High profile
High security profile
About This profile is based on the pci dss standard and experience with the operating system. It is like standard profile, but with additional restrictions on password checks and two-factor authentication.
List Tasks base : set resonable grub timeout base : check for enabling auditing processing in grub base : enable auditing for processes in grub base : timezone selected base : core packages protected base : login system banner applyed sudo : sudo w/o password sudo : sudo always_set_home disabled sudo : sudo keep HOME env sshd : SSH non default pub keys location sshd : SSH pub keys location exist sshd : SSH pub keys installed sshd : SSH root access disabled sshd : SSH clear text passwords disabled sshd : SSH Set ClientAliveInterval sshd : SSH Set ClientAliveCountMax sshd : SSH X11 forwarding disabled sshd : SSH TCP forwarding disabled sshd : SSH Login Banner set sshd : SSH Set protocol v2 sshd : SSH Macs sshd : SSH Ciphers sshd : SSH UsePrivilegeSeparation fim : aide protected fim : aide installed oscap : openscap-scanner protected oscap : openscap-scanner installed epel : epel-release protected epel : epel-release installed mfa : google-authenticator protected mfa : google-authenticator installed mfa : SSH syschk access overrided mfa : SSH ChallengeResponseAuthentication set mfa : SSH AuthenticationMethods set mfa : PAM for MFA: sshd disable password-auth mfa : PAM for MFA: sshd enable google authenticator audit : std.
[Read More]