Commit efbd25d
Yuqing Yang
Alibaba Cloud Linux 3 CIS Benchmark has stopped receiving updates and has entered the End-of-Life (EOL) maintenance stage. As a result, the Alibaba Cloud Linux 3 CIS-related profile and its associated references will be removed.
Signed-off-by: Yuqing Yang <[email protected]>
Signed-off-by: YiLin.Li <[email protected]>1 parent 9a78990 commit efbd25d
File tree
284 files changed
+23
-2507
lines changed- controls
- linux_os/guide
- services
- avahi/disable_avahi_group/service_avahi-daemon_disabled
- cron_and_at
- file_groupowner_cron_daily
- file_groupowner_cron_d
- file_groupowner_cron_hourly
- file_groupowner_cron_monthly
- file_groupowner_cron_weekly
- file_groupowner_crontab
- file_owner_cron_daily
- file_owner_cron_d
- file_owner_cron_hourly
- file_owner_cron_monthly
- file_owner_cron_weekly
- file_owner_crontab
- file_permissions_cron_daily
- file_permissions_cron_d
- file_permissions_cron_hourly
- file_permissions_cron_monthly
- file_permissions_cron_weekly
- file_permissions_crontab
- restrict_at_cron_users
- file_at_deny_not_exist
- file_cron_deny_not_exist
- file_groupowner_at_allow
- file_groupowner_cron_allow
- file_owner_at_allow
- file_owner_cron_allow
- file_permissions_at_allow
- file_permissions_cron_allow
- service_crond_enabled
- dhcp/disabling_dhcp_server/service_dhcpd_disabled
- dns/disabling_dns_server/service_named_disabled
- ftp/disabling_vsftpd/service_vsftpd_disabled
- http/disabling_httpd/service_httpd_disabled
- imap/disabling_dovecot/service_dovecot_disabled
- ldap
- openldap_client/package_openldap-clients_removed
- openldap_server/service_slapd_disabled
- mail/postfix_client/postfix_network_listening_disabled
- nfs_and_rpc
- disabling_nfs/disabling_nfs_services/service_rpcbind_disabled
- nfs_configuring_clients/disabling_nfsd/service_nfs_disabled
- ntp
- chronyd_run_as_chrony_user
- chronyd_specify_remote_server
- package_chrony_installed
- obsolete
- inetd_and_xinetd/package_xinetd_removed
- nis
- package_ypbind_removed
- service_ypserv_disabled
- r_services/no_rsh_trust_files
- service_rsyncd_disabled
- telnet/package_telnet_removed
- printing/service_cups_disabled
- proxy/disabling_squid/service_squid_disabled
- smb/disabling_samba/service_smb_disabled
- snmp/disabling_snmp_service/service_snmpd_disabled
- ssh
- file_groupowner_sshd_config
- file_owner_sshd_config
- file_permissions_sshd_config
- file_permissions_sshd_pub_key
- ssh_server
- disable_host_auth
- sshd_disable_empty_passwords
- sshd_disable_rhosts
- sshd_disable_root_login
- sshd_disable_tcp_forwarding
- sshd_disable_x11_forwarding
- sshd_do_not_permit_user_env
- sshd_set_idle_timeout
- sshd_set_keepalive
- sshd_set_login_grace_time
- sshd_set_loglevel_info
- sshd_set_loglevel_verbose
- sshd_set_max_auth_tries
- xwindows/disabling_xwindows
- package_xorg-x11-server-common_removed
- xwindows_remove_packages
- system
- accounts
- accounts-banners
- banner_etc_issue
- banner_etc_motd
- file_groupowner_etc_issue
- file_groupowner_etc_motd
- file_owner_etc_issue
- file_owner_etc_motd
- file_permissions_etc_issue
- file_permissions_etc_motd
- gui_login_banner
- dconf_gnome_banner_enabled
- dconf_gnome_login_banner_text
- accounts-pam
- locking_out_password_attempts
- account_password_pam_faillock_password_auth
- accounts_password_pam_pwhistory_remember_password_auth
- accounts_password_pam_pwhistory_remember_system_auth
- password_quality/password_quality_pwquality
- accounts_password_pam_minclass
- accounts_password_pam_minlen
- accounts_password_pam_retry
- set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth
- accounts-physical
- require_emergency_target_auth
- require_singleuser_auth
- accounts-restrictions
- account_expiration/account_disable_post_pw_expiration
- account_unique_id
- group_unique_id
- group_unique_name
- password_expiration
- accounts_maximum_age_login_defs
- accounts_minimum_age_login_defs
- accounts_password_set_max_life_existing
- accounts_password_set_min_life_existing
- accounts_password_warn_age_login_defs
- password_storage
- no_forward_files
- no_netrc_files
- root_logins
- accounts_no_uid_except_zero
- accounts_root_gid_zero
- no_direct_root_logins
- no_shelllogin_for_systemaccounts
- securetty_root_login_console_only
- use_pam_wheel_for_su
- accounts-session
- accounts_tmout
- accounts_user_dot_no_world_writable_programs
- accounts_user_interactive_home_directory_exists
- file_groupownership_home_directories
- file_ownership_home_directories
- file_permissions_home_directories
- root_paths
- accounts_root_path_dirs_no_write
- root_path_no_dot
- user_umask
- accounts_umask_etc_bashrc
- accounts_umask_etc_login_defs
- accounts_umask_etc_profile
- auditing
- auditd_configure_rules
- audit_execution_acl_commands
- audit_rules_execution_chacl
- audit_rules_execution_setfacl
- audit_execution_selinux_commands/audit_rules_execution_chcon
- audit_file_deletion_events/audit_rules_file_deletion_events_rename
- audit_kernel_module_loading
- audit_rules_kernel_module_loading_create
- audit_rules_kernel_module_loading_delete
- audit_login_events
- audit_rules_login_events_faillock
- audit_rules_login_events_lastlog
- audit_privileged_commands
- audit_rules_privileged_commands_chage
- audit_rules_privileged_commands_chsh
- audit_rules_privileged_commands_gpasswd
- audit_rules_privileged_commands_kmod
- audit_rules_privileged_commands_newgrp
- audit_rules_privileged_commands_pam_timestamp_check
- audit_rules_privileged_commands_usermod
- audit_rules_immutable
- audit_rules_media_export
- audit_rules_networkconfig_modification
- audit_rules_session_events
- audit_rules_sysadmin_actions
- audit_rules_usergroup_modification_group
- audit_rules_usergroup_modification_gshadow
- audit_rules_usergroup_modification_opasswd
- audit_rules_usergroup_modification_passwd
- audit_rules_usergroup_modification_shadow
- audit_time_rules
- audit_rules_time_adjtimex
- audit_rules_time_clock_settime
- audit_rules_time_stime
- audit_rules_time_watch_localtime
- configure_auditd_data_retention
- auditd_data_retention_action_mail_acct
- auditd_data_retention_admin_space_left_action
- auditd_data_retention_max_log_file_action
- auditd_data_retention_max_log_file
- auditd_data_retention_space_left_action
- grub2_audit_argument
- grub2_audit_backlog_limit_argument
- package_audit_installed
- service_auditd_enabled
- bootloader-grub2
- non-uefi
- file_groupowner_grub2_cfg
- file_owner_grub2_cfg
- file_permissions_grub2_cfg
- grub2_password
- uefi
- file_groupowner_efi_grub2_cfg
- file_owner_efi_grub2_cfg
- file_permissions_efi_grub2_cfg
- grub2_uefi_password
- logging
- journald
- journald_compress
- journald_forward_to_syslog
- journald_storage
- package_rsyslog_installed
- rsyslog_accepting_remote_messages/rsyslog_nolisten
- rsyslog_sending_messages/rsyslog_remote_loghost
- service_rsyslog_enabled
- network
- network-firewalld
- firewalld_activation
- package_firewalld_installed
- service_firewalld_enabled
- firewalld_deactivation
- package_firewalld_removed
- service_firewalld_disabled
- network-iptables/package_iptables_installed
- network-ipv6/configuring_ipv6
- sysctl_net_ipv6_conf_all_accept_ra
- sysctl_net_ipv6_conf_all_accept_redirects
- sysctl_net_ipv6_conf_all_accept_source_route
- sysctl_net_ipv6_conf_all_forwarding
- sysctl_net_ipv6_conf_default_accept_ra
- sysctl_net_ipv6_conf_default_accept_redirects
- sysctl_net_ipv6_conf_default_accept_source_route
- network-kernel
- network_host_and_router_parameters
- sysctl_net_ipv4_conf_all_accept_redirects
- sysctl_net_ipv4_conf_all_accept_source_route
- sysctl_net_ipv4_conf_all_log_martians
- sysctl_net_ipv4_conf_all_rp_filter
- sysctl_net_ipv4_conf_all_secure_redirects
- sysctl_net_ipv4_conf_default_accept_redirects
- sysctl_net_ipv4_conf_default_accept_source_route
- sysctl_net_ipv4_conf_default_log_martians
- sysctl_net_ipv4_conf_default_rp_filter
- sysctl_net_ipv4_conf_default_secure_redirects
- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
- sysctl_net_ipv4_tcp_syncookies
- network_host_parameters
- sysctl_net_ipv4_conf_all_send_redirects
- sysctl_net_ipv4_conf_default_send_redirects
- sysctl_net_ipv4_ip_forward
- network-nftables
- package_nftables_removed
- service_nftables_disabled
- network-uncommon
- kernel_module_dccp_disabled
- kernel_module_sctp_disabled
- network-wireless/wireless_software/wireless_disable_interfaces
- permissions
- files
- dir_perms_world_writable_sticky_bits
- file_permissions_unauthorized_sgid
- file_permissions_unauthorized_suid
- file_permissions_unauthorized_world_writable
- file_permissions_ungroupowned
- permissions_important_account_files
- file_groupowner_backup_etc_group
- file_groupowner_backup_etc_gshadow
- file_groupowner_backup_etc_passwd
- file_groupowner_backup_etc_shadow
- file_groupowner_etc_group
- file_groupowner_etc_gshadow
- file_groupowner_etc_shadow
- file_owner_backup_etc_group
- file_owner_backup_etc_gshadow
- file_owner_backup_etc_passwd
- file_owner_backup_etc_shadow
- file_owner_etc_group
- file_owner_etc_gshadow
- file_owner_etc_shadow
- file_permissions_backup_etc_group
- file_permissions_backup_etc_gshadow
- file_permissions_backup_etc_passwd
- file_permissions_backup_etc_shadow
- file_permissions_etc_group
- file_permissions_etc_gshadow
- file_permissions_etc_shadow
- mounting
- kernel_module_cramfs_disabled
- kernel_module_squashfs_disabled
- kernel_module_udf_disabled
- kernel_module_usb-storage_disabled
- service_autofs_disabled
- partitions
- mount_option_dev_shm_nodev
- mount_option_dev_shm_nosuid
- mount_option_home_nodev
- mount_option_home_nosuid
- mount_option_tmp_nodev
- mount_option_tmp_noexec
- mount_option_tmp_nosuid
- mount_option_var_noexec
- mount_option_var_nosuid
- mount_option_var_tmp_nodev
- mount_option_var_tmp_noexec
- mount_option_var_tmp_nosuid
- restrictions
- coredumps
- coredump_disable_backtraces
- coredump_disable_storage
- disable_users_coredumps
- sysctl_fs_suid_dumpable
- enable_execshield_settings/sysctl_kernel_randomize_va_space
- selinux
- grub2_enable_selinux
- package_libselinux_installed
- package_mcstrans_removed
- package_setroubleshoot_removed
- selinux_confinement_of_daemons
- selinux_policytype
- selinux_state
- software
- disk_partitioning
- partition_for_home
- partition_for_tmp
- partition_for_var_log_audit
- partition_for_var_log
- partition_for_var_tmp
- partition_for_var
- integrity
- crypto/configure_crypto_policy
- software-integrity
- aide
- aide_check_audit_tools
- aide_periodic_checking_systemd_timer
- aide_periodic_cron_checking
- file_audit_tools_group_ownership
- file_audit_tools_ownership
- file_audit_tools_permissions
- package_aide_installed
- rpm_verification
- rpm_verify_ownership
- rpm_verify_permissions
- sudo
- package_sudo_installed
- sudo_add_passwd_timeout
- sudo_custom_logfile
- updating/ensure_gpgcheck_globally_activated
- products/alinux3
- profiles
- transforms
- tests/data/product_stability
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
284 files changed
+23
-2507
lines changedThis file was deleted.
Lines changed: 0 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | | - | |
28 | 27 | | |
29 | 28 | | |
30 | 29 | | |
| |||
Lines changed: 0 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | 26 | | |
28 | 27 | | |
29 | 28 | | |
| |||
Lines changed: 0 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | 26 | | |
28 | 27 | | |
29 | 28 | | |
| |||
Lines changed: 0 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | 26 | | |
28 | 27 | | |
29 | 28 | | |
| |||
Lines changed: 0 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | 26 | | |
28 | 27 | | |
29 | 28 | | |
| |||
Lines changed: 0 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | 26 | | |
28 | 27 | | |
29 | 28 | | |
| |||
Lines changed: 0 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | 26 | | |
28 | 27 | | |
29 | 28 | | |
| |||
Lines changed: 0 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | 26 | | |
28 | 27 | | |
29 | 28 | | |
| |||
Lines changed: 0 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
27 | 26 | | |
28 | 27 | | |
29 | 28 | | |
| |||
0 commit comments