Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.5 Ensure separate partition exists for /varCIS Debian 8 Workstation L2 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.11 Ensure separate partition exists for /var/log/auditCIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

1.1.21 Disable AutomountingCIS Debian 8 Workstation L2 v2.0.2Unix

MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.6.1.3 Ensure SELinux policy is configuredCIS Debian 8 Workstation L2 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

1.6.2.1 Ensure AppArmor is enabled in the bootloader configuration - apparmor=1CIS Debian 8 Workstation L2 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

1.6.2.1 Ensure AppArmor is enabled in the bootloader configuration - security=apparmorCIS Debian 8 Workstation L2 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

2.2.5 Ensure DHCP Server is not enabled - isc-dhcp-server6CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT

3.1.2 Ensure packet redirect sending is disabled - all /etc/sysctl.conf /etc/sysctl.d/*CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.1.2 Ensure packet redirect sending is disabled - default sysctlCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.1 Ensure source routed packets are not accepted - net.ipv4.conf.default.accept_source_route = 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.1 Ensure source routed packets are not accepted - net.ipv6.conf.all.accept_source_route = 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.1 Ensure source routed packets are not accepted - net.ipv6.conf.default.accept_source_route = 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not accepted - files net.ipv6.conf.all.accept_redirects= 0CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.all.accept_redirectsCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.5 Ensure broadcast ICMP requests are ignored - net.ipv4.icmp_echo_ignore_broadcasts = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.8 Ensure TCP SYN Cookies is enabled - files net.ipv4.tcp_syncookies = 1CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.3.4 Ensure permissions on /etc/hosts.allow are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.4.1 Ensure DCCP is disabled - lsmodCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2 Ensure SCTP is disabled - lsmodCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2 Ensure SCTP is disabled - modprobeCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3 Ensure RDS is disabled - lsmodCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.4 Ensure TIPC is disabled - lsmodCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.1 Ensure default deny firewall policy - Chain INPUTCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.2 Ensure loopback traffic is configured - inputCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.4 Ensure IPv6 firewall rules exist for all open portsCIS Debian 8 Workstation L1 v2.0.2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Disable IPv6CIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat x64CIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure discretionary access control permission modification events are collected - chown fchown fchownat lchownCIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM x64CIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCESCIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM x64CIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.1.13 Ensure successful file system mounts are collected - auditctl mountCIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.1.13 Ensure successful file system mounts are collected - auditctl mount x64CIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.1.16 Ensure system administrator actions (sudolog) are collected - /var/log/sudo.logCIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.1.17 Ensure kernel module loading and unloading is collected - /sbin/modprobeCIS Debian 8 Workstation L2 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.2.1.3 Ensure rsyslog default file permissions are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostCIS Debian 8 Workstation L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

4.3 Ensure logrotate is configuredCIS Debian 8 Workstation L1 v2.0.2Unix

AUDIT AND ACCOUNTABILITY

5.2.6 Ensure SSH X11 forwarding is disabledCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT

5.2.8 Ensure SSH IgnoreRhosts is enabledCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.19 Ensure SSH warning banner is configuredCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.4.1.3 Ensure password expiration warning days is 7 or more - usersCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.5 Ensure root login is restricted to system consoleCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.1.7 Ensure permissions on /etc/shadow- are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.8 Ensure permissions on /etc/group- are configuredCIS Debian 8 Workstation L1 v2.0.2Unix

ACCESS CONTROL, MEDIA PROTECTION

6.2.3 Ensure no legacy '+' entries exist in /etc/shadowCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2.4 Ensure no legacy '+' entries exist in /etc/groupCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2.5 Ensure root is the only UID 0 accountCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2.7 Ensure all users' home directories existCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

6.2.18 Ensure no duplicate user names existCIS Debian 8 Workstation L1 v2.0.2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION