Ensure address space layout randomization (ASLR) is enabled – sysctl
Details Address space layout randomization (ASLR) is an exploit mitigation technique which randomly arranges the address space of key data...
- Home
- Security Hardening
- CIS Fedora 28 Family Linux Workstation L1 V1.0.0
CIS Fedora 28 Family Linux Workstation L1 V1.0.0
Ensure AIDE is installed
Details AIDE takes a snapshot of filesystem state including modification times, permissions, and file hashes which can then be used...Ensure authentication required for single user mode – /usr/lib/systemd/system/emergency.service
Details Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by...Ensure authentication required for single user mode – /usr/lib/systemd/system/rescue.service
Details Single user mode (rescue mode) is used for recovery when the system detects an issue during boot or by...Ensure bootloader password is set
Details Setting the boot loader password will require that anyone rebooting the system must enter a password before being able...Ensure core dumps are restricted – /etc/security/limits.d/*
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – /etc/sysctl.d/*
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure core dumps are restricted – sysctl
Details A core dump is the memory of an executable program. It is generally used to determine why a program...Ensure filesystem integrity is regularly checked
Details Periodic checking of the filesystem integrity is needed to detect changes to the filesystem. Periodic file checking allows the...Ensure GDM login banner is configured – banner message enabled
Details GDM is the GNOME Display Manager which handles graphical login for GNOME based systems. Warning messages inform users who...