Detections
Analytics

CIS Amazon Linux 2 v4.0.0 L1 Server

Audit Details

Name: CIS Amazon Linux 2 v4.0.0 L1 Server

Updated: 4/15/2026

Authority: CIS

Plugin: Unix

Revision: 1.0

Estimated Item Count: 226

File Details

Filename: CIS_Amazon_Linux_2_v4.0.0_L1_Server.audit

Size: 1 MB

MD5: eac64479f56d5acc16a7d428edb58e69
SHA256: 01122b9f929b3452d6ce6e304cbb9f8851b8400f9d536e35a641253348282edb

Audit Items

DescriptionCategories
1.1.1.1 Ensure cramfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.2 Ensure hfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.3 Ensure hfsplus kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.4 Ensure overlay kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure squashfs kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.6 Ensure udf kernel module is not available

CONFIGURATION MANAGEMENT

1.1.1.7 Ensure unused filesystems kernel modules are not available

CONFIGURATION MANAGEMENT

1.1.2.1.1 Ensure /tmp is tmpfs or a separate partition

CONFIGURATION MANAGEMENT

1.1.2.1.2 Ensure nodev option set on /tmp partition

CONFIGURATION MANAGEMENT

1.1.2.1.3 Ensure nosuid option set on /tmp partition

CONFIGURATION MANAGEMENT

1.1.2.1.4 Ensure noexec option set on /tmp partition

CONFIGURATION MANAGEMENT

1.1.2.2.1 Ensure /dev/shm is tmpfs

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.1.2.2.2 Ensure nodev option set on /dev/shm partition

CONFIGURATION MANAGEMENT

1.1.2.2.3 Ensure nosuid option set on /dev/shm partition

CONFIGURATION MANAGEMENT

1.1.2.2.4 Ensure noexec option set on /dev/shm partition

CONFIGURATION MANAGEMENT

1.1.2.3.2 Ensure nodev option set on /home partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.3.3 Ensure nosuid option set on /home partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.2 Ensure nodev option set on /var partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.3 Ensure nosuid option set on /var partition

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.2 Ensure nodev option set on /var/tmp partition

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.1.2.5.3 Ensure nosuid option set on /var/tmp partition

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.1.2.5.4 Ensure noexec option set on /var/tmp partition

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.1.2.6.2 Ensure nodev option set on /var/log partition

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.1.2.6.3 Ensure nosuid option set on /var/log partition

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.1.2.6.4 Ensure noexec option set on /var/log partition

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.1.2.7.1 Ensure separate partition exists for /var/log/audit

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

1.1.2.7.2 Ensure nodev option set on /var/log/audit partition

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.1.2.7.3 Ensure nosuid option set on /var/log/audit partition

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.1.2.7.4 Ensure noexec option set on /var/log/audit partition

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.2.1 Ensure GPG keys are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.2 Ensure gpgcheck is globally activated

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.4 Ensure package manager repositories are configured

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.5 Ensure updates, patches, and additional security software are installed

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure authentication required for single user mode

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.4.1.1 Ensure SELinux is installed

ACCESS CONTROL, MEDIA PROTECTION

1.4.1.2 Ensure SELinux is not disabled in bootloader configuration

ACCESS CONTROL, MEDIA PROTECTION

1.4.1.3 Ensure SELinux policy is configured

ACCESS CONTROL, MEDIA PROTECTION

1.4.1.4 Ensure the SELinux mode is not disabled

SYSTEM AND COMMUNICATIONS PROTECTION

1.4.1.7 Ensure the MCS Translation Service (mcstrans) is not installed

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION

1.5.1 Ensure core file size is configured

CONFIGURATION MANAGEMENT

1.5.2 Ensure fs.protected_hardlinks is configured

ACCESS CONTROL

1.5.3 Ensure fs.protected_symlinks is configured

ACCESS CONTROL

1.5.4 Ensure fs.suid_dumpable is configured

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.5.5 Ensure kernel.dmesg_restrict is configured

SYSTEM AND COMMUNICATIONS PROTECTION

1.5.6 Ensure kernel.kptr_restrict is configured

CONFIGURATION MANAGEMENT

1.5.7 Ensure kernel.yama.ptrace_scope is configured

CONFIGURATION MANAGEMENT

1.5.8 Ensure kernel.randomize_va_space is configured

SYSTEM AND INFORMATION INTEGRITY

1.5.9 Ensure systemd-coredump ProcessSizeMax is configured

CONFIGURATION MANAGEMENT

1.5.10 Ensure systemd-coredump Storage is configured

CONFIGURATION MANAGEMENT

1.6.1 Ensure message of the day is configured properly

CONFIGURATION MANAGEMENT