• [x] ID 28500 → ensure /tmp is a separate partition

    • Created a disk partition with gparted (ensure backups are in place)

      • Install Gparted
        • sudo apt update
        • sudo apt install gparted
        • sudo gparted
      • Create partition, label accordingly, choose ext4 filesystem, allocate disk space
      • Configure /etc/fstab (sda4 was the partition identifier - lsblk to check)
        • sudo nano /etc/fstab
          • (add) /dev/sda4 /tmp ext4 defaults,nosuid,nodev,noexec,relatime 0 2
      • Run command to mount partition
        • sudo mount -o nosuid,nodev,noexec,relatime /dev/sda4 /tmp
      • Verify
        • mount | grep /tmp
      • Reboot

    • Can also create partitions on fresh install for /tmp, /var, etc…

      • Have to adjust for nodev, noexec, nosuid, etc. in /dev/fstab
      • MUST BE DONE BEFORE ADDING WAZUH AGENT SO /VAR FILES ARE NOT MISCONFIGURED
      • /etc/fstab boot setup:
        • having /var with “noexec” can cause problems when installing apps/services (wazuh agent)

      Untitled

  • [x] ID 28501 → ensure nodev option set on /tmp partition

    • See ID 28500

  • [x] ID 28502 → ensure noexec option set on /tmp partition

    • See ID 28500

  • [x] ID 28503 → Ensure nosuid option set on /tmp partition.

    • See ID 28500

  • [x] ID 28504 → Ensure separate partition exists for /var.

    • See ID 28500

  • [x] ID 28505 → Ensure nodev option set on /var partition.

    • See ID 28500

  • [x] ID 28506 → Ensure nosuid option set on /var partition.

    • See ID 28500

  • [x] ID 28507 → Ensure separate partition exists for /var/tmp.

    • See ID 28500

  • [x] ID 28508 → Ensure noexec option set on /var/tmp partition

    • See ID 28500

  • [x] ID 28509 → Ensure nosuid option set on /var/tmp partition.

    • See ID 28500

  • [x] ID 28510 - 28525

    • See ID 28500

  • [x] ID 28526 → Ensure AIDE is installed.

    # install, configure AIDE
sudo apt install aide aide-common

#initiatlize AIDE, let it run for as long as necessary
sudo aideinit

#move AIDE database
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db

#address  prelinking if necessary
sudo prelink -ua

  • [ ] 28528 → Ensure bootloader password is set

    PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.68D2D039C934D044A0C07AEB2727547ED8C459C914395DB731672106890E6F16A8ACD5A11B6B7DC561EB5EB19A5FC8716ED8D6E7E654A239D7AE118DDF62A90B.A131B6C6124C69F18FEE3E5669313DC04189D90CEB8D97AD5372328549B92DB65B1B91D0184C17767D16BD0C33EEECA3EDE43D07893B9AFA8A7C944476DD466B