Disable Automounting
Details autofs allows automatic mounting of devices, typically including CD/DVDs and USB drives. Rationale: With automounting enabled anyone with physical...
- Home
- Security Hardening
- CIS Amazon Linux 2 V2.0.0 L1
CIS Amazon Linux 2 V2.0.0 L1
Disable USB Storage – lsmod
Details USB storage provides a means to transfer and store files insuring persistence and availability of the files independent of...Disable USB Storage – modprobe
Details USB storage provides a means to transfer and store files insuring persistence and availability of the files independent of...Ensure address space layout randomization (ASLR) is enabled
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...Ensure AIDE is installed
Details AIDE takes a snapshot of filesystem state including modification times, permissions, and file hashes which can then be used...Ensure authentication required for single user mode – emergency.service
Details Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by...Ensure authentication required for single user mode – rescue.service
Details Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by...Ensure core dumps are restricted – coredump.service
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – /etc/sysctl.conf, /etc/sysctl.d/*
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – limits.conf, limits.d/*
Details A core dump is the memory of an executable program. It is generally used to determine why a program...