Make the Audit Configuration Immutable
"Set system audit so that audit rules cannot be modified with auditctl. Setting the flag ""-e 2"" forces audit to be put in immutable mode. Audit changes can only be made on system reboot."
Collect Kernel Module Loading and Unloading
"Monitor the loading and unloading of kernel modules. The programs insmod (install a kernel module), rmmod (remove a kernel module), and modprobe (a more sophisticated program to load and unload modules, as well as some other features) control loading and unloading of modules. The init_module (load a module) and delete_module (delete a module) system ca ...
Ensure the X Window system is not installed
The X Window system provides a Graphical User Interface (GUI) where users can have multiple windows in which to run programs and various add on. The X Window system is typically used on desktops where users login, but not on servers where users typically do not login.
Ensure LDAP is not enabled
The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.
Configure Network Time Protocol (NTP)
The Network Time Protocol (NTP) is designed to synchronize system clocks across a variety of systems and use a source that is highly accurate. More information on NTP can be found at http://www.ntp.org. NTP can be configured to be a client and/or a server.