Ensure address space layout randomization (ASLR) is enabled
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...
- Home
- Security Hardening
- CIS Debian 9 Workstation L1 V1.0.1
CIS Debian 9 Workstation L1 V1.0.1
Ensure address space layout randomization (ASLR) is enabled – sysctl
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...Ensure AIDE is installed
Details AIDE takes a snapshot of filesystem state including modification times, permissions, and file hashes which can then be used...Ensure authentication required for single user mode
Details Single user mode is used for recovery when the system detects an issue during boot or by manual selection...Ensure bootloader password is set – password_pbkdf2
Details Setting the boot loader password will require that anyone rebooting the system must enter a password before being able...Ensure bootloader password is set – set superusers
Details Setting the boot loader password will require that anyone rebooting the system must enter a password before being able...Ensure core dumps are restricted – limits.conf limits.d
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – sysctl
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure filesystem integrity is regularly checked
Details Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Rationale: Periodic file checking allows...Ensure GDM login banner is configured – banner message enabled
Details GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Rationale: Warning messages inform users...