| 1.1.1 Ensure /tmp is configured | CONFIGURATION MANAGEMENT |
| 1.1.2 Ensure sticky bit is set on all world-writable directories | CONFIGURATION MANAGEMENT |
| 1.2.1 Ensure package manager repositories are configured | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure GPG keys are configured | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1 Ensure sudo is installed | ACCESS CONTROL |
| 1.3.2 Ensure sudo commands use pty | ACCESS CONTROL |
| 1.3.3 Ensure sudo log file exists | AUDIT AND ACCOUNTABILITY |
| 1.4.1 Ensure AIDE is installed | AUDIT AND ACCOUNTABILITY |
| 1.4.2 Ensure filesystem integrity is regularly checked | AUDIT AND ACCOUNTABILITY |
| 1.5.1 Ensure prelink is disabled | AUDIT AND ACCOUNTABILITY |
| 1.6.1.1 Ensure AppArmor is installed | ACCESS CONTROL |
| 1.6.1.2 Ensure all AppArmor Profiles are in enforce or complain mode - loaded | ACCESS CONTROL |
| 1.6.1.2 Ensure all AppArmor Profiles are in enforce or complain mode - unconfined | ACCESS CONTROL |
| 1.7.1.1 Ensure message of the day is configured properly | CONFIGURATION MANAGEMENT |
| 1.7.1.2 Ensure local login warning banner is configured properly | CONFIGURATION MANAGEMENT |
| 1.7.1.3 Ensure remote login warning banner is configured properly | CONFIGURATION MANAGEMENT |
| 1.7.1.4 Ensure permissions on /etc/motd are configured | CONFIGURATION MANAGEMENT |
| 1.7.1.5 Ensure permissions on /etc/issue are configured | CONFIGURATION MANAGEMENT |
| 1.7.1.6 Ensure permissions on /etc/issue.net are configured | CONFIGURATION MANAGEMENT |
| 1.8 Ensure updates, patches, and additional security software are installed | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Ensure xinetd is not installed | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Ensure openbsd-inetd is not installed | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.1 Ensure X Window System is not installed | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure Avahi Server is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.3 Ensure CUPS is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4 Ensure DHCP Server is not enabled - isc-dhcp-server | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4 Ensure DHCP Server is not enabled - isc-dhcp-server6 | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.5 Ensure LDAP server is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.6 Ensure RPC is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.7 Ensure DNS Server is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.8 Ensure FTP Server is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.9 Ensure HTTP server is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.10 Ensure email services are not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.11 Ensure Samba is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.12 Ensure HTTP Proxy Server is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.13 Ensure SNMP Server is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.14 Ensure mail transfer agent is configured for local-only mode | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.15 Ensure rsync service is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.16 Ensure NIS Server is not enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.1 Ensure NIS Client is not installed | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | IDENTIFICATION AND AUTHENTICATION |
| 2.3.3 Ensure talk client is not installed | CONFIGURATION MANAGEMENT |
| 2.3.4 Ensure telnet client is not installed | IDENTIFICATION AND AUTHENTICATION |
| 2.3.5 Ensure LDAP client is not installed | CONFIGURATION MANAGEMENT |
| 2.4 Ensure nonessential services are removed or masked | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.1 Ensure packet redirect sending is disabled - net.ipv4.conf.all.send_redirects (sysctl.conf/sysctl.d) | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure packet redirect sending is disabled - net.ipv4.conf.default.send_redirects (sysctl.conf/sysctl.d) | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.all.send_redirects | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.default.send_redirects | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure IP forwarding is disabled - ipv4 (sysctl.conf/sysctl.d) | CONFIGURATION MANAGEMENT |
