#Notes and caveats
These notes are valid as of the CIS Red Hat Enterprise Linux 6 benchmark version 1.3.0.
Existing mounts will be modified with benchmark options. Mount points are not created if not pre-existing.
Skipped: Adjusting permissions across the filesystem can be destructive.
Skipped: Some yum operations are skipped as they apply only to RHEL and not CentOS.
Skipped: Checking for unconfined daemons should be done via cron jobs or via manual inspection
Skipped: Adjusting bootloader configurations at a large scale on production machines could be highly destructive upon reboot.
IPv6 is disabled so ip6tables is also disabled.
Skipped: Restricting root access only to the system console is a bit too restrictive for most environments.
Existing user password age is not modified.
Satisfied by 8.1.
Not addressing graphical desktop environments.
Not a scorable item and requires human interpretation. This is best handled by AIDE or other file integrity monitoring systems.
This is best handled by AIDE or other file integrity monitoring systems.
These items all require human intervention to resolve. None of these will be a concern while applying CIS to a vanilla RHEL6 install.