Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122]
- https://cisofy.com/lynis/controls/BOOT-5122/
- * When possible set expire dates for all password protected accounts [AUTH-9282]
- https://cisofy.com/lynis/controls/AUTH-9282/
- * To decrease the impact of a full /home file system, place /home on a separate partition [FILE-6310]
- https://cisofy.com/lynis/controls/FILE-6310/
- * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310]
- https://cisofy.com/lynis/controls/FILE-6310/
- * To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310]
- https://cisofy.com/lynis/controls/FILE-6310/
- * Consider disabling unused kernel modules [FILE-6430]
- - Details : /etc/modprobe.d/blacklist.conf
- - Solution : Add 'install MODULENAME /bin/true' (without quotes)
- https://cisofy.com/lynis/controls/FILE-6430/
- * Check DNS configuration for the dns domain name [NAME-4028]
- https://cisofy.com/lynis/controls/NAME-4028/
- * Split resolving between localhost and the hostname of the system [NAME-4406]
- https://cisofy.com/lynis/controls/NAME-4406/
- * Purge old/removed packages (1 found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts. [PKGS-7346]
- https://cisofy.com/lynis/controls/PKGS-7346/
- * Check iptables rules to see which rules are currently not used [FIRE-4513]
- https://cisofy.com/lynis/controls/FIRE-4513/
- * Consider hardening SSH configuration [SSH-7408]
- - Details : Port (set 22 to )
- https://cisofy.com/lynis/controls/SSH-7408/
- * Enable logging to an external logging host for archiving purposes and additional protection [LOGG-2154]
- https://cisofy.com/lynis/controls/LOGG-2154/
- * Check what deleted files are still in use and why. [LOGG-2190]
- https://cisofy.com/lynis/controls/LOGG-2190/
- * Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130]
- https://cisofy.com/lynis/controls/BANN-7130/
- * Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules [ACCT-9630]
- https://cisofy.com/lynis/controls/ACCT-9630/
- * Consider restricting file permissions [FILE-7524]
- - Details : See screen output or log file
- - Solution : Use chmod to change file permissions
- https://cisofy.com/lynis/controls/FILE-7524/
- * Double check the permissions of home directories as some might be not strict enough. [HOME-9304]
- https://cisofy.com/lynis/controls/HOME-9304/
- * One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000]
- - Solution : Change sysctl value or disable test (skip-test=KRNL-6000:<sysctl-key>)
- https://cisofy.com/lynis/controls/KRNL-6000/
- * Harden compilers like restricting access to root user only [HRDN-7222]
- https://cisofy.com/lynis/controls/HRDN-7222/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement