<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:155190929;
mso-list-template-ids:671148420;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1513301990;
mso-list-template-ids:-716651842;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;
mso-bidi-font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p style="margin-top:0in;background:white"><strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Product:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
BigFix Compliance<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Title:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
Updated CIS Checklist for Debian Linux 10 Benchmark with bugfixes.<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Security Benchmarks:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
CIS Debian Linux 10 Benchmark, v1.0.0<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Published Sites:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
CIS Checklist for Debian Linux 10, site version 2<br>
(The site version is provided for air-gap customers.)<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Details:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
Fixed and improved implementation for the following checks:<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure loopback traffic is configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure firewall rules exist for all open ports<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure all AppArmor Profiles are in enforce or complain mode<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure loopback traffic is configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure default deny firewall policy<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure XDNX support is enabled<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure wireless interfaces are disabled<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure firewall rules exist for all open ports<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure journald is configured to send logs to rsyslog<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure journald is configured to compress large log files<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure journald is configured to write logfiles to persistent disk<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure permissions on all logfiles are configured<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_sudo_commands_use_pty<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure sudo log file exists<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_logrotate_assigns_appropriate_permissions<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure_SSH_Protocol_is_not_set_to_1<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure all users last password change date is in the past<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure default deny firewall policy<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure password fields are not empty<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure password expiration warning days is 7 or more<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure password expiration is 365 days or less<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure inactive password lock is 30 days or less<o:p></o:p></span></li><li class="MsoNormal" style="color:#222222;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo2;background:white">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Ensure minimum days between password changes is 7 or more<o:p></o:p></span></li></ul>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">Actions to take:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product and you must be using BigFix version 9.2 and later.<br>
If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see <a href="https://help.hcltechsw.com/bigfix/9.5/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html"><span style="color:#0088CC">https://help.hcltechsw.com/bigfix/9.5/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html</span></a>.<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">More information:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
To know more about the BigFix Compliance SCM checklists, please see the following resource:<o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">BigFix Forum:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
<a href="https://forum.bigfix.com/c/release-announcements/compliance" target="_blank"><span style="color:#0088CC">https://forum.bigfix.com/c/release-announcements/compliance</span></a><o:p></o:p></span></p>
<p style="background:white;font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222">BigFix Compliance SCM Checklists:</span></strong><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#222222"><br>
<a href="https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Checklist/SCM_Checklist.html" target="_blank"><span style="color:#0088CC">https://help.hcltechsw.com/bigfix/10.0/compliance/Compliance/SCM_Checklist/SCM_Checklist.html</span></a><br>
We hope you find this latest release of SCM content useful and effective. Thank you!<br>
– The BigFix Compliance team<o:p></o:p></span></p>
</div>
</body>
</html>