Checks for Server

Filesystem & Hardening

Servers – Disable UDF Filesystem Disables UDF filesystem support to prevent unauthorized removable media usage.
Servers – Configure /tmp Partition Ensures /tmp is mounted on a separate partition with secure mount options.
Servers – Configure /home Partition Ensures /home partition is configured with nodev option to restrict device file usage.
Servers – Configure /var Partition Ensures /var partition is configured with secure mount options to protect system data.
Servers – Configure Shm Partition Ensures shared memory is mounted with nodev option to prevent device access.
Servers – Enable dm-verity Enables dm-verity to verify filesystem integrity and prevent tampering.
Servers – Enforce Authentication for Single User Mode Requires authentication for single-user mode to prevent unauthorized system access.
Servers – Restrict Core Dump Generation Restricts core dump generation to prevent exposure of sensitive information.
Servers – Enable NX Protection Enables NX protection to prevent execution of code from non-executable memory regions.
Servers – Enable Address Space Layout Randomization (ASLR) Enables ASLR to randomize memory addresses and reduce exploitation risks.

Banners & Misc

Servers – Configure Message of the Day (MOTD) Configures MOTD to display system information and security notices to users upon login.
Servers – Configure Local Login Banner Ensures a security warning banner is displayed for users logging in locally.
Servers – Configure Remote Login Banner Ensures a security warning banner is displayed for remote login sessions.
Servers – Configure Message of the Day (MOTD) Permissions Ensures proper permissions are set on MOTD files to prevent unauthorized modifications.
Servers – Configure Issue Permissions Ensures correct permissions on /etc/issue file to restrict unauthorized changes.

File Permissions

Servers – Configure Password Permissions Ensures correct permissions are set on /etc/passwd to protect user account information.
Servers – Configure Group Backup Permissions Ensures secure permissions are applied to the group backup file to prevent unauthorized access.
Servers – Configure Group Permissions Ensures proper permissions are set on /etc/group to maintain group data integrity.
Servers – Configure Gshadow Backup Permissions Ensures restricted permissions on gshadow backup file to protect sensitive group credentials.
Servers – Configure Gshadow Permissions Ensures strict permissions are set on /etc/gshadow to safeguard group password information.
Servers – Configure Passwd Backup Permissions Ensures secure permissions on passwd backup file to prevent unauthorized modifications.
Servers – Configure Shadow Backup Permissions Ensures restricted access to shadow backup file to protect sensitive password hashes.
Servers – Configure Shadow Permissions Ensures strict permissions on /etc/shadow to secure user password hashes.