Ensure address space layout randomization (ASLR) is enabled – /etc/sysctl.conf, /etc/sysctl.d/*
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...
- Home
- Security Hardening
- CIS CentOS 6 Workstation L1 V3.0.0
CIS CentOS 6 Workstation L1 V3.0.0
Ensure address space layout randomization (ASLR) is enabled – sysctl
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...Ensure AIDE is installed
Details AIDE takes a snapshot of filesystem state including modification times, permissions, and file hashes which can then be used...Ensure authentication required for single user mode – rescue.service
Details Single user mode is used for recovery when the system detects an issue during boot or by manual selection...Ensure bootloader password is set
Details Setting the boot loader password will require that anyone rebooting the system must enter a password before being able...Ensure core dumps are restricted – limits.conf, limits.d/*
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – sysctl
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure filesystem integrity is regularly checked
Details Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale: Periodic file checking allows...Ensure gpgcheck is globally activated
Details The gpgcheck option, found in the main section of the /etc/yum.conf and individual /etc/yum/repos.d/* files determines if an RPM...Ensure GPG keys are configured
Details Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure...