Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Author: Software AG
Version 1.0 | 02.06.2017
TABLE OF CONTENTS
1 Introduction 3
3 Checklist 4
4 References: 10
1 Introduction
This document provides prescriptive guidance for establishing a secure configuration posture for Red Hat
Enterprise Linux 7 systems running on x86 and x64 platforms.
The guidance within broadly assumes that operations are being performed as the root user. Non-root users
may not be able to access certain areas of the system, especially after remediation has been performed. It
is advisable to verify root users path integrity and the integrity of any programs being run prior to execution
of commands and scripts included in this benchmark.
This benchmark is intended for system and application administrators, security specialists, auditors, help
desk, and platform deployment personnel, who plan to develop, deploy, assess, or secure solutions that
incorporate Linux on a x86 platform.
3 Checklist
SL
Control Set Correctly
No.
1 Initial Setup
1.1 Filesystem Configuration
1.1.1 Disable unused filesystems
1.1.2 Ensure mounting of cramfs filesystems is disabled
1.1.3 Ensure mounting of freevxfs filesystems is disabled
1.1.4 Ensure mounting of jffs2 filesystems is disabled
1.1.5 Ensure mounting of hfs filesystems is disabled
1.1.6 Ensure mounting of hfsplus filesystems is disabled
1.1.7 Ensure mounting of squashfs filesystems is disabled
1.1.8 Ensure mounting of udf filesystems is disabled
1.1.9 Ensure mounting of FAT filesystems is disabled
1.1.10 Ensure separate partition exists for /tmp
1.1.11 Ensure nodev option set on /tmp partition
1.1.12 Ensure nosuid option set on /tmp partition
1.1.13 Ensure noexec option set on /tmp partition
1.1.14 Ensure separate partition exists for /var
1.1.15 Ensure separate partition exists for /var/tmp
1.1.16 Ensure nodev option set on /var/tmp partition
1.1.17 Ensure nosuid option set on /var/tmp partition
1.1.18 Ensure noexec option set on /var/tmp partition
1.1.19 Ensure separate partition exists for /var/log
1.1.20 Ensure separate partition exists for /var/log/audit
1.1.21 Ensure separate partition exists for /home
1.1.22 Ensure nodev option set on /home partition
1.1.23 Ensure nodev option set on /dev/shm partition
1.1.24 Ensure nosuid option set on /dev/shm partition
1.1.25 Ensure noexec option set on /dev/shm partition
1.1.26 Ensure nodev option set on removable media partitions
1.1.27 Ensure nosuid option set on removable media partitions
1.1.28 Ensure noexec option set on removable media partitions
1.1.29 Ensure sticky bit is set on all world-writable directories
1.1.30 Disable Automounting
1.2 Configure Software Updates
1.2.1 Ensure package manager repositories are configured
4 References:
CIS Red Hat Enterprise Linux 7 Benchmark - https://www.cisecurity.org/cis-benchmarks/
ABOUT SOFTWARE AG
The digital transformation is changing enterprise IT landscapes from inflexible application silos to modern software platform-driven IT architectures which
deliver the openness, speed and agility needed to enable the digital real-time enterprise. Software AG offers the first end-to-end Digital Business
Platform, based on open standards, with integration, process management, in-memory data, adaptive application development, real-time analytics and
enterprise architecture management as core building blocks. The modular platform allows users to develop the next generation of application systems to
build their digital future, today. With over 45 years of customer-centric innovation, Software AG is ranked as a leader in many innovative and digital
technology categories. Learn more at www.SoftwareAG.com.
© 2017 Software AG. All rights reserved. Software AG and all Software AG products are either trademarks or registered trademarks of Software AG.
Other product and company names mentioned herein may be the trademarks of their respective owners