GRC Store

Search / complytime/cis-fedora-l1-guidance / dev-20260527

Release · dev-20260527

complytime/cis-fedora-l1-guidance Guidance Catalog

complytime/cis-fedora-l1-guidance

Guidance catalog for the CIS Fedora Linux Level 1 Benchmark. Provides rationale and context for each control family covering filesystem hardening, service minimization, network security, firewall configuration, access controls, logging, and system maintenance. Shared across Server and Workstation profiles.

Published by ComplyTime

Install

OCI v1.1
$grcli unpack --repository complytime/cis-fedora-l1-guidance --tag dev-20260527
Coordinate
oci.grc.store/complytime/cis-fedora-l1-guidance:dev-20260527
Manifest digest
sha256:54a7d0d064f573aa35c84d6c4cd6387834e36af3666cdd6aaa460fe798856b92

Provenance

1 layer
Digest Media type Size
562f9a56b334… application/vnd.gemara.artifact.v1+yaml 11.3 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "1.1.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "cis-fedora-l1-guidance",
            "type": "GuidanceCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "complytime/cis-fedora-l1-guidance",
            "tag": "dev-20260527"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/complytime-policies",
          "GITHUB_RUN_ATTEMPT": "2",
          "GITHUB_RUN_ID": "26524275168",
          "GITHUB_SHA": "35c30860a105d3c2572aade482dfdaa8a28312cc",
          "GITHUB_WORKFLOW": "Publish to grc.store",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "governance/guidance/cis-fedora-l1-guidance.yaml",
            "uri": "file://governance/guidance/cis-fedora-l1-guidance.yaml",
            "digest": {
              "sha256": "562f9a56b334cecd7d2f0145de4beb47675107865400f982142df9bb6f9bced0"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/complytime-policies@35c30860a105d3c2572aade482dfdaa8a28312cc",
            "digest": {
              "gitCommit": "35c30860a105d3c2572aade482dfdaa8a28312cc"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/complytime-policies/actions/runs/26524275168",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.1.2"
          }
        },
        "metadata": {
          "invocationId": "26524275168-2",
          "startedOn": "2026-05-27T16:29:37.894193433Z",
          "finishedOn": "2026-05-27T16:29:38.375627732Z"
        },
        "byproducts": [
          {
            "name": "cis-fedora-l1-guidance.yaml",
            "digest": {
              "sha256": "562f9a56b334cecd7d2f0145de4beb47675107865400f982142df9bb6f9bced0"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "cis-fedora-l1-guidance.yaml",
      "type": "GuidanceCatalog",
      "id": "cis-fedora-l1-guidance",
      "role": "artifact"
    }
  ]
}

CIS Fedora Linux - Level 1 Guidance

Guidance catalog for the CIS Fedora Linux Level 1 Benchmark. Provides rationale and context for each control family covering filesystem hardening, service minimization, network security, firewall configuration, access controls, logging, and system maintenance. Shared across Server and Workstation profiles.

ID
cis-fedora-l1-guidance
Type
Standard
Version
dev-20260527
Gemara version
1.1.0
Author
ComplyTime

Initial Setup

Filesystem, software updates, SELinux, boot, kernel, crypto, and banner configuration

  1. guidance-initial-setup CIS Fedora Server L1 - Initial Setup

    Objective

    Ensure foundational system hardening is applied before the system enters production

Services

Network services, client packages, and time synchronization configuration

  1. guidance-services CIS Fedora Server L1 - Services

    Objective

    Minimize the system attack surface by disabling or removing unnecessary network services and client packages

Network Configuration

Kernel modules, IPv4, and IPv6 network stack configuration

  1. guidance-network CIS Fedora Server L1 - Network Configuration

    Objective

    Harden network stack configuration to prevent common network-based attacks

Host-Based Firewall

Firewall package installation and traffic filtering configuration

  1. guidance-firewall CIS Fedora Server L1 - Host-Based Firewall

    Objective

    Ensure a properly configured host-based firewall limits network exposure

Access, Authentication, and Authorization

SSH, sudo, PAM, password, user account, and shell configuration

  1. guidance-access-auth CIS Fedora Server L1 - Access, Authentication, and Authorization

    Objective

    Enforce strong access controls to prevent unauthorized access and privilege escalation

Logging and Auditing

System logging, journald, and file integrity monitoring configuration

  1. guidance-logging CIS Fedora Server L1 - Logging and Auditing

    Objective

    Ensure comprehensive logging for incident detection and forensic analysis

System Maintenance

File permissions, user/group integrity, and home directory configuration

  1. guidance-maintenance CIS Fedora Server L1 - System Maintenance

    Objective

    Maintain proper file permissions and account hygiene to prevent privilege escalation

Operations

Operational tasks required for configuration application

  1. guidance-operations CIS Fedora Server L1 - Operations

    Objective

    Ensure operational tasks are completed after configuration changes