Ensure events that modify user/group information are collected – ‘/etc/passwd’
Details Unexpected changes to these files could be an indication that the system has been compromised and that an unauthorized...
- Home
- Security Hardening
- CIS Amazon Linux V2.1.0 L2
CIS Amazon Linux V2.1.0 L2
Ensure mounting of freevxfs filesystems is disabled
Details Removing support for unneeded filesystem types reduces the local attack surface of the system. If this filesystem type is...Ensure SELinux is installed
Details Without a Mandatory Access Control system installed only the default Discretionary Access Control system will be available. Solution Run...Ensure SELinux is not disabled in bootloader configuration – enforcing = 0
Details SELinux must be enabled at boot time in your grub configuration to ensure that the controls it provides are...Ensure SELinux is not disabled in bootloader configuration – selinux = 0
Details SELinux must be enabled at boot time in your grub configuration to ensure that the controls it provides are...Ensure SELinux policy is configured
Details Security configuration requirements vary from site to site. Some sites may mandate a policy that is stricter than the...Ensure separate partition exists for /home
Details If the system is intended to support local users, create a separate partition for the /home directory to protect...Ensure separate partition exists for /var/log
Details There are two important reasons to ensure that system logs are stored on a separate partition- protection against resource...Ensure separate partition exists for /var/log/audit
Details There are two important reasons to ensure that data gathered by auditd is stored on a separate partition- protection...Ensure separate partition exists for /var/tmp
Details Since the /var/tmp directory is intended to be world-writable, there is a risk of resource exhaustion if it is...