SHOW:
|
|
- or go back to the newest paste.
1 | - Install libpam-usb to enable multi-factor authentication for PAM sessions [CUST-0285] | |
2 | https://your-domain.example.org/controls/CUST-0285/ | |
3 | - Install 'ecryptfs-utils' and configure for each user. [CUST-0520] | |
4 | https://your-domain.example.org/controls/CUST-0520/ | |
5 | - Install apt-listbugs to display a list of critical bugs prior to each APT installation. [CUST-0810] | |
6 | https://your-domain.example.org/controls/CUST-0810/ | |
7 | - Install debian-goodies so that you can run checkrestart after upgrades to determine which services are using old versions of libraries and need restarting. [CUST-0830] | |
8 | https://your-domain.example.org/controls/CUST-0830/ | |
9 | - Copy /etc/fail2ban/jail.conf to jail.local to prevent it being changed by updates. [DEB-0880] | |
10 | https://cisofy.com/controls/DEB-0880/ | |
11 | - Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122] | |
12 | https://cisofy.com/controls/BOOT-5122/ | |
13 | - Determine runlevel and services at startup [BOOT-5180] | |
14 | https://cisofy.com/controls/BOOT-5180/ | |
15 | - Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [AUTH-9262] | |
16 | https://cisofy.com/controls/AUTH-9262/ | |
17 | - Configure password aging limits to enforce password changing on a regular base [AUTH-9286] | |
18 | https://cisofy.com/controls/AUTH-9286/ | |
19 | - Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328] | |
20 | https://cisofy.com/controls/AUTH-9328/ | |
21 | - Default umask in /etc/init.d/rc could be more strict like 027 [AUTH-9328] | |
22 | https://cisofy.com/controls/AUTH-9328/ | |
23 | - To decrease the impact of a full /home file system, place /home on a separated partition [FILE-6310] | |
24 | https://cisofy.com/controls/FILE-6310/ | |
25 | - To decrease the impact of a full /tmp file system, place /tmp on a separated partition [FILE-6310] | |
26 | https://cisofy.com/controls/FILE-6310/ | |
27 | - To decrease the impact of a full /var file system, place /var on a separated partition [FILE-6310] | |
28 | https://cisofy.com/controls/FILE-6310/ | |
29 | - Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [STRG-1840] | |
30 | https://cisofy.com/controls/STRG-1840/ | |
31 | - Purge old/removed packages (1 found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts. [PKGS-7346] | |
32 | https://cisofy.com/controls/PKGS-7346/ | |
33 | - Install package apt-show-versions for patch management purposes [PKGS-7394] | |
34 | https://cisofy.com/controls/PKGS-7394/ | |
35 | - Check your resolv.conf file and fill in a backup nameserver if possible [NETW-2705] | |
36 | https://cisofy.com/controls/NETW-2705/ | |
37 | - Check iptables rules to see which rules are currently not used [FIRE-4513] | |
38 | https://cisofy.com/controls/FIRE-4513/ | |
39 | - Check what deleted files are still in use and why. [LOGG-2190] | |
40 | https://cisofy.com/controls/LOGG-2190/ | |
41 | - Add a legal banner to /etc/issue, to warn unauthorized users [BANN-7126] | |
42 | https://cisofy.com/controls/BANN-7126/ | |
43 | - Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130] | |
44 | https://cisofy.com/controls/BANN-7130/ | |
45 | - Enable process accounting [ACCT-9622] | |
46 | https://cisofy.com/controls/ACCT-9622/ | |
47 | - Enable sysstat to collect accounting (no results) [ACCT-9626] | |
48 | https://cisofy.com/controls/ACCT-9626/ | |
49 | - Enable auditd to collect audit information [ACCT-9628] | |
50 | https://cisofy.com/controls/ACCT-9628/ | |
51 | - Check ntpq peers output [TIME-3116] | |
52 | https://cisofy.com/controls/TIME-3116/ | |
53 | - Check ntpq peers output for unreliable ntp peers and correct/replace them [TIME-3120] | |
54 | https://cisofy.com/controls/TIME-3120/ | |
55 | - Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350] | |
56 | https://cisofy.com/controls/FINT-4350/ | |
57 | - Determine if automation tools are present for system management [TOOL-5002] | |
58 | https://cisofy.com/controls/TOOL-5002/ | |
59 | - One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000] | |
60 | https://cisofy.com/controls/KRNL-6000/ | |
61 | - Harden compilers like restricting access to root user only [HRDN-7222] | |
62 | https://cisofy.com/controls/HRDN-7222/ |