CIS Level 1 benchmark for
1.3.7 Disable other standard boot services
1.3.8 Only enable
1.3.9 Only enable
1.3.10 Only enable NFS server processes
1.3.11 Only enable NFS client processes
1.3.12 Only enable
1.3.13 Only enable Web server
1.3.14 Only enable BIND DNS server
1.4Kernel Tuning
1.4.1 Enable stack protection
1.4.2 Network parameter modifications
1.4.3 Use better TCP sequence numbers
1.4.4 Additional network parameter modifications
1.5File/Directory Permissions/Access
1.5.1 Set Sticky Bit on World Writable Directories | Not Scorable | |
| Find unauthorized |
|
1.5.2 | executables | Not Scorable |
|
|
|
1.5.3 | Find 'unowned' files and directories | AccountSecurity.unowned_files |
1.6System Access, Authentication, and Authorization
1.6.1 | Enable Hidden Passwords | AccountSecurity.hidepasswords |
1.6.2 | Restrict users who can access to FTP | FTP.ftpusers |
|
|
|
1.6.3 | Prevent Syslog from accepting messages from the network | MiscellaneousDaemons.syslog_localonly |
|
|
|
1.6.4 | Disable XDMCP port | MiscellaneousDaemons.xaccess |
|
|
|
1.6.5 | Set | HP_UX.screensaver_timeout |
|
|
|
1.6.6 | Configure IPFilter to allow only select communication | Not Scorable |
|
|
|
1.6.7 | Restrict at/cron to authorized users | AccountSecurity.cronuser |
|
| AccountSecurity.atuser |
|
|
|
1.6.8 | Restrict crontab file permissions | AccountSecurity.crontabs_file |
|
|
|
1.6.9 | Restrict root logins to system console | AccountSecurity.create_securetty |
|
|
|
1.6.10 | Set retry limit for account lockout | AccountSecurity.AUTH_MAXTRIES |
|
|
|
1.6.11 | Disable 'nobody' access for secure RPC | MiscellaneousDaemons.nobody_secure_rpc |
|
|
|
1.7 | Logging |
|
68 CIS mapping to