Disable Automounting
Details With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available...
- Home
- Security Hardening
- CIS Amazon Linux V2.1.0 L1
CIS Amazon Linux V2.1.0 L1
Ensure address space layout randomization (ASLR) is enabled – /etc/sysctl.conf, /etc/sysctl.d/*
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...Ensure address space layout randomization (ASLR) is enabled – sysctl
Details Randomly placing virtual memory regions will make it difficult to write memory page exploits as the memory placement will...Ensure AIDE is installed
Details By monitoring the filesystem state compromised files can be detected to prevent or limit the exposure of accidental or...Ensure authentication required for single user mode
Details Requiring authentication in single user mode prevents an unauthorized user from rebooting the system into single user to gain...Ensure core dumps are restricted – /etc/sysctl.conf, /etc/sysctl.d/*
Details Setting a hard limit on core dumps prevents users from overriding the soft variable. If core dumps are required,...Ensure core dumps are restricted – limits.conf, limits.d/*
Details Setting a hard limit on core dumps prevents users from overriding the soft variable. If core dumps are required,...Ensure core dumps are restricted – sysctl
Details Setting a hard limit on core dumps prevents users from overriding the soft variable. If core dumps are required,...Ensure filesystem integrity is regularly checked
Details Periodic file checking allows the system administrator to determine on a regular basis if critical files have been changed...Ensure gpgcheck is globally activated
Details It is important to ensure that an RPM’s package signature is always checked prior to installation to ensure that...