{"id": "e8", "policy": "e8", "title": "Australian Cyber Security Centre (ACSC)", "source": "https://www.cyber.gov.au/sites/default/files/2023-11/PROTECT%20-%20Hardening%20Linux%20Workstations%20and%20Servers%20%28November%202023%29.pdf", "definition_location": "/aptdata/openscap/scap-security-guide/controls/e8.yml", "controls": [{"id": "patching", "levels": ["base"], "notes": "", "title": "Application and operating system patching", "description": null, "rationale": null, "automated": "yes", "status": "automated", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["dnf-automatic_security_updates_only", "ensure_gpgcheck_globally_activated", "ensure_redhat_gpgkey_installed", "service_telnet_disabled", "package_rsh_removed", "security_patches_up_to_date", "package_talk_removed", "package_telnet_removed", "ensure_gpgcheck_local_packages", "package_talk-server_removed", "service_avahi-daemon_disabled", "package_squid_removed", "ensure_gpgcheck_never_disabled", "package_telnet-server_removed", "package_rsh-server_removed", "package_ypbind_removed", "service_squid_disabled"], "controls": []}, {"id": "mfa", "levels": ["base"], "notes": "", "title": "Multi-factor authentication", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "restrict_admin", "levels": ["base"], "notes": "", "title": "Restricting administrative privileges", "description": null, "rationale": null, "automated": "no", "status": "partial", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["accounts_no_uid_except_zero", "sudo_remove_nopasswd", "sudo_remove_no_authenticate", "sudo_require_authentication"], "controls": []}, {"id": "app_control", "levels": ["base"], "notes": "", "title": "Application control", "description": null, "rationale": null, "automated": "no", "status": "partial", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["package_fapolicyd_installed", "service_fapolicyd_enabled"], "controls": []}, {"id": "restrict_macros", "levels": ["base"], "notes": "", "title": "Restrict Microsoft Office macros", "description": null, "rationale": null, "automated": "no", "status": "not applicable", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "app_hardening", "levels": ["base"], "notes": "", "title": "User application hardening", "description": null, "rationale": null, "automated": "no", "status": "pending", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": [], "controls": []}, {"id": "backups", "levels": ["base"], "notes": "", "title": "Regular backups", "description": null, "rationale": null, "automated": "no", "status": "manual", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": ["package_rear_installed"], "rules": [], "controls": []}, {"id": "hardening", "levels": ["base"], "notes": "", "title": "General hardening", "description": null, "rationale": null, "automated": "no", "status": "partial", "mitigation": null, "artifact_description": null, "status_justification": null, "fixtext": null, "check": null, "tickets": null, "original_title": null, "related_rules": [], "rules": ["audit_rules_time_clock_settime", "audit_rules_execution_setfiles", "audit_rules_login_events_lastlog", "audit_rules_execution_setsebool", "sshd_disable_root_login", "sshd_disable_gssapi_auth", "file_ownership_binary_dirs", "file_ownership_library_dirs", "rpm_verify_ownership", "auditd_local_events", "configure_crypto_policy", "audit_rules_usergroup_modification_passwd", "auditd_write_logs", "audit_rules_login_events_faillock", "service_rsyslog_enabled", "mount_option_dev_shm_nodev", "auditd_freq", "auditd_log_format", "audit_rules_login_events_tallylog", "file_permissions_unauthorized_suid", "enable_authselect", "audit_rules_time_watch_localtime", "auditd_name_format", "sshd_use_directory_configuration", "audit_rules_time_adjtimex", "sysctl_kernel_kexec_load_disabled", "sshd_do_not_permit_user_env", "rpm_verify_permissions", "sysctl_kernel_randomize_va_space", "network_sniffer_disabled", "audit_rules_sysadmin_actions", "service_auditd_enabled", "audit_rules_kernel_module_loading", "file_permissions_unauthorized_sgid", "audit_rules_execution_semanage", "selinux_state", "audit_rules_time_stime", "audit_rules_dac_modification_chown", "audit_rules_execution_chcon", "audit_rules_usergroup_modification_group", "rpm_verify_hashes", "file_permissions_unauthorized_world_writable", "audit_rules_execution_restorecon", "package_rsyslog_installed", "no_empty_passwords", "selinux_policytype", "audit_rules_networkconfig_modification", "sysctl_net_core_bpf_jit_harden", "sshd_disable_user_known_hosts", "sshd_enable_strictmodes", "sshd_set_loglevel_info", "configure_ssh_crypto_policy", "audit_rules_dac_modification_chmod", "sshd_print_last_log", "file_permissions_library_dirs", "sysctl_kernel_kptr_restrict", "audit_rules_execution_seunshare", "file_permissions_binary_dirs", "sysctl_kernel_yama_ptrace_scope", "service_firewalld_enabled", "mount_option_dev_shm_nosuid", "audit_rules_usergroup_modification_shadow", "mount_option_dev_shm_noexec", "sysctl_kernel_exec_shield", "package_firewalld_installed", "sysctl_kernel_unprivileged_bpf_disabled", "sysctl_kernel_dmesg_restrict", "sshd_disable_rhosts", "sshd_disable_empty_passwords", "dir_perms_world_writable_sticky_bits", "audit_rules_time_settimeofday", "audit_rules_usergroup_modification_opasswd", "auditd_data_retention_flush", "audit_rules_usergroup_modification_gshadow", "var_system_crypto_policy=default_nosha1", "var_auditd_flush=incremental_async", "var_selinux_state=enforcing", "var_selinux_policy_name=targeted", "var_authselect_profile=sssd"], "controls": []}], "levels": [{"id": "base", "inherits_from": null}]}