Unnecessary Files

find_pre-CIS_files

This check is tailored towards a specific Center for Internet Security (CIS) requirement to pass the certification for Red Hat CIS benchmark. This check is particularly useful for someone who might have configured/hardened a Red Hat system based on the CIS Red Hat benchmark. The CIS benchmark tool provides a backup script to backup all the system files that may be modified during system hardening process and these files are suffixed with a keyword -preCIS. These files should be removed once all the benchmark recommendations are successfully applied and the system has been restored to its working condition. This check ensures that no preCIS files exist on the remote system.

By default, the search is done recursively under the “/” directory. This can make this check extremely slow to execute depending on the number of files present on the remote system. However, if needed, the default base directory to search for can be changed by using the optional keyword basedir. It is also possible to skip certain files within a base directory from being searched using another optional keyword ignore.

Due to the nature of the check, it is normal for it to keep running for a couple of hours, depending on the type of system being scanned. The check can be modified with the timeout tag with a value between 1 and 7,200 seconds to control processing time for this check.

Usage

<item>

name: "find_preCIS_files"

description: "Find and list all files created by CIS backup script."

# Globs allowed (? and *)

(optional) basedir: "<directory>"

(optional) ignore: "<directory>"

(optional) timeout: "[1 - 7200]"

</item>