GRC Store

Search / complytime/cis-fedora-l1-server / dev-20260527.0

Release · dev-20260527.0

complytime/cis-fedora-l1-server Control Catalog

complytime/cis-fedora-l1-server

Control catalog derived from the CIS Fedora Linux Level 1 Server Benchmark

Published by ComplyTime

Install

OCI v1.1
$grcli unpack --repository complytime/cis-fedora-l1-server --tag dev-20260527.0
Coordinate
oci.grc.store/complytime/cis-fedora-l1-server:dev-20260527.0
Manifest digest
sha256:e01206d0a037f87b3f94730a9074437560f01b880c0ec88d26acbb8b17fe1cf7

Provenance

1 layer
Digest Media type Size
afcb33e09ed4… application/vnd.gemara.artifact.v1+yaml 82.9 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "1.1.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "cis-fedora-l1-server",
            "type": "ControlCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "complytime/cis-fedora-l1-server",
            "tag": "dev-20260527.0"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/complytime-policies",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26525787099",
          "GITHUB_SHA": "b67938bd57574da7aed912bd45c918c36e9bdd02",
          "GITHUB_WORKFLOW": "Publish to grc.store",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "governance/catalogs/cis-fedora-l1-server-catalog.yaml",
            "uri": "file://governance/catalogs/cis-fedora-l1-server-catalog.yaml",
            "digest": {
              "sha256": "afcb33e09ed4d16e9e536d5b6edda69ab474dab18eba75cef1a6221195206dbb"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/complytime-policies@b67938bd57574da7aed912bd45c918c36e9bdd02",
            "digest": {
              "gitCommit": "b67938bd57574da7aed912bd45c918c36e9bdd02"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/complytime-policies/actions/runs/26525787099",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.1.2"
          }
        },
        "metadata": {
          "invocationId": "26525787099-1",
          "startedOn": "2026-05-27T16:55:48.968621089Z",
          "finishedOn": "2026-05-27T16:55:49.30845529Z"
        },
        "byproducts": [
          {
            "name": "cis-fedora-l1-server-catalog.yaml",
            "digest": {
              "sha256": "afcb33e09ed4d16e9e536d5b6edda69ab474dab18eba75cef1a6221195206dbb"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "cis-fedora-l1-server-catalog.yaml",
      "type": "ControlCatalog",
      "id": "cis-fedora-l1-server",
      "role": "artifact"
    }
  ]
}

CIS Fedora Linux - Level 1 Server

Control catalog derived from the CIS Fedora Linux Level 1 Server Benchmark

ID
cis-fedora-l1-server
Version
dev-20260527.0
Gemara version
1.1.0
Author
ComplyTime

Initial Setup

Filesystem, software updates, SELinux, boot, kernel, crypto, and banner configuration

  1. cis_fedora_1-1.1.1 Ensure Cramfs Kernel Module Is Not Available

    Objective

    Ensure Cramfs Kernel Module Is Not Available

    Assessment requirements

    1. Cramfs Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  2. cis_fedora_1-1.1.1.9 Ensure IEEE 1394 (FireWire) Kernel Module Is Not Available

    Objective

    Ensure IEEE 1394 (FireWire) Kernel Module Is Not Available

    Assessment requirements

    1. IEEE 1394 (FireWire) Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  3. cis_fedora_1-1.1.1.10 Ensure USB Storage Driver Is Not Available

    Objective

    Ensure USB Storage Driver Is Not Available

    Assessment requirements

    1. USB Storage Driver Is Not Available MUST be verified

      Applicability: fedora-linux

  4. cis_fedora_1-1.1.2 Ensure Freevxfs Kernel Module Is Not Available

    Objective

    Ensure Freevxfs Kernel Module Is Not Available

    Assessment requirements

    1. Freevxfs Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  5. cis_fedora_1-1.1.3 Ensure Hfs Kernel Module Is Not Available

    Objective

    Ensure Hfs Kernel Module Is Not Available

    Assessment requirements

    1. Hfs Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  6. cis_fedora_1-1.1.4 Ensure Hfsplus Kernel Module Is Not Available

    Objective

    Ensure Hfsplus Kernel Module Is Not Available

    Assessment requirements

    1. Hfsplus Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  7. cis_fedora_1-1.1.5 Ensure Jffs2 Kernel Module Is Not Available

    Objective

    Ensure Jffs2 Kernel Module Is Not Available

    Assessment requirements

    1. Jffs2 Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  8. cis_fedora_1-1.2.1.1 CIS Fedora 1 - 1.2.1.1

    Objective

    CIS Fedora 1 - 1.2.1.1

    Assessment requirements

    1. CIS Fedora 1 - 1.2.1.1 MUST be verified

      Applicability: fedora-linux

  9. cis_fedora_1-1.2.1.2 CIS Fedora 1 - 1.2.1.2

    Objective

    CIS Fedora 1 - 1.2.1.2

    Assessment requirements

    1. CIS Fedora 1 - 1.2.1.2 MUST be verified

      Applicability: fedora-linux

  10. cis_fedora_1-1.2.1.3 CIS Fedora 1 - 1.2.1.3

    Objective

    CIS Fedora 1 - 1.2.1.3

    Assessment requirements

    1. CIS Fedora 1 - 1.2.1.3 MUST be verified

      Applicability: fedora-linux

  11. cis_fedora_1-1.2.1.4 CIS Fedora 1 - 1.2.1.4

    Objective

    CIS Fedora 1 - 1.2.1.4

    Assessment requirements

    1. CIS Fedora 1 - 1.2.1.4 MUST be verified

      Applicability: fedora-linux

  12. cis_fedora_1-1.2.2.1 CIS Fedora 1 - 1.2.2.1

    Objective

    CIS Fedora 1 - 1.2.2.1

    Assessment requirements

    1. CIS Fedora 1 - 1.2.2.1 MUST be verified

      Applicability: fedora-linux

  13. cis_fedora_1-1.2.2.2 CIS Fedora 1 - 1.2.2.2

    Objective

    CIS Fedora 1 - 1.2.2.2

    Assessment requirements

    1. CIS Fedora 1 - 1.2.2.2 MUST be verified

      Applicability: fedora-linux

  14. cis_fedora_1-1.2.2.3 CIS Fedora 1 - 1.2.2.3

    Objective

    CIS Fedora 1 - 1.2.2.3

    Assessment requirements

    1. CIS Fedora 1 - 1.2.2.3 MUST be verified

      Applicability: fedora-linux

  15. cis_fedora_1-1.2.2.4 CIS Fedora 1 - 1.2.2.4

    Objective

    CIS Fedora 1 - 1.2.2.4

    Assessment requirements

    1. CIS Fedora 1 - 1.2.2.4 MUST be verified

      Applicability: fedora-linux

  16. cis_fedora_1-1.2.3.2 CIS Fedora 1 - 1.2.3.2

    Objective

    CIS Fedora 1 - 1.2.3.2

    Assessment requirements

    1. CIS Fedora 1 - 1.2.3.2 MUST be verified

      Applicability: fedora-linux

  17. cis_fedora_1-1.2.3.3 CIS Fedora 1 - 1.2.3.3

    Objective

    CIS Fedora 1 - 1.2.3.3

    Assessment requirements

    1. CIS Fedora 1 - 1.2.3.3 MUST be verified

      Applicability: fedora-linux

  18. cis_fedora_1-1.2.4.2 CIS Fedora 1 - 1.2.4.2

    Objective

    CIS Fedora 1 - 1.2.4.2

    Assessment requirements

    1. CIS Fedora 1 - 1.2.4.2 MUST be verified

      Applicability: fedora-linux

  19. cis_fedora_1-1.2.4.3 CIS Fedora 1 - 1.2.4.3

    Objective

    CIS Fedora 1 - 1.2.4.3

    Assessment requirements

    1. CIS Fedora 1 - 1.2.4.3 MUST be verified

      Applicability: fedora-linux

  20. cis_fedora_1-1.2.5.2 CIS Fedora 1 - 1.2.5.2

    Objective

    CIS Fedora 1 - 1.2.5.2

    Assessment requirements

    1. CIS Fedora 1 - 1.2.5.2 MUST be verified

      Applicability: fedora-linux

  21. cis_fedora_1-1.2.5.3 CIS Fedora 1 - 1.2.5.3

    Objective

    CIS Fedora 1 - 1.2.5.3

    Assessment requirements

    1. CIS Fedora 1 - 1.2.5.3 MUST be verified

      Applicability: fedora-linux

  22. cis_fedora_1-1.2.5.4 CIS Fedora 1 - 1.2.5.4

    Objective

    CIS Fedora 1 - 1.2.5.4

    Assessment requirements

    1. CIS Fedora 1 - 1.2.5.4 MUST be verified

      Applicability: fedora-linux

  23. cis_fedora_1-1.2.6.2 CIS Fedora 1 - 1.2.6.2

    Objective

    CIS Fedora 1 - 1.2.6.2

    Assessment requirements

    1. CIS Fedora 1 - 1.2.6.2 MUST be verified

      Applicability: fedora-linux

  24. cis_fedora_1-1.2.6.3 CIS Fedora 1 - 1.2.6.3

    Objective

    CIS Fedora 1 - 1.2.6.3

    Assessment requirements

    1. CIS Fedora 1 - 1.2.6.3 MUST be verified

      Applicability: fedora-linux

  25. cis_fedora_1-1.2.6.4 CIS Fedora 1 - 1.2.6.4

    Objective

    CIS Fedora 1 - 1.2.6.4

    Assessment requirements

    1. CIS Fedora 1 - 1.2.6.4 MUST be verified

      Applicability: fedora-linux

  26. cis_fedora_1-1.2.7.2 CIS Fedora 1 - 1.2.7.2

    Objective

    CIS Fedora 1 - 1.2.7.2

    Assessment requirements

    1. CIS Fedora 1 - 1.2.7.2 MUST be verified

      Applicability: fedora-linux

  27. cis_fedora_1-1.2.7.3 CIS Fedora 1 - 1.2.7.3

    Objective

    CIS Fedora 1 - 1.2.7.3

    Assessment requirements

    1. CIS Fedora 1 - 1.2.7.3 MUST be verified

      Applicability: fedora-linux

  28. cis_fedora_1-1.2.7.4 CIS Fedora 1 - 1.2.7.4

    Objective

    CIS Fedora 1 - 1.2.7.4

    Assessment requirements

    1. CIS Fedora 1 - 1.2.7.4 MUST be verified

      Applicability: fedora-linux

  29. cis_fedora_1-2.1.2 Ensure Gpgcheck Is Configured

    Objective

    Ensure Gpgcheck Is Configured

    Assessment requirements

    1. Gpgcheck Is Configured MUST be verified

      Applicability: fedora-linux

  30. cis_fedora_1-3.1.1 Ensure Selinux Is Installed

    Objective

    Ensure Selinux Is Installed

    Assessment requirements

    1. Selinux Is Installed MUST be verified

      Applicability: fedora-linux

  31. cis_fedora_1-3.1.2 Ensure Selinux Is Not Disabled In Bootloader Configuration

    Objective

    Ensure Selinux Is Not Disabled In Bootloader Configuration

    Assessment requirements

    1. Selinux Is Not Disabled In Bootloader Configuration MUST be verified

      Applicability: fedora-linux

  32. cis_fedora_1-3.1.3 Ensure Selinux Policy Is Configured

    Objective

    Ensure Selinux Policy Is Configured

    Assessment requirements

    1. Selinux Policy Is Configured MUST be verified

      Applicability: fedora-linux

  33. cis_fedora_1-3.1.4 Ensure The Selinux Mode Is Not Disabled

    Objective

    Ensure The Selinux Mode Is Not Disabled

    Assessment requirements

    1. The Selinux Mode Is Not Disabled MUST be verified

      Applicability: fedora-linux

  34. cis_fedora_1-3.1.6 Ensure The Setroubleshoot Package Is Not Installed

    Objective

    Ensure The Setroubleshoot Package Is Not Installed

    Assessment requirements

    1. The Setroubleshoot Package Is Not Installed MUST be verified

      Applicability: fedora-linux

  35. cis_fedora_1-3.1.7 Ensure The Mcs Translation Service (Mcstrans) Is Not Installed

    Objective

    Ensure The Mcs Translation Service (Mcstrans) Is Not Installed

    Assessment requirements

    1. The Mcs Translation Service (Mcstrans) Is Not Installed MUST be verified

      Applicability: fedora-linux

  36. cis_fedora_1-4.1 Ensure Bootloader Password Is Set

    Objective

    Ensure Bootloader Password Is Set

    Assessment requirements

    1. Bootloader Password Is Set MUST be verified

      Applicability: fedora-linux

  37. cis_fedora_1-5.1 Ensure Core File Size Is Configured

    Objective

    Ensure Core File Size Is Configured

    Assessment requirements

    1. Core File Size Is Configured MUST be verified

      Applicability: fedora-linux

  38. cis_fedora_1-5.2 Ensure Fs.Protected_Hardlinks Is Configured

    Objective

    Ensure Fs.Protected_Hardlinks Is Configured

    Assessment requirements

    1. Fs.Protected_Hardlinks Is Configured MUST be verified

      Applicability: fedora-linux

  39. cis_fedora_1-5.3 Ensure Fs.Protected_Symlinks Is Configured

    Objective

    Ensure Fs.Protected_Symlinks Is Configured

    Assessment requirements

    1. Fs.Protected_Symlinks Is Configured MUST be verified

      Applicability: fedora-linux

  40. cis_fedora_1-5.4 Ensure Fs.Suid_Dumpable Is Configured

    Objective

    Ensure Fs.Suid_Dumpable Is Configured

    Assessment requirements

    1. Fs.Suid_Dumpable Is Configured MUST be verified

      Applicability: fedora-linux

  41. cis_fedora_1-5.5 Ensure Kernel.Dmesg_Restrict Is Configured

    Objective

    Ensure Kernel.Dmesg_Restrict Is Configured

    Assessment requirements

    1. Kernel.Dmesg_Restrict Is Configured MUST be verified

      Applicability: fedora-linux

  42. cis_fedora_1-5.6 Ensure Kernel.Kptr_Restrict Is Configured

    Objective

    Ensure Kernel.Kptr_Restrict Is Configured

    Assessment requirements

    1. Kernel.Kptr_Restrict Is Configured MUST be verified

      Applicability: fedora-linux

  43. cis_fedora_1-5.7 Ensure Kernel.Yama.Ptrace_Scope Is Configured

    Objective

    Ensure Kernel.Yama.Ptrace_Scope Is Configured

    Assessment requirements

    1. Kernel.Yama.Ptrace_Scope Is Configured MUST be verified

      Applicability: fedora-linux

  44. cis_fedora_1-5.8 Ensure Kernel.Randomize_Va_Space Is Configured

    Objective

    Ensure Kernel.Randomize_Va_Space Is Configured

    Assessment requirements

    1. Kernel.Randomize_Va_Space Is Configured MUST be verified

      Applicability: fedora-linux

  45. cis_fedora_1-5.9 Ensure Systemd-Coredump Processsizemax Is Configured

    Objective

    Ensure Systemd-Coredump Processsizemax Is Configured

    Assessment requirements

    1. Systemd-Coredump Processsizemax Is Configured MUST be verified

      Applicability: fedora-linux

  46. cis_fedora_1-5.10 Ensure Systemd-Coredump Storage Is Configured

    Objective

    Ensure Systemd-Coredump Storage Is Configured

    Assessment requirements

    1. Systemd-Coredump Storage Is Configured MUST be verified

      Applicability: fedora-linux

  47. cis_fedora_1-6.2 Ensure System Wide Crypto Policy Disables Sha1 Hash And Signature Support

    Objective

    Ensure System Wide Crypto Policy Disables Sha1 Hash And Signature Support

    Assessment requirements

    1. System Wide Crypto Policy Disables Sha1 Hash And Signature Support MUST be verified

      Applicability: fedora-linux

  48. cis_fedora_1-6.3 Ensure System Wide Crypto Policy Macs Are Configured

    Objective

    Ensure System Wide Crypto Policy Macs Are Configured

    Assessment requirements

    1. System Wide Crypto Policy Macs Are Configured MUST be verified

      Applicability: fedora-linux

  49. cis_fedora_1-6.4 Ensure System Wide Crypto Policy Disables Cbc For Ssh

    Objective

    Ensure System Wide Crypto Policy Disables Cbc For Ssh

    Assessment requirements

    1. System Wide Crypto Policy Disables Cbc For Ssh MUST be verified

      Applicability: fedora-linux

  50. cis_fedora_1-7.1 Ensure /Etc/Motd Is Configured

    Objective

    Ensure /Etc/Motd Is Configured

    Assessment requirements

    1. /Etc/Motd Is Configured MUST be verified

      Applicability: fedora-linux

  51. cis_fedora_1-7.2 Ensure /Etc/Issue Is Configured

    Objective

    Ensure /Etc/Issue Is Configured

    Assessment requirements

    1. /Etc/Issue Is Configured MUST be verified

      Applicability: fedora-linux

  52. cis_fedora_1-7.3 Ensure /Etc/Issue.Net Is Configured

    Objective

    Ensure /Etc/Issue.Net Is Configured

    Assessment requirements

    1. /Etc/Issue.Net Is Configured MUST be verified

      Applicability: fedora-linux

  53. cis_fedora_1-7.4 Ensure Access To /Etc/Motd Is Configured

    Objective

    Ensure Access To /Etc/Motd Is Configured

    Assessment requirements

    1. Access To /Etc/Motd Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Motd Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Motd Is Configured MUST be verified

      Applicability: fedora-linux

  54. cis_fedora_1-7.5 Ensure Access To /Etc/Issue Is Configured

    Objective

    Ensure Access To /Etc/Issue Is Configured

    Assessment requirements

    1. Access To /Etc/Issue Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Issue Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Issue Is Configured MUST be verified

      Applicability: fedora-linux

  55. cis_fedora_1-7.6 Ensure Access To /Etc/Issue.Net Is Configured

    Objective

    Ensure Access To /Etc/Issue.Net Is Configured

    Assessment requirements

    1. Access To /Etc/Issue.Net Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Issue.Net Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Issue.Net Is Configured MUST be verified

      Applicability: fedora-linux

  56. cis_fedora_1-8.1 Ensure Gdm Login Banner Is Configured

    Objective

    Ensure Gdm Login Banner Is Configured

    Assessment requirements

    1. Gdm Login Banner Is Configured MUST be verified

      Applicability: fedora-linux

    2. Gdm Login Banner Is Configured MUST be verified

      Applicability: fedora-linux

  57. cis_fedora_1-8.2 Ensure Gdm Disable-User-List Is Configured

    Objective

    Ensure Gdm Disable-User-List Is Configured

    Assessment requirements

    1. Gdm Disable-User-List Is Configured MUST be verified

      Applicability: fedora-linux

  58. cis_fedora_1-8.3 Ensure Gdm Screen Lock Is Configured

    Objective

    Ensure Gdm Screen Lock Is Configured

    Assessment requirements

    1. Gdm Screen Lock Is Configured MUST be verified

      Applicability: fedora-linux

    2. Gdm Screen Lock Is Configured MUST be verified

      Applicability: fedora-linux

    3. Gdm Screen Lock Is Configured MUST be verified

      Applicability: fedora-linux

    4. Gdm Screen Lock Is Configured MUST be verified

      Applicability: fedora-linux

  59. cis_fedora_1-8.4 Ensure GDM Automount Is Disabled

    Objective

    Ensure GDM Automount Is Disabled

    Assessment requirements

    1. GDM Automount Is Disabled MUST be verified

      Applicability: fedora-linux

    2. GDM Automount Opening Is Disabled MUST be verified

      Applicability: fedora-linux

  60. cis_fedora_1-8.5 Ensure Gdm Autorun-Never Is Configured

    Objective

    Ensure Gdm Autorun-Never Is Configured

    Assessment requirements

    1. Gdm Autorun-Never Is Configured MUST be verified

      Applicability: fedora-linux

Services

Network services, client packages, and time synchronization configuration

  1. cis_fedora_2-1.1 Ensure Autofs Services Are Not In Use

    Objective

    Ensure Autofs Services Are Not In Use

    Assessment requirements

    1. Autofs Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  2. cis_fedora_2-1.2 Ensure Avahi Server Services Are Not In Use

    Objective

    Ensure Avahi Server Services Are Not In Use

    Assessment requirements

    1. Avahi Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  3. cis_fedora_2-1.3 Ensure Bluetooth Services Are Not In Use

    Objective

    Ensure Bluetooth Services Are Not In Use

    Assessment requirements

    1. Bluetooth Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  4. cis_fedora_2-1.4 Ensure Dhcp Server Services Are Not In Use

    Objective

    Ensure Dhcp Server Services Are Not In Use

    Assessment requirements

    1. Dhcp Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  5. cis_fedora_2-1.5 Ensure Dns Server Services Are Not In Use

    Objective

    Ensure Dns Server Services Are Not In Use

    Assessment requirements

    1. Dns Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  6. cis_fedora_2-1.6 Ensure Dnsmasq Services Are Not In Use

    Objective

    Ensure Dnsmasq Services Are Not In Use

    Assessment requirements

    1. Dnsmasq Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  7. cis_fedora_2-1.7 Ensure Ftp Server Services Are Not In Use

    Objective

    Ensure Ftp Server Services Are Not In Use

    Assessment requirements

    1. Ftp Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  8. cis_fedora_2-1.8 Ensure Message Access Server Services Are Not In Use

    Objective

    Ensure Message Access Server Services Are Not In Use

    Assessment requirements

    1. Message Access Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

    2. Message Access Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  9. cis_fedora_2-1.9 Ensure Network File System Services Are Not In Use

    Objective

    Ensure Network File System Services Are Not In Use

    Assessment requirements

    1. Network File System Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  10. cis_fedora_2-1.11 Ensure CUPS Services Are Not In Use

    Objective

    Ensure CUPS Services Are Not In Use

    Assessment requirements

    1. CUPS Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  11. cis_fedora_2-1.12 Ensure Rpcbind Services Are Not In Use

    Objective

    Ensure Rpcbind Services Are Not In Use

    Assessment requirements

    1. Rpcbind Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  12. cis_fedora_2-1.13 Ensure Rsync Services Are Not In Use

    Objective

    Ensure Rsync Services Are Not In Use

    Assessment requirements

    1. Rsync Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  13. cis_fedora_2-1.14 Ensure Samba File Server Services Are Not In Use

    Objective

    Ensure Samba File Server Services Are Not In Use

    Assessment requirements

    1. Samba File Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  14. cis_fedora_2-1.15 Ensure Snmp Services Are Not In Use

    Objective

    Ensure Snmp Services Are Not In Use

    Assessment requirements

    1. Snmp Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  15. cis_fedora_2-1.16 Ensure Telnet Server Services Are Not In Use

    Objective

    Ensure Telnet Server Services Are Not In Use

    Assessment requirements

    1. Telnet Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  16. cis_fedora_2-1.17 Ensure Tftp Server Services Are Not In Use

    Objective

    Ensure Tftp Server Services Are Not In Use

    Assessment requirements

    1. Tftp Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  17. cis_fedora_2-1.18 Ensure Web Proxy Server Services Are Not In Use

    Objective

    Ensure Web Proxy Server Services Are Not In Use

    Assessment requirements

    1. Web Proxy Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  18. cis_fedora_2-1.19 Ensure Web Server Services Are Not In Use

    Objective

    Ensure Web Server Services Are Not In Use

    Assessment requirements

    1. Web Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

    2. Web Server Services Are Not In Use MUST be verified

      Applicability: fedora-linux

  19. cis_fedora_2-1.23 Ensure Mail Transfer Agents Are Configured For Local-Only Mode

    Objective

    Ensure Mail Transfer Agents Are Configured For Local-Only Mode

    Assessment requirements

    1. Mail Transfer Agents Are Configured For Local-Only Mode MUST be verified

      Applicability: fedora-linux

    2. Mail Transfer Agents Are Configured For Local-Only Mode MUST be verified

      Applicability: fedora-linux

  20. cis_fedora_2-2.1 Ensure Ftp Client Is Not Installed

    Objective

    Ensure Ftp Client Is Not Installed

    Assessment requirements

    1. Ftp Client Is Not Installed MUST be verified

      Applicability: fedora-linux

  21. cis_fedora_2-2.4 Ensure Telnet Client Is Not Installed

    Objective

    Ensure Telnet Client Is Not Installed

    Assessment requirements

    1. Telnet Client Is Not Installed MUST be verified

      Applicability: fedora-linux

  22. cis_fedora_2-2.5 Ensure Tftp Client Is Not Installed

    Objective

    Ensure Tftp Client Is Not Installed

    Assessment requirements

    1. Tftp Client Is Not Installed MUST be verified

      Applicability: fedora-linux

  23. cis_fedora_2-3.2 Ensure Chrony Is Configured

    Objective

    Ensure Chrony Is Configured

    Assessment requirements

    1. Chrony Is Configured MUST be verified

      Applicability: fedora-linux

  24. cis_fedora_2-3.3 Ensure Chrony Is Not Run As The Root User

    Objective

    Ensure Chrony Is Not Run As The Root User

    Assessment requirements

    1. Chrony Is Not Run As The Root User MUST be verified

      Applicability: fedora-linux

  25. cis_fedora_2-4.1.1 Ensure Cron Daemon Is Enabled And Active

    Objective

    Ensure Cron Daemon Is Enabled And Active

    Assessment requirements

    1. Cron Daemon Is Enabled And Active MUST be verified

      Applicability: fedora-linux

    2. Cron Daemon Is Enabled And Active MUST be verified

      Applicability: fedora-linux

  26. cis_fedora_2-4.1.2 Ensure Access To /Etc/Crontab Is Configured

    Objective

    Ensure Access To /Etc/Crontab Is Configured

    Assessment requirements

    1. Access To /Etc/Crontab Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Crontab Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Crontab Is Configured MUST be verified

      Applicability: fedora-linux

  27. cis_fedora_2-4.1.3 Ensure Access To /Etc/Cron.Hourly Is Configured

    Objective

    Ensure Access To /Etc/Cron.Hourly Is Configured

    Assessment requirements

    1. Access To /Etc/Cron.Hourly Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Cron.Hourly Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Cron.Hourly Is Configured MUST be verified

      Applicability: fedora-linux

  28. cis_fedora_2-4.1.4 Ensure Access To /Etc/Cron.Daily Is Configured

    Objective

    Ensure Access To /Etc/Cron.Daily Is Configured

    Assessment requirements

    1. Access To /Etc/Cron.Daily Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Cron.Daily Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Cron.Daily Is Configured MUST be verified

      Applicability: fedora-linux

  29. cis_fedora_2-4.1.5 Ensure Access To /Etc/Cron.Weekly Is Configured

    Objective

    Ensure Access To /Etc/Cron.Weekly Is Configured

    Assessment requirements

    1. Access To /Etc/Cron.Weekly Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Cron.Weekly Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Cron.Weekly Is Configured MUST be verified

      Applicability: fedora-linux

  30. cis_fedora_2-4.1.6 Ensure Access To /Etc/Cron.Monthly Is Configured

    Objective

    Ensure Access To /Etc/Cron.Monthly Is Configured

    Assessment requirements

    1. Access To /Etc/Cron.Monthly Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Cron.Monthly Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Cron.Monthly Is Configured MUST be verified

      Applicability: fedora-linux

  31. cis_fedora_2-4.1.8 Ensure Access To /Etc/Cron.D Is Configured

    Objective

    Ensure Access To /Etc/Cron.D Is Configured

    Assessment requirements

    1. Access To /Etc/Cron.D Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Cron.D Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Cron.D Is Configured MUST be verified

      Applicability: fedora-linux

  32. cis_fedora_2-4.1.9 Ensure Access To Crontab Is Configured

    Objective

    Ensure Access To Crontab Is Configured

    Assessment requirements

    1. Access To Crontab Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To Crontab Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To Crontab Is Configured MUST be verified

      Applicability: fedora-linux

    4. Access To Crontab Is Configured MUST be verified

      Applicability: fedora-linux

    5. Access To Crontab Is Configured MUST be verified

      Applicability: fedora-linux

  33. cis_fedora_2-4.2.1 Ensure Access To At Is Configured

    Objective

    Ensure Access To At Is Configured

    Assessment requirements

    1. Access To At Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To At Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To At Is Configured MUST be verified

      Applicability: fedora-linux

    4. Access To At Is Configured MUST be verified

      Applicability: fedora-linux

Network Configuration

Kernel modules, IPv4, and IPv6 network stack configuration

  1. cis_fedora_3-1.2 Ensure Wireless Interfaces Are Disabled

    Objective

    Ensure Wireless Interfaces Are Disabled

    Assessment requirements

    1. Wireless Interfaces Are Disabled MUST be verified

      Applicability: fedora-linux

  2. cis_fedora_3-2.1 Ensure Atm Kernel Module Is Not Available

    Objective

    Ensure Atm Kernel Module Is Not Available

    Assessment requirements

    1. Atm Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  3. cis_fedora_3-2.2 Ensure Can Kernel Module Is Not Available

    Objective

    Ensure Can Kernel Module Is Not Available

    Assessment requirements

    1. Can Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  4. cis_fedora_3-2.3 Ensure Dccp Kernel Module Is Not Available

    Objective

    Ensure Dccp Kernel Module Is Not Available

    Assessment requirements

    1. Dccp Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  5. cis_fedora_3-2.4 Ensure Tipc Kernel Module Is Not Available

    Objective

    Ensure Tipc Kernel Module Is Not Available

    Assessment requirements

    1. Tipc Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  6. cis_fedora_3-2.5 Ensure Rds Kernel Module Is Not Available

    Objective

    Ensure Rds Kernel Module Is Not Available

    Assessment requirements

    1. Rds Kernel Module Is Not Available MUST be verified

      Applicability: fedora-linux

  7. cis_fedora_3-3.1.4 Ensure Net.Ipv4.Conf.All.Send_Redirects Is Configured

    Objective

    Ensure Net.Ipv4.Conf.All.Send_Redirects Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.All.Send_Redirects Is Configured MUST be verified

      Applicability: fedora-linux

  8. cis_fedora_3-3.1.5 Ensure Net.Ipv4.Conf.Default.Send_Redirects Is Configured

    Objective

    Ensure Net.Ipv4.Conf.Default.Send_Redirects Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.Default.Send_Redirects Is Configured MUST be verified

      Applicability: fedora-linux

  9. cis_fedora_3-3.1.6 Ensure Net.Ipv4.Icmp_Ignore_Bogus_Error_Responses Is Configured

    Objective

    Ensure Net.Ipv4.Icmp_Ignore_Bogus_Error_Responses Is Configured

    Assessment requirements

    1. Net.Ipv4.Icmp_Ignore_Bogus_Error_Responses Is Configured MUST be verified

      Applicability: fedora-linux

  10. cis_fedora_3-3.1.7 Ensure Net.Ipv4.Icmp_Echo_Ignore_Broadcasts Is Configured

    Objective

    Ensure Net.Ipv4.Icmp_Echo_Ignore_Broadcasts Is Configured

    Assessment requirements

    1. Net.Ipv4.Icmp_Echo_Ignore_Broadcasts Is Configured MUST be verified

      Applicability: fedora-linux

  11. cis_fedora_3-3.1.8 Ensure Net.Ipv4.Conf.All.Accept_Redirects Is Configured

    Objective

    Ensure Net.Ipv4.Conf.All.Accept_Redirects Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.All.Accept_Redirects Is Configured MUST be verified

      Applicability: fedora-linux

  12. cis_fedora_3-3.1.9 Ensure Net.Ipv4.Conf.Default.Accept_Redirects Is Configured

    Objective

    Ensure Net.Ipv4.Conf.Default.Accept_Redirects Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.Default.Accept_Redirects Is Configured MUST be verified

      Applicability: fedora-linux

  13. cis_fedora_3-3.1.10 Ensure Net.Ipv4.Conf.All.Secure_Redirects Is Configured

    Objective

    Ensure Net.Ipv4.Conf.All.Secure_Redirects Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.All.Secure_Redirects Is Configured MUST be verified

      Applicability: fedora-linux

  14. cis_fedora_3-3.1.11 Ensure Net.Ipv4.Conf.Default.Secure_Redirects Is Configured

    Objective

    Ensure Net.Ipv4.Conf.Default.Secure_Redirects Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.Default.Secure_Redirects Is Configured MUST be verified

      Applicability: fedora-linux

  15. cis_fedora_3-3.1.12 Ensure Net.Ipv4.Conf.All.Rp_Filter Is Configured

    Objective

    Ensure Net.Ipv4.Conf.All.Rp_Filter Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.All.Rp_Filter Is Configured MUST be verified

      Applicability: fedora-linux

  16. cis_fedora_3-3.1.13 Ensure Net.Ipv4.Conf.Default.Rp_Filter Is Configured

    Objective

    Ensure Net.Ipv4.Conf.Default.Rp_Filter Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.Default.Rp_Filter Is Configured MUST be verified

      Applicability: fedora-linux

  17. cis_fedora_3-3.1.14 Ensure Net.Ipv4.Conf.All.Accept_Source_Route Is Configured

    Objective

    Ensure Net.Ipv4.Conf.All.Accept_Source_Route Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.All.Accept_Source_Route Is Configured MUST be verified

      Applicability: fedora-linux

  18. cis_fedora_3-3.1.15 Ensure Net.Ipv4.Conf.Default.Accept_Source_Route Is Configured

    Objective

    Ensure Net.Ipv4.Conf.Default.Accept_Source_Route Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.Default.Accept_Source_Route Is Configured MUST be verified

      Applicability: fedora-linux

  19. cis_fedora_3-3.1.16 Ensure Net.Ipv4.Conf.All.Log_Martians Is Configured

    Objective

    Ensure Net.Ipv4.Conf.All.Log_Martians Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.All.Log_Martians Is Configured MUST be verified

      Applicability: fedora-linux

  20. cis_fedora_3-3.1.17 Ensure Net.Ipv4.Conf.Default.Log_Martians Is Configured

    Objective

    Ensure Net.Ipv4.Conf.Default.Log_Martians Is Configured

    Assessment requirements

    1. Net.Ipv4.Conf.Default.Log_Martians Is Configured MUST be verified

      Applicability: fedora-linux

  21. cis_fedora_3-3.1.18 Ensure Net.Ipv4.Tcp_Syncookies Is Configured

    Objective

    Ensure Net.Ipv4.Tcp_Syncookies Is Configured

    Assessment requirements

    1. Net.Ipv4.Tcp_Syncookies Is Configured MUST be verified

      Applicability: fedora-linux

  22. cis_fedora_3-3.2.1 Ensure Net.Ipv6.Conf.All.Forwarding Is Configured

    Objective

    Ensure Net.Ipv6.Conf.All.Forwarding Is Configured

    Assessment requirements

    1. Net.Ipv6.Conf.All.Forwarding Is Configured MUST be verified

      Applicability: fedora-linux

  23. cis_fedora_3-3.2.3 Ensure Net.Ipv6.Conf.All.Accept_Redirects Is Configured

    Objective

    Ensure Net.Ipv6.Conf.All.Accept_Redirects Is Configured

    Assessment requirements

    1. Net.Ipv6.Conf.All.Accept_Redirects Is Configured MUST be verified

      Applicability: fedora-linux

  24. cis_fedora_3-3.2.4 Ensure Net.Ipv6.Conf.Default.Accept_Redirects Is Configured

    Objective

    Ensure Net.Ipv6.Conf.Default.Accept_Redirects Is Configured

    Assessment requirements

    1. Net.Ipv6.Conf.Default.Accept_Redirects Is Configured MUST be verified

      Applicability: fedora-linux

  25. cis_fedora_3-3.2.5 Ensure Net.Ipv6.Conf.All.Accept_Source_Route Is Configured

    Objective

    Ensure Net.Ipv6.Conf.All.Accept_Source_Route Is Configured

    Assessment requirements

    1. Net.Ipv6.Conf.All.Accept_Source_Route Is Configured MUST be verified

      Applicability: fedora-linux

  26. cis_fedora_3-3.2.6 Ensure Net.Ipv6.Conf.Default.Accept_Source_Route Is Configured

    Objective

    Ensure Net.Ipv6.Conf.Default.Accept_Source_Route Is Configured

    Assessment requirements

    1. Net.Ipv6.Conf.Default.Accept_Source_Route Is Configured MUST be verified

      Applicability: fedora-linux

  27. cis_fedora_3-3.2.7 Ensure Net.Ipv6.Conf.All.Accept_Ra Is Configured

    Objective

    Ensure Net.Ipv6.Conf.All.Accept_Ra Is Configured

    Assessment requirements

    1. Net.Ipv6.Conf.All.Accept_Ra Is Configured MUST be verified

      Applicability: fedora-linux

  28. cis_fedora_3-3.2.8 Ensure Net.Ipv6.Conf.Default.Accept_Ra Is Configured

    Objective

    Ensure Net.Ipv6.Conf.Default.Accept_Ra Is Configured

    Assessment requirements

    1. Net.Ipv6.Conf.Default.Accept_Ra Is Configured MUST be verified

      Applicability: fedora-linux

Host-Based Firewall

Firewall package installation and traffic filtering configuration

  1. cis_fedora_4-1.1 Ensure Nftables Is Installed

    Objective

    Ensure Nftables Is Installed

    Assessment requirements

    1. Nftables Is Installed MUST be verified

      Applicability: fedora-linux

  2. cis_fedora_4-1.2 Ensure A Single Firewall Configuration Utility Is In Use

    Objective

    Ensure A Single Firewall Configuration Utility Is In Use

    Assessment requirements

    1. A Single Firewall Configuration Utility Is In Use MUST be verified

      Applicability: fedora-linux

    2. A Single Firewall Configuration Utility Is In Use MUST be verified

      Applicability: fedora-linux

    3. A Single Firewall Configuration Utility Is In Use MUST be verified

      Applicability: fedora-linux

  3. cis_fedora_4-2.2 Ensure Firewalld Loopback Traffic Is Configured

    Objective

    Ensure Firewalld Loopback Traffic Is Configured

    Assessment requirements

    1. Firewalld Loopback Traffic Is Configured MUST be verified

      Applicability: fedora-linux

    2. Firewalld Loopback Traffic Is Configured MUST be verified

      Applicability: fedora-linux

Access, Authentication, and Authorization

SSH, sudo, PAM, password, user account, and shell configuration

  1. cis_fedora_5-1.1 Ensure Access To /Etc/Ssh/Sshd_Config Is Configured

    Objective

    Ensure Access To /Etc/Ssh/Sshd_Config Is Configured

    Assessment requirements

    1. Access To /Etc/Ssh/Sshd_Config Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Ssh/Sshd_Config Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Ssh/Sshd_Config Is Configured MUST be verified

      Applicability: fedora-linux

  2. cis_fedora_5-1.2 Ensure Access To Ssh Private Host Key Files Is Configured

    Objective

    Ensure Access To Ssh Private Host Key Files Is Configured

    Assessment requirements

    1. Access To Ssh Private Host Key Files Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To Ssh Private Host Key Files Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To Ssh Private Host Key Files Is Configured MUST be verified

      Applicability: fedora-linux

  3. cis_fedora_5-1.3 Ensure Access To Ssh Public Host Key Files Is Configured

    Objective

    Ensure Access To Ssh Public Host Key Files Is Configured

    Assessment requirements

    1. Access To Ssh Public Host Key Files Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To Ssh Public Host Key Files Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To Ssh Public Host Key Files Is Configured MUST be verified

      Applicability: fedora-linux

  4. cis_fedora_5-1.4 Ensure Sshd Ciphers Are Configured

    Objective

    Ensure Sshd Ciphers Are Configured

    Assessment requirements

    1. Sshd Ciphers Are Configured MUST be verified

      Applicability: fedora-linux

  5. cis_fedora_5-1.5 Ensure Sshd Kexalgorithms Is Configured

    Objective

    Ensure Sshd Kexalgorithms Is Configured

    Assessment requirements

    1. Sshd Kexalgorithms Is Configured MUST be verified

      Applicability: fedora-linux

  6. cis_fedora_5-1.6 Ensure Sshd Macs Are Configured

    Objective

    Ensure Sshd Macs Are Configured

    Assessment requirements

    1. Sshd Macs Are Configured MUST be verified

      Applicability: fedora-linux

  7. cis_fedora_5-1.7 Ensure Sshd Access Is Configured

    Objective

    Ensure Sshd Access Is Configured

    Assessment requirements

    1. Sshd Access Is Configured MUST be verified

      Applicability: fedora-linux

  8. cis_fedora_5-1.8 Ensure Sshd Banner Is Configured

    Objective

    Ensure Sshd Banner Is Configured

    Assessment requirements

    1. Sshd Banner Is Configured MUST be verified

      Applicability: fedora-linux

  9. cis_fedora_5-1.9 Ensure Sshd Clientaliveinterval And Clientalivecountmax Are Configured

    Objective

    Ensure Sshd Clientaliveinterval And Clientalivecountmax Are Configured

    Assessment requirements

    1. Sshd Clientaliveinterval And Clientalivecountmax Are Configured MUST be verified

      Applicability: fedora-linux

    2. Sshd Clientaliveinterval And Clientalivecountmax Are Configured MUST be verified

      Applicability: fedora-linux

  10. cis_fedora_5-1.12 Ensure Sshd Hostbasedauthentication Is Disabled

    Objective

    Ensure Sshd Hostbasedauthentication Is Disabled

    Assessment requirements

    1. Sshd Hostbasedauthentication Is Disabled MUST be verified

      Applicability: fedora-linux

  11. cis_fedora_5-1.13 Ensure Sshd Ignorerhosts Is Enabled

    Objective

    Ensure Sshd Ignorerhosts Is Enabled

    Assessment requirements

    1. Sshd Ignorerhosts Is Enabled MUST be verified

      Applicability: fedora-linux

  12. cis_fedora_5-1.14 Ensure Sshd Logingracetime Is Configured

    Objective

    Ensure Sshd Logingracetime Is Configured

    Assessment requirements

    1. Sshd Logingracetime Is Configured MUST be verified

      Applicability: fedora-linux

  13. cis_fedora_5-1.15 Ensure Sshd Loglevel Is Configured

    Objective

    Ensure Sshd Loglevel Is Configured

    Assessment requirements

    1. Sshd Loglevel Is Configured MUST be verified

      Applicability: fedora-linux

  14. cis_fedora_5-1.16 Ensure Sshd Maxauthtries Is Configured

    Objective

    Ensure Sshd Maxauthtries Is Configured

    Assessment requirements

    1. Sshd Maxauthtries Is Configured MUST be verified

      Applicability: fedora-linux

  15. cis_fedora_5-1.17 Ensure Sshd Maxstartups Is Configured

    Objective

    Ensure Sshd Maxstartups Is Configured

    Assessment requirements

    1. Sshd Maxstartups Is Configured MUST be verified

      Applicability: fedora-linux

  16. cis_fedora_5-1.18 Ensure Sshd Maxsessions Is Configured

    Objective

    Ensure Sshd Maxsessions Is Configured

    Assessment requirements

    1. Sshd Maxsessions Is Configured MUST be verified

      Applicability: fedora-linux

  17. cis_fedora_5-1.19 Ensure Sshd Permitemptypasswords Is Disabled

    Objective

    Ensure Sshd Permitemptypasswords Is Disabled

    Assessment requirements

    1. Sshd Permitemptypasswords Is Disabled MUST be verified

      Applicability: fedora-linux

  18. cis_fedora_5-1.20 Ensure Sshd Permitrootlogin Is Disabled

    Objective

    Ensure Sshd Permitrootlogin Is Disabled

    Assessment requirements

    1. Sshd Permitrootlogin Is Disabled MUST be verified

      Applicability: fedora-linux

  19. cis_fedora_5-1.21 Ensure Sshd Permituserenvironment Is Disabled

    Objective

    Ensure Sshd Permituserenvironment Is Disabled

    Assessment requirements

    1. Sshd Permituserenvironment Is Disabled MUST be verified

      Applicability: fedora-linux

  20. cis_fedora_5-1.22 Ensure Sshd Usepam Is Enabled

    Objective

    Ensure Sshd Usepam Is Enabled

    Assessment requirements

    1. Sshd Usepam Is Enabled MUST be verified

      Applicability: fedora-linux

  21. cis_fedora_5-2.1 Ensure Sudo Is Installed

    Objective

    Ensure Sudo Is Installed

    Assessment requirements

    1. Sudo Is Installed MUST be verified

      Applicability: fedora-linux

  22. cis_fedora_5-2.2 Ensure Sudo Commands Use Pty

    Objective

    Ensure Sudo Commands Use Pty

    Assessment requirements

    1. Sudo Commands Use Pty MUST be verified

      Applicability: fedora-linux

  23. cis_fedora_5-2.3 Ensure Sudo Log File Exists

    Objective

    Ensure Sudo Log File Exists

    Assessment requirements

    1. Sudo Log File Exists MUST be verified

      Applicability: fedora-linux

  24. cis_fedora_5-2.5 Ensure Re-Authentication For Privilege Escalation Is Not Disabled Globally

    Objective

    Ensure Re-Authentication For Privilege Escalation Is Not Disabled Globally

    Assessment requirements

    1. Re-Authentication For Privilege Escalation Is Not Disabled Globally MUST be verified

      Applicability: fedora-linux

  25. cis_fedora_5-2.6 Ensure Sudo Timestamp_Timeout Is Configured

    Objective

    Ensure Sudo Timestamp_Timeout Is Configured

    Assessment requirements

    1. Sudo Timestamp_Timeout Is Configured MUST be verified

      Applicability: fedora-linux

  26. cis_fedora_5-2.7 Ensure Access To The Su Command Is Restricted

    Objective

    Ensure Access To The Su Command Is Restricted

    Assessment requirements

    1. Access To The Su Command Is Restricted MUST be verified

      Applicability: fedora-linux

    2. Access To The Su Command Is Restricted MUST be verified

      Applicability: fedora-linux

  27. cis_fedora_5-3.1.3 Ensure Latest Version Of Libpwquality Is Installed

    Objective

    Ensure Latest Version Of Libpwquality Is Installed

    Assessment requirements

    1. Latest Version Of Libpwquality Is Installed MUST be verified

      Applicability: fedora-linux

  28. cis_fedora_5-3.2.2 Ensure Pam_Faillock Module Is Enabled

    Objective

    Ensure Pam_Faillock Module Is Enabled

    Assessment requirements

    1. Pam_Faillock Module Is Enabled MUST be verified

      Applicability: fedora-linux

    2. Pam_Faillock Module Is Enabled MUST be verified

      Applicability: fedora-linux

  29. cis_fedora_5-3.2.3 Ensure Pam_Pwquality Module Is Enabled

    Objective

    Ensure Pam_Pwquality Module Is Enabled

    Assessment requirements

    1. Pam_Pwquality Module Is Enabled MUST be verified

      Applicability: fedora-linux

    2. Pam_Pwquality Module Is Enabled MUST be verified

      Applicability: fedora-linux

  30. cis_fedora_5-3.3.1.1 CIS Fedora 5 - 3.3.1.1

    Objective

    CIS Fedora 5 - 3.3.1.1

    Assessment requirements

    1. CIS Fedora 5 - 3.3.1.1 MUST be verified

      Applicability: fedora-linux

  31. cis_fedora_5-3.3.1.2 CIS Fedora 5 - 3.3.1.2

    Objective

    CIS Fedora 5 - 3.3.1.2

    Assessment requirements

    1. CIS Fedora 5 - 3.3.1.2 MUST be verified

      Applicability: fedora-linux

  32. cis_fedora_5-3.3.2.1 CIS Fedora 5 - 3.3.2.1

    Objective

    CIS Fedora 5 - 3.3.2.1

    Assessment requirements

    1. CIS Fedora 5 - 3.3.2.1 MUST be verified

      Applicability: fedora-linux

  33. cis_fedora_5-3.3.2.2 CIS Fedora 5 - 3.3.2.2

    Objective

    CIS Fedora 5 - 3.3.2.2

    Assessment requirements

    1. CIS Fedora 5 - 3.3.2.2 MUST be verified

      Applicability: fedora-linux

  34. cis_fedora_5-3.3.2.3 CIS Fedora 5 - 3.3.2.3

    Objective

    CIS Fedora 5 - 3.3.2.3

    Assessment requirements

    1. CIS Fedora 5 - 3.3.2.3 MUST be verified

      Applicability: fedora-linux

  35. cis_fedora_5-3.3.2.4 CIS Fedora 5 - 3.3.2.4

    Objective

    CIS Fedora 5 - 3.3.2.4

    Assessment requirements

    1. CIS Fedora 5 - 3.3.2.4 MUST be verified

      Applicability: fedora-linux

  36. cis_fedora_5-3.3.2.6 CIS Fedora 5 - 3.3.2.6

    Objective

    CIS Fedora 5 - 3.3.2.6

    Assessment requirements

    1. CIS Fedora 5 - 3.3.2.6 MUST be verified

      Applicability: fedora-linux

  37. cis_fedora_5-3.3.2.7 CIS Fedora 5 - 3.3.2.7

    Objective

    CIS Fedora 5 - 3.3.2.7

    Assessment requirements

    1. CIS Fedora 5 - 3.3.2.7 MUST be verified

      Applicability: fedora-linux

  38. cis_fedora_5-3.3.3.1 CIS Fedora 5 - 3.3.3.1

    Objective

    CIS Fedora 5 - 3.3.3.1

    Assessment requirements

    1. CIS Fedora 5 - 3.3.3.1 MUST be verified

      Applicability: fedora-linux

    2. CIS Fedora 5 - 3.3.3.1 MUST be verified

      Applicability: fedora-linux

  39. cis_fedora_5-3.3.4.1 CIS Fedora 5 - 3.3.4.1

    Objective

    CIS Fedora 5 - 3.3.4.1

    Assessment requirements

    1. CIS Fedora 5 - 3.3.4.1 MUST be verified

      Applicability: fedora-linux

  40. cis_fedora_5-3.3.4.3 CIS Fedora 5 - 3.3.4.3

    Objective

    CIS Fedora 5 - 3.3.4.3

    Assessment requirements

    1. CIS Fedora 5 - 3.3.4.3 MUST be verified

      Applicability: fedora-linux

    2. CIS Fedora 5 - 3.3.4.3 MUST be verified

      Applicability: fedora-linux

  41. cis_fedora_5-4.1.1 Ensure Password Expiration Is Configured

    Objective

    Ensure Password Expiration Is Configured

    Assessment requirements

    1. Password Expiration Is Configured MUST be verified

      Applicability: fedora-linux

    2. Password Expiration Is Configured MUST be verified

      Applicability: fedora-linux

  42. cis_fedora_5-4.1.3 Ensure Password Expiration Warning Days Is Configured

    Objective

    Ensure Password Expiration Warning Days Is Configured

    Assessment requirements

    1. Password Expiration Warning Days Is Configured MUST be verified

      Applicability: fedora-linux

    2. Password Expiration Warning Days Is Configured MUST be verified

      Applicability: fedora-linux

  43. cis_fedora_5-4.1.4 Ensure Strong Password Hashing Algorithm Is Configured

    Objective

    Ensure Strong Password Hashing Algorithm Is Configured

    Assessment requirements

    1. Strong Password Hashing Algorithm Is Configured MUST be verified

      Applicability: fedora-linux

  44. cis_fedora_5-4.1.5 Ensure Inactive Password Lock Is Configured

    Objective

    Ensure Inactive Password Lock Is Configured

    Assessment requirements

    1. Inactive Password Lock Is Configured MUST be verified

      Applicability: fedora-linux

    2. Inactive Password Lock Is Configured MUST be verified

      Applicability: fedora-linux

  45. cis_fedora_5-4.1.6 Ensure All Users Last Password Change Date Is In The Past

    Objective

    Ensure All Users Last Password Change Date Is In The Past

    Assessment requirements

    1. All Users Last Password Change Date Is In The Past MUST be verified

      Applicability: fedora-linux

  46. cis_fedora_5-4.2.1 Ensure Root Is The Only Uid 0 Account

    Objective

    Ensure Root Is The Only Uid 0 Account

    Assessment requirements

    1. Root Is The Only Uid 0 Account MUST be verified

      Applicability: fedora-linux

  47. cis_fedora_5-4.2.2 Ensure Root Is The Only Gid 0 Account

    Objective

    Ensure Root Is The Only Gid 0 Account

    Assessment requirements

    1. Root Is The Only Gid 0 Account MUST be verified

      Applicability: fedora-linux

  48. cis_fedora_5-4.2.4 Ensure Root Account Access Is Controlled

    Objective

    Ensure Root Account Access Is Controlled

    Assessment requirements

    1. Root Account Access Is Controlled MUST be verified

      Applicability: fedora-linux

  49. cis_fedora_5-4.2.5 Ensure Root Path Integrity

    Objective

    Ensure Root Path Integrity

    Assessment requirements

    1. Root Path Integrity MUST be verified

      Applicability: fedora-linux

    2. Root Path Integrity MUST be verified

      Applicability: fedora-linux

  50. cis_fedora_5-4.2.7 Ensure System Accounts Do Not Have A Valid Login Shell

    Objective

    Ensure System Accounts Do Not Have A Valid Login Shell

    Assessment requirements

    1. System Accounts Do Not Have A Valid Login Shell MUST be verified

      Applicability: fedora-linux

    2. System Accounts Do Not Have A Valid Login Shell MUST be verified

      Applicability: fedora-linux

  51. cis_fedora_5-4.3.2 Ensure Default User Shell Timeout Is Configured

    Objective

    Ensure Default User Shell Timeout Is Configured

    Assessment requirements

    1. Default User Shell Timeout Is Configured MUST be verified

      Applicability: fedora-linux

  52. cis_fedora_5-4.3.3 Ensure Default User Umask Is Configured

    Objective

    Ensure Default User Umask Is Configured

    Assessment requirements

    1. Default User Umask Is Configured MUST be verified

      Applicability: fedora-linux

    2. Default User Umask Is Configured MUST be verified

      Applicability: fedora-linux

    3. Default User Umask Is Configured MUST be verified

      Applicability: fedora-linux

Logging and Auditing

System logging, journald, and file integrity monitoring configuration

  1. cis_fedora_6-1.1 Ensure Aide Is Installed

    Objective

    Ensure Aide Is Installed

    Assessment requirements

    1. Aide Is Installed MUST be verified

      Applicability: fedora-linux

    2. Aide Is Installed MUST be verified

      Applicability: fedora-linux

  2. cis_fedora_6-1.2 Ensure Filesystem Integrity Is Regularly Checked

    Objective

    Ensure Filesystem Integrity Is Regularly Checked

    Assessment requirements

    1. Filesystem Integrity Is Regularly Checked MUST be verified

      Applicability: fedora-linux

  3. cis_fedora_6-1.3 Ensure Cryptographic Mechanisms Are Used To Protect The Integrity Of Audit Tools

    Objective

    Ensure Cryptographic Mechanisms Are Used To Protect The Integrity Of Audit Tools

    Assessment requirements

    1. Cryptographic Mechanisms Are Used To Protect The Integrity Of Audit Tools MUST be verified

      Applicability: fedora-linux

  4. cis_fedora_6-2.1.1 Ensure Journald Service Is Active

    Objective

    Ensure Journald Service Is Active

    Assessment requirements

    1. Journald Service Is Active MUST be verified

      Applicability: fedora-linux

  5. cis_fedora_6-2.2.1.1 CIS Fedora 6 - 2.2.1.1

    Objective

    CIS Fedora 6 - 2.2.1.1

    Assessment requirements

    1. CIS Fedora 6 - 2.2.1.1 MUST be verified

      Applicability: fedora-linux

  6. cis_fedora_6-2.2.1.4 CIS Fedora 6 - 2.2.1.4

    Objective

    CIS Fedora 6 - 2.2.1.4

    Assessment requirements

    1. CIS Fedora 6 - 2.2.1.4 MUST be verified

      Applicability: fedora-linux

  7. cis_fedora_6-2.2.3 Ensure Journald Compress Is Configured

    Objective

    Ensure Journald Compress Is Configured

    Assessment requirements

    1. Journald Compress Is Configured MUST be verified

      Applicability: fedora-linux

  8. cis_fedora_6-2.2.4 Ensure Journald Storage Is Configured

    Objective

    Ensure Journald Storage Is Configured

    Assessment requirements

    1. Journald Storage Is Configured MUST be verified

      Applicability: fedora-linux

  9. cis_fedora_6-2.6.1 Ensure Access To All Logfiles Has Been Configured

    Objective

    Ensure Access To All Logfiles Has Been Configured

    Assessment requirements

    1. Access To All Logfiles Has Been Configured MUST be verified

      Applicability: fedora-linux

    2. Access To All Logfiles Has Been Configured MUST be verified

      Applicability: fedora-linux

    3. Access To All Logfiles Has Been Configured MUST be verified

      Applicability: fedora-linux

System Maintenance

File permissions, user/group integrity, and home directory configuration

  1. cis_fedora_7-1.1 Ensure Access To /Etc/Passwd Is Configured

    Objective

    Ensure Access To /Etc/Passwd Is Configured

    Assessment requirements

    1. Access To /Etc/Passwd Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Passwd Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Passwd Is Configured MUST be verified

      Applicability: fedora-linux

  2. cis_fedora_7-1.2 Ensure Access To /Etc/Passwd- Is Configured

    Objective

    Ensure Access To /Etc/Passwd- Is Configured

    Assessment requirements

    1. Access To /Etc/Passwd- Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Passwd- Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Passwd- Is Configured MUST be verified

      Applicability: fedora-linux

  3. cis_fedora_7-1.3 Ensure Access To /Etc/Group Is Configured

    Objective

    Ensure Access To /Etc/Group Is Configured

    Assessment requirements

    1. Access To /Etc/Group Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Group Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Group Is Configured MUST be verified

      Applicability: fedora-linux

  4. cis_fedora_7-1.4 Ensure Access To /Etc/Group- Is Configured

    Objective

    Ensure Access To /Etc/Group- Is Configured

    Assessment requirements

    1. Access To /Etc/Group- Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Group- Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Group- Is Configured MUST be verified

      Applicability: fedora-linux

  5. cis_fedora_7-1.5 Ensure Access To /Etc/Shadow Is Configured

    Objective

    Ensure Access To /Etc/Shadow Is Configured

    Assessment requirements

    1. Access To /Etc/Shadow Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Shadow Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Shadow Is Configured MUST be verified

      Applicability: fedora-linux

  6. cis_fedora_7-1.6 Ensure Access To /Etc/Shadow- Is Configured

    Objective

    Ensure Access To /Etc/Shadow- Is Configured

    Assessment requirements

    1. Access To /Etc/Shadow- Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Shadow- Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Shadow- Is Configured MUST be verified

      Applicability: fedora-linux

  7. cis_fedora_7-1.7 Ensure Access To /Etc/Gshadow Is Configured

    Objective

    Ensure Access To /Etc/Gshadow Is Configured

    Assessment requirements

    1. Access To /Etc/Gshadow Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Gshadow Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Gshadow Is Configured MUST be verified

      Applicability: fedora-linux

  8. cis_fedora_7-1.8 Ensure Access To /Etc/Gshadow- Is Configured

    Objective

    Ensure Access To /Etc/Gshadow- Is Configured

    Assessment requirements

    1. Access To /Etc/Gshadow- Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Gshadow- Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Gshadow- Is Configured MUST be verified

      Applicability: fedora-linux

  9. cis_fedora_7-1.9 Ensure Access To /Etc/Shells Is Configured

    Objective

    Ensure Access To /Etc/Shells Is Configured

    Assessment requirements

    1. Access To /Etc/Shells Is Configured MUST be verified

      Applicability: fedora-linux

    2. Access To /Etc/Shells Is Configured MUST be verified

      Applicability: fedora-linux

    3. Access To /Etc/Shells Is Configured MUST be verified

      Applicability: fedora-linux

  10. cis_fedora_7-1.11 Ensure World Writable Files And Directories Are Secured

    Objective

    Ensure World Writable Files And Directories Are Secured

    Assessment requirements

    1. World Writable Files And Directories Are Secured MUST be verified

      Applicability: fedora-linux

    2. World Writable Files And Directories Are Secured MUST be verified

      Applicability: fedora-linux

  11. cis_fedora_7-2.1 Ensure Accounts In /Etc/Passwd Use Shadowed Passwords

    Objective

    Ensure Accounts In /Etc/Passwd Use Shadowed Passwords

    Assessment requirements

    1. Accounts In /Etc/Passwd Use Shadowed Passwords MUST be verified

      Applicability: fedora-linux

  12. cis_fedora_7-2.2 Ensure /Etc/Shadow Password Fields Are Not Empty

    Objective

    Ensure /Etc/Shadow Password Fields Are Not Empty

    Assessment requirements

    1. /Etc/Shadow Password Fields Are Not Empty MUST be verified

      Applicability: fedora-linux

  13. cis_fedora_7-2.3 Ensure All Groups In /Etc/Passwd Exist In /Etc/Group

    Objective

    Ensure All Groups In /Etc/Passwd Exist In /Etc/Group

    Assessment requirements

    1. All Groups In /Etc/Passwd Exist In /Etc/Group MUST be verified

      Applicability: fedora-linux

  14. cis_fedora_7-2.4 Ensure No Duplicate Uids Exist

    Objective

    Ensure No Duplicate Uids Exist

    Assessment requirements

    1. No Duplicate Uids Exist MUST be verified

      Applicability: fedora-linux

  15. cis_fedora_7-2.5 Ensure No Duplicate Gids Exist

    Objective

    Ensure No Duplicate Gids Exist

    Assessment requirements

    1. No Duplicate Gids Exist MUST be verified

      Applicability: fedora-linux

  16. cis_fedora_7-2.6 Ensure No Duplicate User Names Exist

    Objective

    Ensure No Duplicate User Names Exist

    Assessment requirements

    1. No Duplicate User Names Exist MUST be verified

      Applicability: fedora-linux

  17. cis_fedora_7-2.7 Ensure No Duplicate Group Names Exist

    Objective

    Ensure No Duplicate Group Names Exist

    Assessment requirements

    1. No Duplicate Group Names Exist MUST be verified

      Applicability: fedora-linux

  18. cis_fedora_7-2.8 Ensure Local Interactive User Home Directories Are Configured

    Objective

    Ensure Local Interactive User Home Directories Are Configured

    Assessment requirements

    1. Local Interactive User Home Directories Are Configured MUST be verified

      Applicability: fedora-linux

    2. Local Interactive User Home Directories Are Configured MUST be verified

      Applicability: fedora-linux

    3. Local Interactive User Home Directories Are Configured MUST be verified

      Applicability: fedora-linux

  19. cis_fedora_7-2.9 Ensure Local Interactive User Dot Files Access Is Configured

    Objective

    Ensure Local Interactive User Dot Files Access Is Configured

    Assessment requirements

    1. Local Interactive User Dot Files Access Is Configured MUST be verified

      Applicability: fedora-linux

    2. Local Interactive User Dot Files Access Is Configured MUST be verified

      Applicability: fedora-linux

    3. Local Interactive User Dot Files Access Is Configured MUST be verified

      Applicability: fedora-linux

    4. Local Interactive User Dot Files Access Is Configured MUST be verified

      Applicability: fedora-linux

    5. Local Interactive User Dot Files Access Is Configured MUST be verified

      Applicability: fedora-linux

Operations

Operational tasks required for configuration application

  1. reload_dconf_db Reload Dconf Database

    Objective

    Reload Dconf Database

    Assessment requirements

    1. The dconf database MUST be reloaded after configuration changes

      Applicability: fedora-linux