Disable Automounting
Details autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives. Rationale: With automounting enabled anyone with physical...
- Home
- Security Hardening
- CIS Aliyun Linux 2 L1 V1.0.0
CIS Aliyun Linux 2 L1 V1.0.0
Ensure address space layout randomization (ASLR) is enabled – sysctl
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...Ensure address space layout randomization (ASLR) is enabled – sysctl.conf/sysctl.d
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...Ensure AIDE is installed
Details AIDE takes a snapshot of filesystem state including modification times, permissions, and file hashes which can then be used...Ensure authentication required for single user mode – emergency.service
Details Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by...Ensure authentication required for single user mode – rescue.service
Details Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by...Ensure Avahi Server is not enabled
Details Avahi is a free zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish...Ensure chrony is configured – chrony server/pool
Details chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a...Ensure chrony is configured – OPTIONS
Details chrony is a daemon which implements the Network Time Protocol (NTP) is designed to synchronize system clocks across a...Ensure core dumps are restricted – fs.suid_dumpable (sysctl.conf/sysctl.d)
Details A core dump is the memory of an executable program. It is generally used to determine why a program...