Detections
Analytics

CIS Amazon Linux 2 STIG v1.0.0 L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Amazon Linux 2 STIG v1.0.0 L2

Updated: 6/24/2025

Authority: CIS

Plugin: Unix

Revision: 1.15

Estimated Item Count: 120

File Details

Filename: CIS_Amazon_Linux_2_STIG_v1.0.0_L2.audit

Size: 362 kB

MD5: 84d942c4f3ac11121d40da0b703d5cb1
SHA256: 2dd26770144f2ddb940d8ae02b6def1a2d35c9773b48462b15abcfd494bb4a36

Audit Items

DescriptionCategories
1.1.7 Ensure separate partition exists for /var
1.1.8 Ensure separate partition exists for /var/tmp
1.1.12 Ensure separate partition exists for /var/log
1.1.13 Ensure separate partition exists for /var/log/audit
1.1.14 Ensure separate partition exists for /home
1.6.1.1 Ensure SELinux is installed
1.6.1.2 Ensure SELinux is not disabled in bootloader configuration
1.6.1.3 Ensure the SELinux state is enforcing - config
1.6.1.3 Ensure the SELinux state is enforcing - sestatus
1.6.1.4 Ensure SELinux policy is configured - config
1.6.1.4 Ensure SELinux policy is configured - sestatus
1.6.1.5 Ensure SETroubleshoot is not installed
1.6.1.6 Ensure the MCS Translation Service (mcstrans) is not installed
1.6.1.7 Ensure no unconfined daemons exist
3.4.1 Ensure DCCP is disabled
3.4.2 Ensure SCTP is disabled
3.4.3 Ensure RDS is disabled
3.4.4 Ensure TIPC is disabled
3.6 Disable IPv6
4.1.1.1 Ensure audit log storage size is configured
4.1.1.2 Ensure system is disabled when audit logs are full - action_mail_acct
4.1.1.2 Ensure system is disabled when audit logs are full - admin_space_left_action
4.1.1.2 Ensure system is disabled when audit logs are full - space_left_action
4.1.1.3 Ensure audit logs are not automatically deleted
4.1.3 Ensure auditd service is enabled
4.1.4 Ensure auditing for processes that start prior to auditd is enabled
4.1.5 Ensure events that modify date and time information are collected - adjtimex 32 bit
4.1.5 Ensure events that modify date and time information are collected - adjtimex 64 bit
4.1.5 Ensure events that modify date and time information are collected - auditctl adjtimex 32 bit
4.1.5 Ensure events that modify date and time information are collected - auditctl adjtimex 64 bit
4.1.5 Ensure events that modify date and time information are collected - auditctl clock_settime 32 bit
4.1.5 Ensure events that modify date and time information are collected - auditctl clock_settime 64 bit
4.1.5 Ensure events that modify date and time information are collected - auditctl localtime
4.1.5 Ensure events that modify date and time information are collected - clock_settime 32 bit
4.1.5 Ensure events that modify date and time information are collected - clock_settime 64 bit
4.1.5 Ensure events that modify date and time information are collected - localtime
4.1.6 Ensure events that modify user/group information are collected - /etc/group
4.1.6 Ensure events that modify user/group information are collected - /etc/gshadow
4.1.6 Ensure events that modify user/group information are collected - /etc/passwd
4.1.6 Ensure events that modify user/group information are collected - /etc/security/opasswd
4.1.6 Ensure events that modify user/group information are collected - /etc/shadow
4.1.6 Ensure events that modify user/group information are collected - auditctl /etc/group
4.1.6 Ensure events that modify user/group information are collected - auditctl /etc/gshadow
4.1.6 Ensure events that modify user/group information are collected - auditctl /etc/passwd
4.1.6 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd
4.1.6 Ensure events that modify user/group information are collected - auditctl /etc/shadow
4.1.7 Ensure events that modify the system's network environment are collected - /etc/hosts
4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue
4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue.net
4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network