<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:50006455;
mso-list-type:hybrid;
mso-list-template-ids:-1367732626 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653 1074331649 1074331651 1074331653;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:18.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:54.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:90.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:162.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:198.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:234.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:270.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:306.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1353265393;
mso-list-template-ids:-1235831390;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-IN" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p style="margin-top:0cm;background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Product:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
BigFix Compliance<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Title:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
Updated CIS Centos Linux 8 Benchmark with bugfixes.<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Security Benchmark:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
CIS Centos Linux 8 Benchmark, v1.0.0<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Published Sites:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
CIS Checklist for Centos Linux 8, site version 2<br>
(The site version is provided for air-gap customers.)<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Details:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
Fixed and improved implementation for the following check:<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure SSH access is limited<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure permissions on SSH private host key files are configured<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure journald is configured to send logs to rsyslog<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure journald is configured to write logfiles to persistent disk<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure journald is configured to compress large log files<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure sudo log file exists<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_wireless_interfaces_are_disabled<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Create_custom_authselect_profile<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_firewall_rules_exist_for_all_open_ports<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_no_unconfined_services_exist<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_authentication_required_for_single_user_mode<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_time_synchronization_is_in_use<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_DCCP_is_disabled<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_SCTP_is_disabled<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_RDS_is_disabled<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_TIPC_is_disabled<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_audit_log_storage_size_is_configured<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_local_login_warning_banner_is_configured_properly<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_remote_login_warning_banner_is_configured_properly<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_permissions_on_etcmotd_are_configured<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_permissions_on_etcissue.net_are_configured<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure password fields are not empty<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure password expiration warning days is 7 or more<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure password expiration is 365 days or less<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure inactive password lock is 30 days or less<o:p></o:p></span></li><li class="MsoListParagraph" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:-18.0pt;mso-list:l0 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure minimum days between password changes is 7 or more<o:p></o:p></span></li></ul>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Actions to take:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
• To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product and you must be using BigFix version 9.2 and later.<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">• If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more
information, see <a href="https://help.hcltechsw.com/bigfix/9.5/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html"><span style="color:#0088CC">https://help.hcltechsw.com/bigfix/9.5/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html</span></a>.<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">More information:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
To know more about the BigFix Compliance SCM checklists, please see the following resources:<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">• </span><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">BigFix Forum:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
<a href="https://forum.bigfix.com/c/release-announcements/compliance" target="_blank"><span style="color:#0088CC">https://forum.bigfix.com/c/release-announcements/compliance</span></a><o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">• </span><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">BigFix Compliance SCM Checklists:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
<a href="https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Checklist/SCM_Checklist.html" target="_blank"><span style="color:#0088CC">https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Checklist/SCM_Checklist.html</span></a><o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">We hope you find this latest release of SCM content useful and effective. Thank you!<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">– The BigFix Compliance team<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>