Ensure package manager repositories are configured
Details Systems need to have package manager repositories configured to ensure they receive the latest patches and updates. Rationale: If...
- Home
- Security Hardening
- CIS Oracle Linux 7 Workstation L1 V3.1.1
CIS Oracle Linux 7 Workstation L1 V3.1.1
Ensure permissions on bootloader config are configured – grub.cfg
Details The grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub2 configuration is...Ensure permissions on bootloader config are configured – user.cfg
Details The grub configuration file contains information on boot settings and passwords for unlocking boot options. The grub2 configuration is...Ensure prelink is not installed
Details prelink is a program that modifies ELF shared libraries and ELF dynamically linked binaries in such a way that...Ensure removable media partitions include noexec option
Details The noexec mount option specifies that the filesystem cannot contain executable binaries. Rationale: Setting this option on a file...Ensure SELinux is installed
Details SELinux provides Mandatory Access Control. Rationale: Without a Mandatory Access Control system installed only the default Discretionary Access Control...Ensure SELinux is not disabled in bootloader configuration
Details Configure SELINUX to be enabled at boot time and verify that it has not been overwritten by the grub...Ensure SELinux policy is configured – /etc/selinux/config
Details Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only. Note: If...Ensure SELinux policy is configured – sestatus
Details Configure SELinux to meet or exceed the default targeted policy, which constrains daemons and system software only. Note: If...Ensure sticky bit is set on all world-writable directories
Details Setting the sticky bit on world writable directories prevents users from deleting or renaming files in that directory that...