About
This profile is based on the pci dss standard and experience with the operating system. It is optimal for safety and ease of use (usability).
List Tasks
base : set resonable grub timeout
base : check for enabling auditing processing in grub
base : enable auditing for processes in grub
base : timezone selected
base : core packages protected
base : login system banner applyed
sudo : sudo w/o password
sudo : sudo always_set_home disabled
sudo : sudo keep HOME env
sshd : SSH non default pub keys location
sshd : SSH pub keys location exist
sshd : SSH pub keys installed
sshd : SSH root access disabled
sshd : SSH clear text passwords disabled
sshd : SSH Set ClientAliveInterval
sshd : SSH Set ClientAliveCountMax
sshd : SSH X11 forwarding disabled
sshd : SSH TCP forwarding disabled
sshd : SSH Login Banner set
sshd : SSH Set protocol v2
sshd : SSH Macs
sshd : SSH Ciphers
sshd : SSH UsePrivilegeSeparation
fim : aide protected
fim : aide installed
oscap : openscap-scanner protected
oscap : openscap-scanner installed
audit : std.rules applyed
audit : PrivCommandsAudit search for privileged commands
audit : PrivCommandsAudit search /etc/audit/rules.d for audit rule entries
audit : PrivCommandsAudit overwrites the rule in rules.d
audit : PrivCommandsAudit adds the rule in rules.d
audit : audit use audispd's syslog plugin
audit : auditd mail_acct action on low disk space
minimum packages installed