Description: The `nodev` mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/log filesystem is not intended to support devices, set this option to ensure
that users cannot create a block or character special devices in /var/log . Audit: Verify that the `nodev` option is set if a `/var` partition exists.Run the following command and verify that nothi ...
Description: The `nosuid` mount option specifies that the filesystem cannot contain `setuid` files. Rationale: Setting this option on a file system prevents users from introducing privileged programs onto the system and allowing non-root users to execute them. Audit: Verify that the `nosuid` option is set if a `/home` partition exists.Run the following command and verify that nothing is returned:# ...
Title:
Ensure noexec option set on /var/log/audit partition
Description:
The noexec mount option specifies that the filesystem cannot contain executable binaries.
Rationale:
Since the /var/log/audit filesystem is only intended for audit logs, set this option to
ensure that users cannot run executable binaries from /var/log/audit .
Audit:
Verify that the noexec option is set for ...
Title:
Ensure journald service is enabled
Description:
Ensure that the systemd-journald service is enabled to allow capturing of logging events.
Rationale:
If the systemd-journald service is not enabled to start on boot, the system will not capture
logging events.
Audit:
Run the following command to verify systemd-journald is enabled:
# systemctl is-enabled systemd-journald.s ...
Title:
Ensure GNOME Display Manager is removed
Description:
The GNOME Display Manager (GDM) is a program that manages graphical display servers
and handles graphical user logins.
Rationale:
If a Graphical User Interface (GUI) is not required, it should be removed to reduce the
attack surface of the system.
Impact:
Removing the GNOME Display manager will remove the GUI from the syst ...
Title:
Ensure events that modify the sudo log file are collected
Description:
Monitor the sudo log file. If the system has been properly configured to disable the use of
the su command and force all administrators to have to log in first and then use sudo to
execute privileged commands, then all administrator commands will be logged to
/var/log/sudo.log . Any time a command is executed, ...
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-0000 ...
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-0000 ...
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
Audit records can be generated from various components within the information system (e.g., module or policy filter).
Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-0000 ...
The contents of the /etc/issue file are displayed to users prior to login for local terminals.
Rationale:
If the /etc/issue file does not have the correct ownership and permissions it could be modified by unauthorized users with incorrect or misleading information.
Fix:
Run the following commands to set permissions on /etc/issue: # chown root:root /etc/is ...