Disable Automounting
Details autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives. Rationale: With automounting enabled anyone with physical...
- Home
- Security Hardening
- CIS Amazon Linux 2 STIG V1.0.0 L1
CIS Amazon Linux 2 STIG V1.0.0 L1
Ensure address space layout randomization (ASLR) is enabled – /etc/sysctl.conf, /etc/sysctl.d/*
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...Ensure address space layout randomization (ASLR) is enabled – sysctl
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...Ensure AIDE is installed
Details AIDE takes a snapshot of filesystem state including modification times, permissions, and file hashes which can then be used...Ensure authentication required for single user mode – emergency.service
Details Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by...Ensure authentication required for single user mode – rescue.service
Details Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by...Ensure core dumps are restricted – /etc/sysctl.conf, /etc/sysctl.d/*
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – limits.conf, limits.d/*
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – sysctl
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure gpgcheck is globally activated
Details The gpgcheck option, found in the main section of the /etc/yum.conf and individual /etc/yum/repos.d/* files determines if an RPM...