Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.2.12 Ensure Samba is not enabledCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT

2.2.16 Ensure rsync service is not enabledCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT

3.1.1 Ensure IP forwarding is disabled - ipv4 sysctlCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.2 Ensure packet redirect sending is disabled - default /etc/sysctl.conf /etc/sysctl.d/*CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not accepted - files net.ipv4.conf.all.accept_redirects= 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not accepted - files net.ipv4.conf.default.accept_redirects= 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not accepted - net.ipv6.conf.all.accept_redirectsCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.3 Ensure secure ICMP redirects are not accepted - files net.ipv4.conf.all.secure_redirects = 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.3 Ensure secure ICMP redirects are not accepted - net.ipv4.conf.default.secure_redirects = 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.4 Ensure suspicious packets are logged - files net.ipv4.conf.all.log_martians = 1CIS Debian 8 Workstation L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

3.2.5 Ensure broadcast ICMP requests are ignored - files net.ipv4.icmp_echo_ignore_broadcasts = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.6 Ensure bogus ICMP responses are ignored - net.ipv4.icmp_ignore_bogus_error_responses = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure Reverse Path Filtering is enabled - files net.ipv4.conf.all.rp_filter = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure Reverse Path Filtering is enabled - files net.ipv4.conf.default.rp_filter = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure Reverse Path Filtering is enabled - net.ipv4.conf.all.rp_filter = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure Reverse Path Filtering is enabled - net.ipv4.conf.default.rp_filter = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.3.3 Ensure /etc/hosts.deny is configuredCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.1 Ensure default deny firewall policy - Chain FORWARDCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.1 Ensure IPv6 default deny firewall policy - Chain OUTPUTCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3 Ensure iptables is installedCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.1.1 Ensure rsyslog service is enabledCIS Debian 8 Workstation L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.2.1.5 Ensure rsyslog is not configured to receive logs from a remote clientCIS Debian 8 Workstation L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

4.2.2.3 Ensure syslog-ng default file permissions configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

4.2.3 Ensure rsyslog or syslog-ng is installedCIS Debian 8 Workstation L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.2.4 Ensure permissions on all logfiles are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.1 Ensure cron daemon is enabledCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.1.2 Ensure permissions on /etc/crontab are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.4 Ensure permissions on /etc/cron.daily are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.6 Ensure permissions on /etc/cron.monthly are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.7 Ensure permissions on /etc/cron.d are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.8 Ensure at/cron is restricted to authorized users - at.denyCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4 Ensure SSH Protocol is set to 2CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.13 Ensure only strong ciphers are usedCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.15 Ensure only strong Key Exchange algorithms are usedCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.2.16 Ensure SSH Idle Timeout Interval is configured - ClientAliveIntervalCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL

5.2.18 Ensure SSH access is limitedCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configuredCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.4 Ensure password hashing algorithm is SHA-512CIS Debian 8 Workstation L1 v2.0.2Unix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.4.1.4 Ensure inactive password lock is 30 days or less - usersCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile.d/*.shCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.6 Ensure access to the su command is restricted - /etc/groupCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.1.2 Ensure permissions on /etc/passwd are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.4 Ensure permissions on /etc/group are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.6 Ensure permissions on /etc/passwd- are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.9 Ensure permissions on /etc/gshadow- are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.12 Ensure no ungrouped files or directories existCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.1.13 Audit SUID executablesCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2.1 Ensure password fields are not emptyCIS Debian 8 Workstation L1 v2.0.2Unix

IDENTIFICATION AND AUTHENTICATION

6.2.14 Ensure no users have .rhosts filesCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2.19 Ensure no duplicate group names existCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION