Standard profile

Standard security profile

This profile is based on the pci dss standard and experience with the operating system. It is optimal for safety and ease of use (usability).

List Tasks
  base : set resonable grub timeout 
  base : check for enabling auditing processing in grub 
  base : enable auditing for processes in grub  
  base : timezone selected  
  base : core packages protected    
  base : login system banner applyed    
  sudo : sudo w/o password  
  sudo : sudo always_set_home disabled  
  sudo : sudo keep HOME env 
  sshd : SSH non default pub keys location  
  sshd : SSH pub keys location exist    
  sshd : SSH pub keys installed 
  sshd : SSH root access disabled   
  sshd : SSH clear text passwords disabled  
  sshd : SSH Set ClientAliveInterval    
  sshd : SSH Set ClientAliveCountMax    
  sshd : SSH X11 forwarding disabled    
  sshd : SSH TCP forwarding disabled    
  sshd : SSH Login Banner set   
  sshd : SSH Set protocol v2    
  sshd : SSH Macs   
  sshd : SSH Ciphers    
  sshd : SSH UsePrivilegeSeparation 
  fim : aide protected  
  fim : aide installed  
  oscap : openscap-scanner protected    
  oscap : openscap-scanner installed    
  audit : std.rules applyed 
  audit : PrivCommandsAudit search for privileged commands  
  audit : PrivCommandsAudit search /etc/audit/rules.d for audit rule entries    
  audit : PrivCommandsAudit overwrites the rule in rules.d  
  audit : PrivCommandsAudit adds the rule in rules.d    
  audit : audit use audispd's syslog plugin 
  audit : auditd mail_acct action on low disk space 
  minimum packages installed    

See also