API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 17th, 2020
197
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.02 KB | None | 0 0
raw download clone embed print report
  1. * Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122]
  2. https://cisofy.com/lynis/controls/BOOT-5122/
  3.  
  4. * When possible set expire dates for all password protected accounts [AUTH-9282]
  5. https://cisofy.com/lynis/controls/AUTH-9282/
  6.  
  7. * To decrease the impact of a full /home file system, place /home on a separate partition [FILE-6310]
  8. https://cisofy.com/lynis/controls/FILE-6310/
  9.  
  10. * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310]
  11. https://cisofy.com/lynis/controls/FILE-6310/
  12.  
  13. * To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310]
  14. https://cisofy.com/lynis/controls/FILE-6310/
  15.  
  16. * Consider disabling unused kernel modules [FILE-6430]
  17. - Details : /etc/modprobe.d/blacklist.conf
  18. - Solution : Add 'install MODULENAME /bin/true' (without quotes)
  19. https://cisofy.com/lynis/controls/FILE-6430/
  20.  
  21. * Check DNS configuration for the dns domain name [NAME-4028]
  22. https://cisofy.com/lynis/controls/NAME-4028/
  23.  
  24. * Split resolving between localhost and the hostname of the system [NAME-4406]
  25. https://cisofy.com/lynis/controls/NAME-4406/
  26.  
  27. * Purge old/removed packages (1 found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts. [PKGS-7346]
  28. https://cisofy.com/lynis/controls/PKGS-7346/
  29.  
  30. * Check iptables rules to see which rules are currently not used [FIRE-4513]
  31. https://cisofy.com/lynis/controls/FIRE-4513/
  32.  
  33. * Consider hardening SSH configuration [SSH-7408]
  34. - Details : Port (set 22 to )
  35. https://cisofy.com/lynis/controls/SSH-7408/
  36.  
  37. * Enable logging to an external logging host for archiving purposes and additional protection [LOGG-2154]
  38. https://cisofy.com/lynis/controls/LOGG-2154/
  39.  
  40. * Check what deleted files are still in use and why. [LOGG-2190]
  41. https://cisofy.com/lynis/controls/LOGG-2190/
  42.  
  43. * Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130]
  44. https://cisofy.com/lynis/controls/BANN-7130/
  45.  
  46. * Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules [ACCT-9630]
  47. https://cisofy.com/lynis/controls/ACCT-9630/
  48.  
  49. * Consider restricting file permissions [FILE-7524]
  50. - Details : See screen output or log file
  51. - Solution : Use chmod to change file permissions
  52. https://cisofy.com/lynis/controls/FILE-7524/
  53.  
  54. * Double check the permissions of home directories as some might be not strict enough. [HOME-9304]
  55. https://cisofy.com/lynis/controls/HOME-9304/
  56.  
  57. * One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000]
  58. - Solution : Change sysctl value or disable test (skip-test=KRNL-6000:<sysctl-key>)
  59. https://cisofy.com/lynis/controls/KRNL-6000/
  60.  
  61. * Harden compilers like restricting access to root user only [HRDN-7222]
  62. https://cisofy.com/lynis/controls/HRDN-7222/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!