Ensure permissions on bootloader config are configured
Details The grub configuration file contains information on boot settings and passwords for unlocking boot options. Notes: This recommendation is...
- Home
- Security Hardening
- CIS Debian Family Workstation L1 V1.0.0
CIS Debian Family Workstation L1 V1.0.0
Ensure prelink is disabled
Details prelink is a program that modifies ELF shared libraries and ELF dynamically linked binaries in such a way that...Ensure sticky bit is set on all world-writable directories
Details Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that...Ensure sudo commands use pty
Details sudo can be configured to run only from a pseudo-pty Note: visudo edits the sudoers file in a safe...Ensure sudo is installed
Details sudo allows a permitted user to execute a command as the superuser or another user, as specified by the...Ensure sudo log file exists
Details sudo can use a custom log file. Note: visudo edits the sudoers file in a safe fashion, analogous to...Ensure /tmp is configured – systemctl
Details The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Notes: If...Ensure /tmp is configured – mount
Details The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Notes: If...Ensure XD/NX support is enabled
Details Recent processors in the x86 family support the ability to prevent code execution on a per memory page basis....