About
This profile is based on the pci dss standard and experience with the operating system. It is like standard profile, but with additional restrictions on password checks and two-factor authentication.
List Tasks
base : set resonable grub timeout
base : check for enabling auditing processing in grub
base : enable auditing for processes in grub
base : timezone selected
base : core packages protected
base : login system banner applyed
sudo : sudo w/o password
sudo : sudo always_set_home disabled
sudo : sudo keep HOME env
sshd : SSH non default pub keys location
sshd : SSH pub keys location exist
sshd : SSH pub keys installed
sshd : SSH root access disabled
sshd : SSH clear text passwords disabled
sshd : SSH Set ClientAliveInterval
sshd : SSH Set ClientAliveCountMax
sshd : SSH X11 forwarding disabled
sshd : SSH TCP forwarding disabled
sshd : SSH Login Banner set
sshd : SSH Set protocol v2
sshd : SSH Macs
sshd : SSH Ciphers
sshd : SSH UsePrivilegeSeparation
fim : aide protected
fim : aide installed
oscap : openscap-scanner protected
oscap : openscap-scanner installed
epel : epel-release protected
epel : epel-release installed
mfa : google-authenticator protected
mfa : google-authenticator installed
mfa : SSH syschk access overrided
mfa : SSH ChallengeResponseAuthentication set
mfa : SSH AuthenticationMethods set
mfa : PAM for MFA: sshd disable password-auth
mfa : PAM for MFA: sshd enable google authenticator
audit : std.rules applyed
audit : PrivCommandsAudit search for privileged commands
audit : PrivCommandsAudit search /etc/audit/rules.d for audit rule entries
audit : PrivCommandsAudit overwrites the rule in rules.d
audit : PrivCommandsAudit adds the rule in rules.d
audit : audit use audispd's syslog plugin
audit : auditd mail_acct action on low disk space
minimum packages installed