Ensure core dumps are restricted – sysctl
Details A core dump is the memory of an executable program. It is generally used to determine why a program...
- Home
- Security Hardening
- CIS CentOS 7 V3 1.2 Server L1
CIS CentOS 7 V3 1.2 Server L1
Ensure core dumps are restricted – sysctl.conf sysctl.d
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – systemd-coredump ProcessSizeMax
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – systemd-coredump Storage
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure /dev/shm is configured – fstab
Details /dev/shm is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted)...Ensure /dev/shm is configured – mount
Details /dev/shm is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted)...Ensure filesystem integrity is regularly checked
Details Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale: Periodic file checking allows...Ensure gpgcheck is globally activated
Details The gpgcheck option, found in the main section of the /etc/yum.conf and individual /etc/yum/repos.d/*.repo files determines if an RPM...Ensure GPG keys are configured
Details Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure...Ensure /home partition includes the nodev option
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the user partitions are not...