check ntpq peers output for unreliable ntp peers and correct/replace them [TIME-3120] | |
| 54 | https://cisofy.com/controls/TIME-3120/ | |
| 55 | - Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350] | |
| 56 | https://cisofy.com/controls/FINT-4350/ | |
| 57 | - Determine if automation tools are present for system management [TOOL-5002] | |
| 58 | https://cisofy.com/controls/TOOL-5002/ | |
| 59 | - One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000] | |
| 60 | https://cisofy.com/controls/KRNL-6000/ | |
| 61 | - Harden compilers like restricting access to root user only [HRDN-7222] | |
| 62 | https://cisofy.com/controls/HRDN-7222/ |
