[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Title: Ensure noexec option set on /var/log/audit partition Description: The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/log/audit filesystem is only intended for audit logs, set this option to ensure that users cannot run executable binaries from /var/log/audit . Audit: Verify that the noexec option is set for ...

Title: Ensure journald service is enabled Description: Ensure that the systemd-journald service is enabled to allow capturing of logging events. Rationale: If the systemd-journald service is not enabled to start on boot, the system will not capture logging events. Audit: Run the following command to verify systemd-journald is enabled: # systemctl is-enabled systemd-journald.s ...

Title: Ensure GNOME Display Manager is removed Description: The GNOME Display Manager (GDM) is a program that manages graphical display servers and handles graphical user logins. Rationale: If a Graphical User Interface (GUI) is not required, it should be removed to reduce the attack surface of the system. Impact: Removing the GNOME Display manager will remove the GUI from the syst ...

Title: Ensure events that modify the sudo log file are collected Description: Monitor the sudo log file. If the system has been properly configured to disable the use of the su command and force all administrators to have to log in first and then use sudo to execute privileged commands, then all administrator commands will be logged to /var/log/sudo.log . Any time a command is executed, ...

Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-0000 ...

Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-0000 ...

Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit records can be generated from various components within the information system (e.g., module or policy filter). Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-0000 ...

The contents of the /etc/issue file are displayed to users prior to login for local terminals. Rationale: If the /etc/issue file does not have the correct ownership and permissions it could be modified by unauthorized users with incorrect or misleading information. Fix: Run the following commands to set permissions on /etc/issue: # chown root:root /etc/is ...

Title: Ensure systemd-journal-remote is installed Description: Journald (via systemd-journal-remote ) supports the ability to send log events it gathers to a remote log host or to receive messages from remote hosts, thus enabling centralized log management. Rationale: Storing log data on a remote host protects log integrity from local attacks. If an attacker gains root access on the ...

Title: Ensure journald is not configured to receive logs from a remote client Description: Journald supports the ability to receive messages from remote hosts, thus acting as a log server. Clients should not receive data from other hosts. NOTE: The same package, systemd-journal-remote , is used for both sending logs to remote hosts and receiving incoming logs. With regards to recei ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3047

© SecPod Technologies