Versions Compared

Old Version 11

changes.mady.by.user Steve Challans

Saved on

compared with

New Version 12

changes.mady.by.user jorge.rueda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

umac-128@openssh.com


False positives:

    2.3.5    Ensure LDAP client is not installed.    Snare Central comes with LDAP client.

...




2.2.1.

...

1Ensure time synchronization is in use.

...

Snare Central runs ntpdate daily, the ntp source server is set by the customer during the install.

...

2.2.1.

...

3Ensure chrony is configured.

...

Snare Central does not use chrony

...

2.2.

...

7Ensure NFS and RPC are not enabled.

...

User can disable NFS from UI

...

2.2.

...

12Ensure Samba is not enabled.

...

User can disable samba from UI

...

2.2.

...

14Ensure SNMP Server is not enabled.User can disable SNMP from UI

...

2.2.

...

16Ensure rsync service is not enabled.rsync Is used for side by side migration only.
2.3.

...

5Ensure LDAP client is not installed.Snare Central comes with LDAP client.
3.4.

...

2Ensure /etc/hosts.allow is configured.

...

The contents depend on user network layout.

...

3.4.

...

3Ensure /etc/hosts.deny is configured.

...

The contents depend on user network layout.

...

4.1.1.

...

2Ensure system is disabled when audit logs are full.

...

Snare Central uses SUSPEND instead of HALT as Snare Central is a logging system it needs to keep operating.

...

4.1.1.

...

3Ensure audit logs are not automatically deleted.

...

Snare Central uses ROTATE instead of KEEP.

...

4.2.1.

...

4Ensure rsyslog is configured to send logs to a remote log host.

...

Not Applicable, Snare Central is the central logging system so it collects its own logs and also other systems, so the context is different to what the CIS checklist is asking for.

...

4.2.1.

...

5Ensure remote rsyslog messages are only accepted on designated log hosts.

...

Not Applicable

...

5.3.

...

1Ensure password creation requirements are configured.

...

Snare Central uses pam_cracklib to help enforce password complexity.

...

6.1.

...

10Ensure no world writable files exist.

...

Apache web server needs this file only: /tmp/perf-23853.map owner: www-data, group: www-data, permissions: 0666

Won't do:
    1.4.2     Ensure bootloader password is set.    this need to be done manually by the sysadmin