Detections
Analytics

CIS Amazon Linux 2 v3.0.0 L1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Amazon Linux 2 v3.0.0 L1

Updated: 4/15/2026

Authority: CIS

Plugin: Unix

Revision: 1.10

Estimated Item Count: 230

File Details

Filename: CIS_Amazon_Linux_2_v3.0.0_L1.audit

Size: 801 kB

MD5: d9c4e8124070918a824b0841f566bf87
SHA256: a5a0a7d2e823fbe3e1ea0771bbec8e9bf843e9fe095bbbae8b7445b9380637ac

Audit Items

DescriptionCategories
1.1.1.1 Ensure cramfs kernel module is not available
1.1.1.2 Ensure freevxfs kernel module is not available
1.1.1.3 Ensure hfs kernel module is not available
1.1.1.4 Ensure hfsplus kernel module is not available
1.1.1.5 Ensure jffs2 kernel module is not available
1.1.1.8 Ensure usb-storage kernel module is not available
1.1.2.1.1 Ensure /tmp is a separate partition
1.1.2.1.2 Ensure nodev option set on /tmp partition
1.1.2.1.3 Ensure nosuid option set on /tmp partition
1.1.2.1.4 Ensure noexec option set on /tmp partition
1.1.2.2.1 Ensure /dev/shm is a separate partition
1.1.2.2.2 Ensure nodev option set on /dev/shm partition
1.1.2.2.3 Ensure nosuid option set on /dev/shm partition
1.1.2.2.4 Ensure noexec option set on /dev/shm partition
1.1.2.3.2 Ensure nodev option set on /home partition
1.1.2.3.3 Ensure nosuid option set on /home partition
1.1.2.4.2 Ensure nodev option set on /var partition
1.1.2.4.3 Ensure nosuid option set on /var partition
1.1.2.5.2 Ensure nodev option set on /var/tmp partition
1.1.2.5.3 Ensure nosuid option set on /var/tmp partition
1.1.2.5.4 Ensure noexec option set on /var/tmp partition
1.1.2.6.2 Ensure nodev option set on /var/log partition
1.1.2.6.3 Ensure nosuid option set on /var/log partition
1.1.2.6.4 Ensure noexec option set on /var/log partition
1.1.2.7.2 Ensure nodev option set on /var/log/audit partition
1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition
1.1.2.7.4 Ensure noexec option set on /var/log/audit partition
1.2.1 Ensure GPG keys are configured
1.2.2 Ensure gpgcheck is globally activated
1.2.4 Ensure package manager repositories are configured
1.2.5 Ensure updates, patches, and additional security software are installed
1.3.1 Ensure authentication required for single user mode
1.4.1 Ensure address space layout randomization (ASLR) is enabled
1.4.2 Ensure ptrace_scope is restricted
1.4.3 Ensure core dump backtraces are disabled
1.4.4 Ensure core dump storage is disabled
1.5.1.1 Ensure SELinux is installed
1.5.1.2 Ensure SELinux is not disabled in bootloader configuration
1.5.1.3 Ensure SELinux policy is configured
1.5.1.4 Ensure the SELinux mode is not disabled
1.5.1.6 Ensure no unconfined services exist
1.5.1.7 Ensure the MCS Translation Service (mcstrans) is not installed
1.5.1.8 Ensure SETroubleshoot is not installed
1.6.1 Ensure message of the day is configured properly
1.6.2 Ensure local login warning banner is configured properly
1.6.3 Ensure remote login warning banner is configured properly
1.6.4 Ensure access to /etc/motd is configured
1.6.5 Ensure access to /etc/issue is configured
1.6.6 Ensure access to /etc/issue.net is configured
2.1.1 Ensure time synchronization is in use