Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CIS Debian 11 Refinement #499

Closed
svenschrader opened this issue Dec 19, 2023 · 2 comments
Closed

CIS Debian 11 Refinement #499

svenschrader opened this issue Dec 19, 2023 · 2 comments
Assignees
@svenschrader
Labels
critical This needs to be fixed asap patch Includes bug fixes, focusing on enhancing stability.
Milestone
5.8.0

Comments

@svenschrader
Copy link
Collaborator

Some issues with the CIS Debian 11 Audit Group.
@svenschrader svenschrader self-assigned this Dec 19, 2023
@svenschrader svenschrader added critical This needs to be fixed asap minor Incremental updates and enhancements for improved functionality without major changes. labels Jan 9, 2024
@svenschrader svenschrader added this to the 5.7.2 milestone Jan 9, 2024
@svenschrader
Copy link
Collaborator Author

svenschrader commented Jan 9, 2024
edited
Loading

The following settings have been corrected.

The following settings have been corrected that may return non-compliant on hardened systems.

For most settings, package detection has been altered
"time server" settings that search for chrony or ntp are changed to be valid for one solution (if chrony is installed, ntp is ignored and vice versa)
firewall settings are also treated exclusive, i.e. if ufw is used, nftables-settings are ignored

  • 1.4.3 Ensure authentication required for single user mode
  • 1.8.1 Ensure GNOME Display Manager is removed
  • 2.1.2.2 Ensure chrony is running as user chrony
  • 2.1.2.3 Ensure chrony is enabled and running
  • 2.1.3.1 Ensure systemd-timesyncd configured with authorized timeserver
  • 2.1.4.1 Ensure ntp access control is configured
  • 2.1.4.2 Ensure ntp is configured with authorized timeserver
  • 2.1.4.3 Ensure ntp is running as user ntp
  • 2.1.4.4 Ensure ntp is enabled and running
  • 2.2.2 Ensure Avahi Server is not installed
  • 2.2.3 Ensure CUPS is not installed
  • 2.2.5 Ensure LDAP server is not installed
  • 2.2.6 Ensure NFS is not installed
  • 2.2.9 Ensure HTTP server is not installed
  • 2.2.11 Ensure Samba is not installed
  • 2.2.14 Ensure NIS server is not installed
  • 2.3.2 Ensure rsh client is not installed
  • 2.4.4 Ensure talk client is not installed
  • 3.5.2.4 Ensure a nftables table exists
  • 3.5.2.9 Ensure a nftables service is enabled
  • 3.5.3.1.1 Ensure iptables packages are installed
  • 5.2.12 Ensure SSH X11 forwarding is disabled
  • 5.2.20 Ensure SSH MaxSessions is set to 10 or less

@TuemmlerKelch TuemmlerKelch added patch Includes bug fixes, focusing on enhancing stability. and removed minor Incremental updates and enhancements for improved functionality without major changes. labels Jan 9, 2024
@SteffenWinternheimer
Copy link
Collaborator

Refinement has been checked and merged to approve.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@svenschrader svenschrader

Labels
critical This needs to be fixed asap patch Includes bug fixes, focusing on enhancing stability.
Projects
None yet
Milestone
5.8.0
Development

No branches or pull requests
3 participants
@svenschrader @SteffenWinternheimer @TuemmlerKelch