Ensure SELinux policy is configured – sestatus
Details Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only. Note: If...
- Home
- Security Hardening
- CIS CentOS 7 V3 1.2 Workstation L1
CIS CentOS 7 V3 1.2 Workstation L1
Ensure sticky bit is set on all world-writable directories
Details Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that...Ensure the MCS Translation Service (mcstrans) is not installed
Details The mcstransd daemon provides category label information to client processes requesting information. The label translations are defined in /etc/selinux/targeted/setrans.conf...Ensure the SELinux mode is enforcing or permissive – /etc/selinux/config
Details SELinux can run in one of three modes: disabled, permissive, or enforcing: Enforcing – Is the default, and recommended,...Ensure the SELinux mode is enforcing or permissive – getenforce
Details SELinux can run in one of three modes: disabled, permissive, or enforcing: Enforcing – Is the default, and recommended,...Ensure /tmp is configured
Details The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Rationale: Making...Ensure /var/tmp partition includes the nodev option
Details The nodev mount option specifies that the filesystem cannot contain special devices. Rationale: Since the /var/tmp filesystem is not...Ensure /var/tmp partition includes the noexec option
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Since the /var/tmp filesystem is only...Ensure /var/tmp partition includes the nosuid option
Details The nosuid mount option specifies that the filesystem cannot contain setuid files. Rationale: Since the /var/tmp filesystem is only...Ensure XD/NX support is enabled
Details Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis....