| 1.1.1.6 Ensure mounting of squashfs filesystems is disabled - modprobe | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.12 Ensure separate partition exists for /var/log/audit | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.13 Ensure separate partition exists for /home | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Disable IPv6 - sysctl all | CIS Debian Family Server L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1 Ensure DCCP is disabled - lsmod | CIS Debian Family Server L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.5.3 Ensure RDS is disabled - lsmod | CIS Debian Family Server L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.5.4 Ensure TIPC is disabled - lsmod | CIS Debian Family Server L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.1.1.2 Ensure auditd service is enabled | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.1 Ensure audit log storage size is configured | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full - admin_space_left_action | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime x64 | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - clock_settime | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - sethostname setdomainname | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor.d | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure use of privileged commands is collected | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.13 Ensure file deletion events by users are collected - auditctl delete x64 | CIS Debian Family Server L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure file deletion events by users are collected - delete | CIS Debian Family Server L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.15 Ensure system administrator command executions (sudo) are collected - b32 actions | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - /sbin/insmod | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/insmod | CIS Debian Family Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.17 Ensure the audit configuration is immutable | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.6 Ensure permissions on /etc/cron.monthly are configured | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.1.8 Ensure cron is restricted to authorized users - cron.deny | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.7 Ensure SSH IgnoreRhosts is enabled | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.11 Ensure SSH PermitUserEnvironment is disabled | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.18 Ensure SSH warning banner is configured | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.1 Ensure password creation requirements are configured - password complexity | CIS Debian Family Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.3 Ensure password reuse is limited | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.4 Ensure password hashing algorithm is SHA-512 | CIS Debian Family Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.3 Ensure password expiration warning days is 7 or more - login.defs | CIS Debian Family Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.4 Ensure inactive password lock is 30 days or less - useradd | CIS Debian Family Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.3 Ensure default group for the root account is GID 0 | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.4.5 Ensure default user shell timeout is 900 seconds or less | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.6 Ensure access to the su command is restricted | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.3 Ensure permissions on /etc/passwd- are configured | CIS Debian Family Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.10 Ensure no world writable files exist | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.1.11 Ensure no unowned files or directories exist | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.12 Ensure no ungrouped files or directories exist | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.13 Audit SUID executables | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.4 Ensure users own their home directories | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.7 Ensure no users have .netrc files | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.8 Ensure no users have .forward files | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.11 Ensure root PATH Integrity | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.12 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.2.14 Ensure no duplicate GIDs exist | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.15 Ensure no duplicate user names exist | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.16 Ensure no duplicate group names exist | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
