<div dir="ltr"><p class="MsoNormal" style="margin:0in 0in 14pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Product:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"><br>
BigFix Compliance</span></p>
<p class="MsoNormal" style="margin:14pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Title:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"><br>
<span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Updated </span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(41,42,46);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">CIS Checklist for
Ubuntu 18.04 LTS Server</span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">.</span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"></span></p>
<p class="MsoNormal" style="margin:14pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Security Benchmark:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"><br>
</span><span lang="EN" style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(41,42,46);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">CIS Ubuntu Linux 18.04 LTS
Benchmark</span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">, V2.2.0</span></p>
<p class="MsoNormal" style="margin:14pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Published Sites:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"><br>
</span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(41,42,46);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">CIS Checklist for Ubuntu 18.04 LTS Server</span><span lang="EN" style="font-size:12pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">,
site version 25.</span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"><br>
<span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">(The site version is
provided for air-gap customers.)</span></span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Details:</span></b></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Total New Fixlets: 69</span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Total Updated Fixlets: 134</span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Total Deleted Fixlets: 83</span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Total Fixlets in Site: 269</span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">New Fixlets:</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"></span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
GDM autorun-never is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
audit configuration files are owned by root</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
cryptographic mechanisms are used to protect the integrity of audit tools</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
GDM disable-user-list option is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
audit tools belong to group root</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
successful and unsuccessful attempts to use the setfacl command are recorded</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
Automatic Error Reporting is not enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
re-authentication for privilege escalation is not disabled globally</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
sshd MaxAuthTries is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
GDM autorun-never is not overridden</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
audit log files are mode 0640 or less permissive</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
only authorized groups are assigned ownership of audit log files</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
audit configuration files belong to group root</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
the number of changed characters in a new password is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
audit tools are 755 or more restrictive</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
GDM screen locks cannot be overridden</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
chrony is enabled and running</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
noexec option set on /var/log/audit partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nosuid option set on /var/log/audit partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nosuid option set on /var partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
systemd-journal-remote is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
bluetooth services are not in use</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/security/opasswd are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
/etc/shadow password fields are not empty</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
noexec option set on /var/log partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
GDM screen locks when the user is idle</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
the running and on disk configuration is the same</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
events that modify the sudo log file are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
sudo authentication timeout is configured correctly</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
systemd-journal-remote is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
journald is not configured to receive logs from a remote client</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
dnsmasq is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nodev option set on /var/log partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
IPv6 status is identified</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
the audit log directory is 0750 or more restrictive</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
iptables are flushed with nftables</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
successful and unsuccessful attempts to use the usermod command are recorded</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ntp is configured with authorized timeserver</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nodev option set on /var/log/audit partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
password dictionary check is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
sshd DisableForwarding is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ntp is running as user ntp</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
users must provide password for privilege escalation</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
journald log rotation is configured per site policy</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
sshd GSSAPIAuthentication is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
journald default file permissions configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ptrace_scope is restricted</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
maximum number of same consecutive characters in a password is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ntp is enabled and running</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Correct
platform is installed on CISCAT Host</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nosuid option set on /var/log partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
systemd-journal-remote is installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
successful and unsuccessful attempts to use the chacl command are recorded</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
GDM automatic mounting of removable media is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
only authorized users own audit log files</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
rsyslog is not configured to receive logs from a remote client</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/shells are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
chrony is running as user _chrony</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
systemd-timesyncd is enabled and running</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nologin is not listed in /etc/shells</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
journald service is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
GDM disabling automatic mounting of removable media is not overridden</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
journald is not configured to send logs to rsyslog</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nodev option set on /var partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
audit configuration files are 640 or more restrictive</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
all current passwords uses the configured hashing algorithm</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
successful and unsuccessful attempts to use the chcon command are recorded</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
audit tools are owned by root</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nosuid option set on /home partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"> </span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Updated Fixlets:</span></b></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
mounting of udf filesystems is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Disable
USB Storage</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nodev option set on /tmp partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
noexec option set on /tmp partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nosuid option set on /tmp partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
separate partition exists for /var</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
separate partition exists for /var/tmp</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
separate partition exists for /var/log</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
separate partition exists for /var/log/audit</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
separate partition exists for /home</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nodev option set on /dev/shm partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
noexec option set on /dev/shm partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nosuid option set on /dev/shm partition</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
AIDE is installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
filesystem integrity is regularly checked</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
bootloader password is set</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on bootloader config are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
core dumps are restricted</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
address space layout randomization (ASLR) is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
local login warning banner is configured properly</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
remote login warning banner is configured properly</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/issue are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/<a href="http://issue.net">issue.net</a> are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
X Window System is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
IMAP and POP3 server are not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
Samba is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
HTTP Proxy Server is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SNMP Server is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
NIS Server is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
mail transfer agent is configured for local-only mode</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
Avahi Server is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
CUPS is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
DHCP Server is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
LDAP server is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
NFS is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
DNS Server is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
FTP Server is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
HTTP server is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
NIS Client is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
rsh client is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
talk client is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
telnet client is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
LDAP client is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
RPC is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nonessential services are removed or masked</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
packet redirect sending is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
source routed packets are not accepted</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
suspicious packets are logged</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ufw is installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ufw service is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ufw outbound connections are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ufw firewall rules exist for all open ports</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ufw default deny firewall policy</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ufw is uninstalled or disabled with nftables</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nftables loopback traffic is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nftables default deny firewall policy</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
iptables packages are installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nftables is not installed with iptables</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ufw is uninstalled or disabled with iptables</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
iptables default deny firewall policy</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ip6tables default deny firewall policy</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ip6tables loopback traffic is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ip6tables outbound and established connections are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ip6tables firewall rules exist for all open ports</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/crontab are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/cron.hourly are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/cron.daily are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/cron.weekly are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/cron.monthly are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/cron.d are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
cron is restricted to authorized users</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
at is restricted to authorized users</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/ssh/sshd_config are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
sudo is installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
sudo commands use pty</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
sudo log file exists</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
access to the su command is restricted</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
password creation requirements are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
lockout for failed password attempts is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
password reuse is limited</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
minimum days between password changes is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
password expiration is 365 days or less</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
password expiration warning days is 7 or more</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
inactive password lock is 30 days or less</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
all users last password change date is in the past</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
system accounts are secured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
journald is configured to compress large log files</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
journald is configured to write logfiles to persistent disk</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
rsyslog is installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
journald is configured to send logs to rsyslog</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
logging is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
rsyslog is configured to send logs to a remote log host</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
auditd is installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
auditing for processes that start prior to auditd is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
audit_backlog_limit is sufficient</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
audit log storage size is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
system is disabled when audit logs are full</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
changes to system administration scope (sudoers) is collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
successful file system mounts are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
session initiation information is collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
login and logout events are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
file deletion events by users are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
events that modify the system's Mandatory Access Controls are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
the audit configuration is immutable</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
events that modify date and time information are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
events that modify the system's network environment are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
events that modify user/group information are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
discretionary access control permission modification events are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/passwd are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/passwd- are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/group are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/group- are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/shadow are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/shadow- are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/gshadow are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/gshadow- are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
shadow group is empty</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
no duplicate UIDs exist</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
no duplicate GIDs exist</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
no duplicate user names exist</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
no duplicate group names exist</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
mounting of cramfs filesystems is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
mounting of freevxfs filesystems is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
mounting of jffs2 filesystems is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
mounting of hfs filesystems is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
mounting of hfsplus filesystems is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
AppArmor is installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
message of the day is configured properly</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on /etc/motd are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
GNOME Display Manager is removed</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
GDM login banner is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
wireless interfaces are disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
accounts in /etc/passwd use shadowed passwords</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
all groups in /etc/passwd exist in /etc/group</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"> </span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Deleted Fixlets:</span></b></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
/var/tmp partition includes the nodev option</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
/var/tmp partition includes the nosuid option</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
/var/tmp partition includes the noexec option</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
/home partition includes the nodev option</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nodev option set on removable media partitions</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
/tmp is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
nosuid option set on removable media partitions</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
noexec option set on removable media partitions</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
sticky bit is set on all world-writable directories</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Disable
Automounting</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
/dev/shm is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on bootloader config are not overridden</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
XD/NX support is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
prelink is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
disable-userlist is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
systemd-timesyncd is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
chrony is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ntp is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
rsync service is not installed</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Disable
IPv6</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
IP forwarding is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
ICMP redirects are not accepted</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
secure ICMP redirects are not accepted</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
broadcast ICMP requests are ignored</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
bogus ICMP responses are ignored</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
Reverse Path Filtering is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
TCP SYN Cookies is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
IPv6 router advertisements are not accepted</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
DCCP is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SCTP is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
RDS is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
TIPC is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
auditd service is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
unsuccessful unauthorized file access attempts are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
use of privileged commands is collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
system administrator command executions (sudo) are collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
kernel module loading and unloading is collected</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
rsyslog service is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
rsyslog default file permissions configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
remote rsyslog messages are only accepted on designated log hosts</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on all logfiles are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
logrotate is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
logrotate assigns appropriate permissions</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
cron daemon is enabled and running</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH root login is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH PermitEmptyPasswords is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH PermitUserEnvironment is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
only strong ciphers are used</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
only strong MAC algorithms are used</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
only strong key exchange algorithms are used</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH Idle Timeout Interval is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH LoginGraceTime is set to one minute or less</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH warning banner is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH PAM is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on SSH private host key files are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH AllowTcpForwarding is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH MaxStartups is configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH MaxSessions is limited</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
permissions on SSH public host key files are configured</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH access is limited</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH LogLevel is appropriate</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH X11 forwarding is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH MaxAuthTries is set to 4 or less</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH IgnoreRhosts is enabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
SSH HostbasedAuthentication is disabled</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
password hashing algorithm is SHA-512</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
default user shell timeout is 900 seconds or less</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
root login is restricted to system console</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Audit
system file permissions</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
no world writable files exist</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
no unowned files or directories exist</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
no ungrouped files or directories exist</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Audit
SUID executables</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Audit
SGID executables</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
no users have .rhosts files</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
root is the only UID 0 account</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
root PATH Integrity</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
password fields are not empty</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
all users' home directories exist</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
users own their home directories</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
users' home directories permissions are 750 or more restrictive</span></p>
<p class="MsoNormal" style="margin:0in 0in 0in 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
users' dot files are not group or world writable</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">●<span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:"Times New Roman"">
</span></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Ensure
no users have .netrc files</span></p>
<p class="MsoNormal" style="margin:0in 0in 12pt 0.5in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"> </span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"> </span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Additional details:</span></b></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif"><br>
</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">● Both analysis and remediation
checks are included<br>
● Some of the checks allow you to use the parameterized setting to enable
customization for compliance evaluation. Note that parameterization and
remediation actions require the creation of a custom site.<br>
Improved a few checks by adding the pending restart feature to them. The
pending restart feature works in the following ways:<br>
● The action results will show “Pending Restart” instead of “Fixed” for those
checks which require OS reboot.<br>
● The check will show relevant for those endpoints until they are rebooted.<br>
<b>● </b>Post reboot of the endpoint the action results will show as “Fixed”
and the check will be compliant.</span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Actions to take:<br>
</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">● To subscribe to the above
site, you can use the License Overview Dashboard to enable and gather the site.
Note that you must be entitled to the BigFix Compliance product and you must be
using BigFix version 10.0.0 and later.<br>
●If you use custom sites, update your custom sites accordingly to use the
latest content. You can synchronize your content by using the Synchronize
Custom Checks wizard. For more information, see </span><span lang="EN" style="color:black"><a href="https://help.hcltechsw.com/bigfix/11.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html"><span style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(0,136,204);text-decoration-line:none">Using the
Synchronize Custom Checks wizard</span></a></span><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(0,136,204)"></span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">More information:<br>
</span></b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">To know more about the BigFix
Compliance SCM checklists, please see the following resources:</span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">● BigFix Forum:<br>
</span></b><span lang="EN" style="color:black"><a href="https://forum.bigfix.com/c/release-announcements/compliance"><b><span style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(0,136,204);text-decoration-line:none">https://forum.bigfix.com/c/release-announcements/compliance</span></b></a></span><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(0,136,204)"></span></b></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">● BigFix Compliance SCM Checklists:<br>
</span></b><span lang="EN" style="color:black"><a href="https://bigfix-wiki.hcltechsw.com/wikis/home?lang=enus#!/wiki/BigFix%20Wiki/page/SCM%20Checklists"><b><span style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(0,136,204);text-decoration-line:none">Welcome to
Wikis</span></b></a></span><b><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif;color:rgb(0,136,204)"></span></b></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">We hope you find this latest release of SCM content
useful and effective.</span></p>
<p class="MsoNormal" style="margin:12pt 0in;line-height:normal;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-size:11pt;font-family:Arial,sans-serif"><span lang="EN" style="font-size:12pt;font-family:Calibri,sans-serif">Thank you!<br>
<i>– The BigFix Compliance team</i></span><span lang="EN" style="font-family:Calibri,sans-serif"></span></p></div>