The Entrust PKI Hub operating system is hardened to meet the "CIS Red Hat Enterprise Linux 8 Benchmark v1.0.0" recommendations for the "Level 1 - Server" profile, with one exception: the recommendations marked 
in the following table.
The ISO, Raw, and VHD columns refer to the available file formats for Installing the Entrust PKI Hub image.
CIS recommendation | Description | ISO | Raw | VHD |
|---|---|---|---|---|
1.1.2.1 | Ensure |
|
|
|
1.1.2.2 | Ensure |
|
|
|
1.1.2.3 | Ensure |
|
|
|
1.1.2.4 | Ensure |
|
|
|
1.1.3.2 | Ensure |
|
|
|
1.1.3.3 | Ensure |
|
|
|
1.1.3.4 | Ensure |
|
|
|
1.1.4.2 | Ensure |
|
|
|
1.1.4.3 | Ensure |
|
|
|
1.1.4.4 | Ensure |
|
|
|
1.1.5.2 | Ensure |
|
|
|
1.1.5.3 | Ensure |
|
|
|
1.1.5.4 | Ensure |
|
|
|
1.1.6.2 | Ensure |
|
|
|
1.1.6.3 | Ensure |
|
|
|
1.1.6.4 | Ensure |
|
|
|
1.1.7.2 | Ensure |
|
|
|
1.1.7.3 | Ensure |
|
|
|
1.3.1 | Ensure AIDE is installed |
|
|
|
1.3.2 | Ensure filesystem integrity is regularly checked |
|
|
|
1.4.1 | Ensure bootloader password is set |
|
|
|
1.6.1.6 | Ensure no unconfined services exist |
|
|
|
3.2.1 | Ensure IP forwarding is disabled |
|
|
|
3.3.1 | Ensure source routed packets are not accepted |
|
|
|
3.3.2 | Ensure ICMP redirects are not accepted |
|
|
|
3.3.9 | Ensure IPv6 router advertisements are not accepted |
|
|
|
3.4.1.5 | Ensure |
|
|
|
3.4.3.3.3 | Ensure ip6tables firewall rules exist for all open ports |
|
|
|
6.1.2 | Ensure sticky bit is set on all world-writable directories |
|
|
|
6.1.11 | Ensure no world writable files exist |
|
|
|
6.1.12 | Ensure no unowned files or directories exist |
|
|
|
6.1.13 | Ensure no ungrouped files or directories exist |
|
|
|
