Item Search

Name	Audit Name	Plugin	Category
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.4.2 Ensure permissions on bootloader config are configured - user.cfg	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.7.4 Ensure remote login warning banner is configured properly - mrsv	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.8.3 Ensure last logged in user display is disabled	CIS Fedora 28 Family Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.8.3 Ensure last logged in user display is disabled - disable user list	CIS Red Hat 6 Workstation L1 v3.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.8.3 Ensure last logged in user display is disabled - system-db:gdm	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.8.3 Ensure last logged in user display is disabled - system-db:gdm	CIS Red Hat 6 Workstation L1 v3.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.8.3 Ensure last logged in user display is disabled - user-db:user	CIS Red Hat 6 Server L1 v3.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.8.3 Ensure last logged in user display is disabled - user-db:user	CIS Red Hat 6 Workstation L1 v3.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always'	AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned	MDM	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.2.3 Ensure the NGINX service account has an invalid shell	CIS NGINX Benchmark v2.1.0 L1 Loadbalancer	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)	CIS Windows Server 2012 MS L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.4.2 Ensure requests for unknown host names are rejected	CIS NGINX Benchmark v2.1.0 L1 Webserver	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.8.1 Ensure 'Notification Settings' are configured for all 'Managed Apps'	MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned	MDM	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
3.3.7 Ensure bogus ICMP responses are ignored - sysctl	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
3.5.1 Ensure 'Disable Association MAC Randomization' is 'Configured'	AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned	MDM	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
4.2.10 Ensure SSH PermitUserEnvironment is disabled	CIS Amazon Linux 2023 Server L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
4.5.1.2 Ensure password expiration is 365 days or less	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
4.5.1.3 Ensure password expiration warning days is 7 or more	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.1.1 Ensure cron daemon is enabled and running - running	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.2.1 Ensure sudo is installed	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.2.6 Ensure SSH PAM is enabled	CIS Fedora 28 Family Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.2.6 Ensure SSH PAM is enabled	CIS Fedora 28 Family Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.2.10 Ensure SSH PermitUserEnvironment is disabled	CIS Fedora 28 Family Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.2.11 Ensure SSH IgnoreRhosts is enabled	CIS Fedora 28 Family Linux Workstation L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.2.19 Ensure SSH LoginGraceTime is set to one minute or less	CIS Fedora 28 Family Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.3.20 Ensure SSH LoginGraceTime is set to one minute or less	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.3.22 Ensure SSH MaxStartups is configured - sshd	CIS Red Hat 6 Server L1 v3.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.3.22 Ensure SSH MaxStartups is configured - sshd_config	CIS Red Hat 6 Server L1 v3.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.3.25 Ensure SSH MaxSessions is limited	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.4.2 Ensure lockout for failed password attempts is configured - password-auth	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.4.2 Ensure lockout for failed password attempts is configured - password-auth 'auth sufficient pam_unix.so'	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.5.1.2 Ensure minimum days between password changes is configured - /etc/login.defs	CIS Red Hat 6 Server L1 v3.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.5.1.3 Ensure password expiration warning days is 7 or more - login.defs	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.5.1.3 Ensure password expiration warning days is 7 or more - users	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.5.1.4 Ensure inactive password lock is 30 days or less - /etc/default/useradd	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
5.5.1.4 Ensure inactive password lock is 30 days or less - users	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
6.1.13 Audit SUID executables	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
6.1.14 Audit SGID executables	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
6.2.8 Ensure root is the only UID 0 account	CIS Fedora 28 Family Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
6.2.10 Ensure root PATH Integrity	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'	CIS Windows Server 2012 MS L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.6.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'	CIS Windows Server 2012 MS L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.6.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'	CIS Windows Server 2012 R2 MS L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.6.21.1 (L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.9.19.3 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'	CIS Windows Server 2012 R2 MS L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.9.19.7 Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

Detections

Analytics

Item Search