Because I don't have Jira.
-
-sudo-
-
-filesystem-
-
updates - few other things to check
-
-aide-
-
-boot-
-
-process-
-
mandatory access - need to check grub.conf
-
-banners-
-
-legacy services-
-
-services-
-
-network-
-
-auditing-
-
rsyslog
-
cron
-
-ssh- firewall?
-
pam
-
perms owners
-
user env
-
shadow
-
ntp?
-
Root logins
- Flesh out the system tests so it's more than parameter checking.
- Produce proper docs using (puppet-strings)[https://github.com/puppetlabs/puppet-strings]
- Review hardening in line with the spirit of the guide, not just the 'checkbox'.
- Other OSes. Test with Packer/vagrant - vagrant multi node?