Ensure core dumps are restricted – systemd-coredump Storage
Details A core dump is the memory of an executable program. It is generally used to determine why a program...
- Home
- Security Hardening
- CIS CentOS 7 V3 1.2 Workstation L1
CIS CentOS 7 V3 1.2 Workstation L1
Ensure /dev/shm is configured – fstab
Details /dev/shm is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted)...Ensure /dev/shm is configured – mount
Details /dev/shm is a traditional shared memory concept. One program will create a memory portion, which other processes (if permitted)...Ensure filesystem integrity is regularly checked
Details Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale: Periodic file checking allows...Ensure gpgcheck is globally activated
Details The gpgcheck option, found in the main section of the /etc/yum.conf and individual /etc/yum/repos.d/*.repo files determines if an RPM...Ensure GPG keys are configured
Details Most packages managers implement GPG key signing to verify package integrity during installation. Rationale: It is important to ensure...Ensure /home partition includes the nodev option
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the user partitions are not...Ensure message of the day is configured properly – banner text
Details The contents of the /etc/motd file are displayed to users after login and function as a message of the...Ensure message of the day is configured properly – mrsv
Details The contents of the /etc/motd file are displayed to users after login and function as a message of the...Ensure mounting of cramfs filesystems is disabled – lsmod
Details The cramfs filesystem type is a compressed read-only Linux filesystem embedded in small footprint systems. A cramfs image can...