Disable IPv6
Details Although IPv6 has many advantages over IPv4, not all organizations have IPv6 or dual stack configurations implemented. Rationale: If...
- Home
- Security Hardening
- CIS CentOS 7 V3 1.2 Server L2
CIS CentOS 7 V3 1.2 Server L2
Ensure audit_backlog_limit is sufficient
Details The backlog limit has a default setting of 64 Rationale: During boot if audit=1, then the backlog will hold...Ensure auditd is installed – audit
Details auditd is the userspace component to the Linux Auditing System. It’s responsible for writing audit records to the disk...Ensure auditd is installed – audit-libs
Details auditd is the userspace component to the Linux Auditing System. It’s responsible for writing audit records to the disk...Ensure auditd service is enabled and running – enabled
Details Turn on the auditd daemon to record system events. Rationale: The capturing of system events provides system administrators with...Ensure auditd service is enabled and running – running
Details Turn on the auditd daemon to record system events. Rationale: The capturing of system events provides system administrators with...Ensure auditing for processes that start prior to auditd is enabled
Details Configure grub so that processes that are capable of being audited can be audited even if they start up...Ensure audit log storage size is configured
Details Configure the maximum size of the audit log file. Once the log reaches the maximum size, it will be...Ensure DCCP is disabled – lsmod
Details The Datagram Congestion Control Protocol (DCCP) is a transport layer protocol that supports streaming media and telephony. DCCP provides...Ensure events that modify date and time information are collected – adjtimex (32-bit)
Details Capture events where the system date and/or time has been modified. The parameters in this section are set to...