mondoohq · tas50 · Nov 18, 2024 · Nov 18, 2024 · Nov 18, 2024 · Nov 18, 2024
diff --git a/core/mondoo-linux-security.mql.yaml b/core/mondoo-linux-security.mql.yaml
@@ -694,7 +694,7 @@ queries:
       if( package("exim4").installed && service('exim4').running ) {
         parse.ini("/etc/exim4/update-exim4.conf.conf").params["dc_local_interfaces"] == "'127.0.0.1 ; ::1'"
       }
-      ports.listening.where(address != "127.0.0.1" && address != "::1").none(port == 25)
+      ports.listening.where(address != "127.0.0.1" && address != "[::1]").none(port == 25)
     docs:
       desc: Mail Transfer Agents (MTA), such as Exim and Postfix, listen for incoming mail and transfer the messages to the appropriate user or mail server. If the system is not intended to be a mail server, it is recommended that the MTA be configured to only process local mail.
       remediation: |-
@@ -1251,6 +1251,12 @@ queries:
         ```
         max_log_file = <MB>
         ```
+
+        Restart the service to load the new configuration values:
+
+        ```
+        service auditd reload
+        ```
   - uid: mondoo-linux-security-audit-logs-are-not-automatically-deleted
     title: Ensure audit logs are not automatically deleted
     impact: 40
@@ -1268,6 +1274,12 @@ queries:
         ```
         max_log_file_action = keep_logs
         ```
+
+        Restart the service to load the new configuration values:
+
+        ```
+        service auditd reload
+        ```
   - uid: mondoo-linux-security-system-is-disabled-when-audit-logs-are-full
     title: Ensure system is disabled when audit logs are full
     impact: 40
@@ -1293,6 +1305,12 @@ queries:
         action_mail_acct = root
         admin_space_left_action = halt
         ```
+
+        Restart the service to load the new configuration values:
+
+        ```
+        service auditd reload
+        ```
   - uid: mondoo-linux-security-changes-to-system-administration-scope-sudoers-is-collected
     title: Ensure changes to system administration scope (sudoers) is collected
     impact: 50
@@ -2314,7 +2332,7 @@ queries:
         vi /etc/rsyslog.conf
         ..
         $FileCreateMode 0640
-        $umask 0077
+        $Umask 0077
         ```
 
         Configuration for creation, deletion and cleaning of volatile and temporary files:
@@ -2631,7 +2649,7 @@ queries:
       sshd.config.params["LoginGraceTime"] >= 1
       sshd.config.params["LoginGraceTime"] <= 60
     docs:
-      desc: The `LoginGraceTime` parameter specifies the time allowed for successful authentication to the SSH server. The longer the grace period is, the more open unauthenticated connections can exist. Like other session controls, the grace period should be limited to appropriate organizational limits to ensure the service is available for needed access.
+      desc: The `LoginGraceTime` parameter specifies the time (in seconds) allowed for successful authentication to the SSH server. The longer the grace period is, the more open unauthenticated connections can exist. Like other session controls, the grace period should be limited to appropriate organizational limits to ensure the service is available for needed access.
       remediation: |-
         Edit the `/etc/ssh/sshd_config` file to set the `LoginGraceTime` parameter as follows: