Ensure SELinux is installed
Details SELinux provides Mandatory Access Controls. Rationale: Without a Mandatory Access Control system installed only the default Discretionary Access Control...
- Home
- Security Hardening
- CIS Aliyun Linux 2 L2 V1.0.0
CIS Aliyun Linux 2 L2 V1.0.0
Ensure SELinux is not disabled in bootloader configuration – enforcing
Details Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub...Ensure SELinux is not disabled in bootloader configuration – selinux
Details Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub...Ensure SELinux policy is configured – /etc/selinux/config
Details Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only. Rationale: Security...Ensure SELinux policy is configured – sestatus
Details Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only. Rationale: Security...Ensure separate partition exists for /home
Details The /home directory is used to support disk storage needs of local users. Rationale: If the system is intended...Ensure separate partition exists for /var
Details The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created...Ensure separate partition exists for /var/log
Details The /var/log directory is used by system services to store log data . Rationale: There are two important reasons...Ensure separate partition exists for /var/log/audit
Details The auditing daemon, auditd , stores log data in the /var/log/audit directory. Rationale: There are two important reasons to...Ensure separate partition exists for /var/tmp
Details The /var/tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Since...