Ensure nosuid option set on /tmp partition
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /tmp filesystem is only...
- Home
- Security Hardening
- CIS CentOS 7 V3 1.2 Workstation L1
CIS CentOS 7 V3 1.2 Workstation L1
Ensure no unconfined services exist
Details Unconfined processes run in unconfined domains Note: Occasionally certain daemons such as backup or centralized management software may require...Ensure package manager repositories are configured
Details Systems need to have package manager repositories configured to ensure they receive the latest patches and updates. Rationale: If...Ensure permissions on bootloader config are configured – grub.cfg
Details The grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub2 configuration is...Ensure permissions on bootloader config are configured – user.cfg
Details The grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub2 configuration is...Ensure prelink is not installed
Details prelink is a program that modifies ELF shared libraries and ELF dynamically linked binaries in such a way that...Ensure removable media partitions include noexec option
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Setting this option on a file...Ensure SELinux is installed
Details SELinux provides Mandatory Access Control. Rationale: Without a Mandatory Access Control system installed only the default Discretionary Access Control...Ensure SELinux is not disabled in bootloader configuration
Details Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub...Ensure SELinux policy is configured – /etc/selinux/config
Details Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only. Note: If...