没有合适的资源?快使用搜索试试~ 我知道了~
首页CIS_CentOS_Linux_7_Benchmark_v3.1.1.pdf
资源详情
资源评论
资源推荐
CIS CentOS Linux 7 Benchmark
v3.1.1 - 05-21-2021
2 | P a g e
Table of Contents
Terms of Use ........................................................................................................................................................... 1
Overview ............................................................................................................................................................... 13
Intended Audience ........................................................................................................................................ 13
Consensus Guidance ..................................................................................................................................... 13
Assessment Status......................................................................................................................................... 14
Profile Definitions ......................................................................................................................................... 15
Acknowledgements ...................................................................................................................................... 16
Recommendations ............................................................................................................................................. 17
1 Initial Setup .................................................................................................................................................. 17
1.1 Filesystem Configuration ............................................................................................................... 18
1.1.1 Disable unused filesystems ................................................................................................... 19
1.1.1.1 Ensure mounting of cramfs filesystems is disabled (Automated) ................ 20
1.1.1.2 Ensure mounting of squashfs filesystems is disabled (Automated) ............. 22
1.1.1.3 Ensure mounting of udf filesystems is disabled (Automated) ........................ 24
1.1.2 Ensure /tmp is configured (Automated) .................................................................... 26
1.1.3 Ensure noexec option set on /tmp partition (Automated) .................................. 30
1.1.4 Ensure nodev option set on /tmp partition (Automated) ................................... 32
1.1.5 Ensure nosuid option set on /tmp partition (Automated) .................................. 34
1.1.6 Ensure /dev/shm is configured (Automated) .......................................................... 36
1.1.7 Ensure noexec option set on /dev/shm partition (Automated) ........................ 38
1.1.8 Ensure nodev option set on /dev/shm partition (Automated) ......................... 40
1.1.9 Ensure nosuid option set on /dev/shm partition (Automated) ........................ 42
1.1.10 Ensure separate partition exists for /var (Automated) ..................................... 44
1.1.11 Ensure separate partition exists for /var/tmp (Automated) ........................... 46
1.1.12 Ensure /var/tmp partition includes the noexec option (Automated) .......... 48
1.1.13 Ensure /var/tmp partition includes the nodev option (Automated) ........... 50
1.1.14 Ensure /var/tmp partition includes the nosuid option (Automated) .......... 52
1.1.15 Ensure separate partition exists for /var/log (Automated) ............................. 54
1.1.16 Ensure separate partition exists for /var/log/audit (Automated) ................ 56
3 | P a g e
1.1.17 Ensure separate partition exists for /home (Automated)................................. 58
1.1.18 Ensure /home partition includes the nodev option (Automated) ................. 60
1.1.19 Ensure removable media partitions include noexec option (Automated) .. 62
1.1.20 Ensure nodev option set on removable media partitions (Automated) ...... 64
1.1.21 Ensure nosuid option set on removable media partitions (Automated) ..... 66
1.1.22 Ensure sticky bit is set on all world-writable directories (Automated) ...... 68
1.1.23 Disable Automounting (Automated) ......................................................................... 70
1.1.24 Disable USB Storage (Automated) .............................................................................. 72
1.2 Configure Software Updates ......................................................................................................... 74
1.2.1 Ensure GPG keys are configured (Manual) ................................................................ 75
1.2.2 Ensure package manager repositories are configured (Manual) ...................... 77
1.2.3 Ensure gpgcheck is globally activated (Automated) .............................................. 79
1.3 Filesystem Integrity Checking ...................................................................................................... 81
1.3.1 Ensure AIDE is installed (Automated) ......................................................................... 82
1.3.2 Ensure filesystem integrity is regularly checked (Automated) ......................... 84
1.4 Secure Boot Settings ........................................................................................................................ 87
1.4.1 Ensure bootloader password is set (Automated) .................................................... 88
1.4.2 Ensure permissions on bootloader config are configured (Automated) ........ 92
1.4.3 Ensure authentication required for single user mode (Automated) ............... 95
1.5 Additional Process Hardening ..................................................................................................... 97
1.5.1 Ensure core dumps are restricted (Automated) ...................................................... 98
1.5.2 Ensure XD/NX support is enabled (Automated) ................................................... 100
1.5.3 Ensure address space layout randomization (ASLR) is enabled (Automated)
.............................................................................................................................................................. 102
1.5.4 Ensure prelink is not installed (Automated) ........................................................... 104
1.6 Mandatory Access Control ........................................................................................................... 106
1.6.1 Configure SELinux .................................................................................................................. 107
1.6.1.1 Ensure SELinux is installed (Automated) ............................................................. 108
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration (Automated)
.............................................................................................................................................................. 110
1.6.1.3 Ensure SELinux policy is configured (Automated) ........................................... 112
4 | P a g e
1.6.1.4 Ensure the SELinux mode is enforcing or permissive (Automated) .......... 114
1.6.1.5 Ensure the SELinux mode is enforcing (Automated) ....................................... 117
1.6.1.6 Ensure no unconfined services exist (Automated) ........................................... 119
1.6.1.7 Ensure SETroubleshoot is not installed (Automated) ..................................... 121
1.6.1.8 Ensure the MCS Translation Service (mcstrans) is not installed
(Automated) .................................................................................................................................... 123
1.7 Command Line Warning Banners ............................................................................................. 125
1.7.1 Ensure message of the day is configured properly (Automated) .................... 126
1.7.2 Ensure local login warning banner is configured properly (Automated) .... 128
1.7.3 Ensure remote login warning banner is configured properly (Automated)
.............................................................................................................................................................. 130
1.7.4 Ensure permissions on /etc/motd are configured (Automated) .................... 132
1.7.5 Ensure permissions on /etc/issue are configured (Automated) .................... 134
1.7.6 Ensure permissions on /etc/issue.net are configured (Automated) ............. 136
1.8 GNOME Display Manager ............................................................................................................. 138
1.8.1 Ensure GNOME Display Manager is removed (Manual) ..................................... 139
1.8.2 Ensure GDM login banner is configured (Automated) ........................................ 141
1.8.3 Ensure last logged in user display is disabled (Automated) ............................. 143
1.8.4 Ensure XDCMP is not enabled (Automated) ............................................................ 145
1.9 Ensure updates, patches, and additional security software are installed
(Manual) ........................................................................................................................................... 147
2 Services ........................................................................................................................................................ 149
2.1 inetd Services .................................................................................................................................... 150
2.1.1 Ensure xinetd is not installed (Automated) ............................................................. 151
2.2 Special Purpose Services .............................................................................................................. 153
2.2.1 Time Synchronization ........................................................................................................... 154
2.2.1.1 Ensure time synchronization is in use (Manual) ............................................... 155
2.2.1.2 Ensure chrony is configured (Automated) ........................................................... 157
2.2.1.3 Ensure ntp is configured (Automated) .................................................................. 159
2.2.2 Ensure X11 Server components are not installed (Automated) ...................... 162
2.2.3 Ensure Avahi Server is not installed (Automated) ............................................... 164
剩余624页未读,继续阅读
itachi-uchiha
- 粉丝: 428
- 资源: 51
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- zigbee-cluster-library-specification
- JSBSim Reference Manual
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0