Ensure core dumps are restricted – sysctl
Details A core dump is the memory of an executable program. It is generally used to determine why a program...
- Home
- Security Hardening
- CIS Amazon Linux 2 V2.0.0 L1
CIS Amazon Linux 2 V2.0.0 L1
Ensure /dev/shm is configured – fstab
Details /dev/shm is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted)...Ensure /dev/shm is configured – mount
Details /dev/shm is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted)...Ensure filesystem integrity is regularly checked
Details Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale: Periodic file checking allows...Ensure gpgcheck is globally activated
Details The gpgcheck option, found in the main section of the /etc/yum.conf and individual /etc/yum/repos.d/*.repo files determines if an RPM...Ensure GPG keys are configured
Details Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure...Ensure /home partition includes the nodev option
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the user partitions are not...Ensure mounting of cramfs filesystems is disabled – lsmod
Details The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can...Ensure mounting of cramfs filesystems is disabled – modprobe
Details The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can...Ensure mounting of udf filesystems is disabled – lsmod
Details The udf filesystem type is the universal disk format used to implement ISO/IEC 13346 and ECMA-167 specifications. This is...