The Entrust PKI Hub operating system is hardened to meet the following recommendations.
- Document: CIS Red Hat Enterprise Linux 8 Benchmark v1.0.0
- Profile: Level 1 - Server
Specifically, this operating system meets all recommendations marked 
in the following table.
The ISO, Raw, and VHD columns refer to the available file formats for Installing the Entrust PKI Hub image.
CIS recommendation | Description | ISO | Raw | VHD |
|---|---|---|---|---|
1.1.2.1 | Ensure |
|
|
|
1.1.2.2 | Ensure |
|
|
|
1.1.2.3 | Ensure |
|
|
|
1.1.2.4 | Ensure |
|
|
|
1.1.3.2 | Ensure |
|
|
|
1.1.3.3 | Ensure |
|
|
|
1.1.3.4 | Ensure |
|
|
|
1.1.4.2 | Ensure |
|
|
|
1.1.4.3 | Ensure |
|
|
|
1.1.4.4 | Ensure |
|
|
|
1.1.5.2 | Ensure |
|
|
|
1.1.5.3 | Ensure |
|
|
|
1.1.5.4 | Ensure |
|
|
|
1.1.6.2 | Ensure |
|
|
|
1.1.6.3 | Ensure |
|
|
|
1.1.6.4 | Ensure |
|
|
|
1.1.7.2 | Ensure |
|
|
|
1.1.7.3 | Ensure |
|
|
|
1.3.1 | Ensure AIDE is installed |
|
|
|
1.3.2 | Ensure filesystem integrity is regularly checked |
|
|
|
1.4.1 | Ensure bootloader password is set |
|
|
|
1.6.1.6 | Ensure no unconfined services exist |
|
|
|
3.2.1 | Ensure IP forwarding is disabled |
|
|
|
3.3.1 | Ensure source routed packets are not accepted |
|
|
|
3.3.2 | Ensure ICMP redirects are not accepted |
|
|
|
3.3.9 | Ensure IPv6 router advertisements are not accepted |
|
|
|
3.4.1.4 | Ensure |
|
|
|
3.4.1.5 | Ensure |
|
|
|
3.4.3.3.3 | Ensure ip6tables firewall rules exist for all open ports |
|
|
|
5.5.1 | Ensure password creation requirements are configured |
|
|
|
6.1.2 | Ensure sticky bit is set on all world-writable directories |
|
|
|
6.1.11 | Ensure no world writable files exist |
|
|
|
6.1.12 | Ensure no unowned files or directories exist |
|
|
|
6.1.13 | Ensure no ungrouped files or directories exist |
|
|
|
