Name: CIS Bottlerocket L2
Updated: 6/17/2024
Authority: CIS
Plugin: Unix
Revision: 1.1
Estimated Item Count: 16
Filename: CIS_Bottlerocket_v1.0.0_L2.audit
Size: 44.5 kB
Description | Categories |
---|---|
1.1.1.1 Ensure mounting of UDF filesystems is disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
1.4.4 Ensure user namespaces are disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
1.5.2 Ensure Lockdown is configured | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
3.1.1 Ensure packet redirect sending is disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
3.2.1 Ensure source routed packets are not accepted | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
3.2.2 Ensure ICMP redirects are not accepted | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
3.2.3 Ensure secure ICMP redirects are not accepted | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
3.2.4 Ensure suspicious packets are logged | AUDIT AND ACCOUNTABILITY |
3.3.1 Ensure SCTP is disabled | CONFIGURATION MANAGEMENT |
3.4.1.1 Ensure IPv4 default deny firewall policy | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.4.1.2 Ensure IPv4 loopback traffic is configured | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.4.1.3 Ensure IPv4 outbound and established connections are configured | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.4.2.1 Ensure IPv6 default deny firewall policy | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.4.2.2 Ensure IPv6 loopback traffic is configured | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.4.2.3 Ensure IPv6 outbound and established connections are configured | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
CIS_Bottlerocket_v1.0.0_L2.audit from CIS Bottlerocket Benchmark Level 2 |