Detections
Analytics

CIS Amazon Linux 2 STIG v1.0.0 L1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Amazon Linux 2 STIG v1.0.0 L1

Updated: 6/24/2025

Authority: CIS

Plugin: Unix

Revision: 1.32

Estimated Item Count: 265

File Details

Filename: CIS_Amazon_Linux_2_STIG_v1.0.0_L1.audit

Size: 480 kB

MD5: 0b9ed08b0db6b0795a3f046f73489c9e
SHA256: 36adc7e5b184b9347ca9f42f985c95a8019205fbe84076b6dac4442dc49f03d3

Audit Items

DescriptionCategories
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe
1.1.1.2 Ensure mounting of hfs filesystems is disabled - lsmod
1.1.1.2 Ensure mounting of hfs filesystems is disabled - modprobe
1.1.1.3 Ensure mounting of hfsplus filesystems is disabled - lsmod
1.1.1.3 Ensure mounting of hfsplus filesystems is disabled - modprobe
1.1.1.4 Ensure mounting of squashfs filesystems is disabled - lsmod
1.1.1.4 Ensure mounting of squashfs filesystems is disabled - modprobe
1.1.1.5 Ensure mounting of udf filesystems is disabled - lsmod
1.1.1.5 Ensure mounting of udf filesystems is disabled - modprobe
1.1.2 Ensure /tmp is configured
1.1.4 Ensure nodev option set on /tmp partition
1.1.5 Ensure nosuid option set on /tmp partition
1.1.6 Ensure noexec option set on /tmp partition
1.1.9 Ensure nodev option set on /var/tmp partition
1.1.10 Ensure nosuid option set on /var/tmp partition
1.1.11 Ensure noexec option set on /var/tmp partition
1.1.15 Ensure nodev option set on /home partition
1.1.16 Ensure nodev option set on /dev/shm partition
1.1.17 Ensure nosuid option set on /dev/shm partition
1.1.18 Ensure noexec option set on /dev/shm partition
1.1.19 Ensure sticky bit is set on all world-writable directories
1.1.20 Disable Automounting
1.2.1 Ensure package manager repositories are configured
1.2.2 Ensure GPG keys are configured
1.2.3 Ensure gpgcheck is globally activated
1.3.1 Ensure AIDE is installed
1.3.2 Ensure filesystem integrity is regularly checked
1.4.1 Ensure permissions on bootloader config are configured
1.4.2 Ensure authentication required for single user mode - emergency.service
1.4.2 Ensure authentication required for single user mode - rescue.service
1.5.1 Ensure core dumps are restricted - /etc/sysctl.conf, /etc/sysctl.d/*
1.5.1 Ensure core dumps are restricted - limits.conf, limits.d/*
1.5.1 Ensure core dumps are restricted - sysctl
1.5.2 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl
1.5.3 Ensure prelink is disabled
1.7.1.1 Ensure message of the day is configured properly - banner_check
1.7.1.1 Ensure message of the day is configured properly - msrv
1.7.1.2 Ensure local login warning banner is configured properly - banner_check
1.7.1.2 Ensure local login warning banner is configured properly - msrv
1.7.1.3 Ensure remote login warning banner is configured properly - banner_check
1.7.1.3 Ensure remote login warning banner is configured properly - msrv
1.7.1.4 Ensure permissions on /etc/motd are configured
1.7.1.5 Ensure permissions on /etc/issue are configured
1.7.1.6 Ensure permissions on /etc/issue.net are configured
1.8 Ensure updates, patches, and additional security software are installed
2.2.1.1 Ensure time synchronization is in use
2.2.1.2 Ensure ntp is configured - daemon
2.2.1.2 Ensure ntp is configured - remote server