1d74ae7ff1
- Add kernel hardening via sysctl (network, system, ARP hardening) - Implement password quality requirements (14 char, complexity) - Configure password aging policies (90 day max) - Add PAM authentication hardening with faillock - Implement sudo restrictions and least privilege CIS Benchmark Controls Implemented: - Section 1: Filesystem Permissions - Section 3: Network Parameters - Section 4: Logging and Auditing - Section 5: Access Control Security Features: - Kernel parameter hardening (randomization, core dumps) - Strong password policies (complexity, aging, lockout) - Sudo access logging and restrictions - Authentication failure account lockout Compliance: - CIS Debian 13 Benchmark: Section 1, 3, 4, 5 - CMMC Level 3: AC, IA, CM domains - FedRAMP Moderate: AC, IA, CM controls 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
3.3 KiB
3.3 KiB