Item Search

Name	Audit Name	Plugin	Category
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	CIS Oracle Server 18c DB Traditional Auditing v1.1.0	OracleDB	ACCESS CONTROL
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	ACCESS CONTROL
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	CIS Oracle Server 12c DB Traditional Auditing v3.0.0	OracleDB	ACCESS CONTROL
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less	CIS Oracle Server 12c DB Unified Auditing v3.0.0	OracleDB	ACCESS CONTROL
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	ACCESS CONTROL
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	CIS Oracle Server 12c DB Unified Auditing v3.0.0	OracleDB	ACCESS CONTROL
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	CIS Oracle Server 12c DB Traditional Auditing v3.0.0	OracleDB	ACCESS CONTROL
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5'	CIS Oracle Server 19c DB Unified Auditing v1.2.0	OracleDB	ACCESS CONTROL
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	CIS Oracle Server 12c DB Traditional Auditing v3.0.0	OracleDB	ACCESS CONTROL
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	CIS Oracle Server 12c DB Unified Auditing v3.0.0	OracleDB	ACCESS CONTROL
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	CIS Oracle Server 18c DB Traditional Auditing v1.1.0	OracleDB	ACCESS CONTROL
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	ACCESS CONTROL
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1'	CIS Oracle Server 19c DB Unified Auditing v1.2.0	OracleDB	ACCESS CONTROL
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'	CIS Oracle Server 18c DB Traditional Auditing v1.1.0	OracleDB	ACCESS CONTROL
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90'	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	ACCESS CONTROL
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'	CIS Oracle Server 12c DB Traditional Auditing v3.0.0	OracleDB	ACCESS CONTROL
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'	CIS Oracle Server 12c DB Unified Auditing v3.0.0	OracleDB	ACCESS CONTROL
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'	CIS Oracle Server 18c DB Unified Auditing v1.1.0	OracleDB	ACCESS CONTROL
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10'	CIS Oracle Server 19c DB Traditional Auditing v1.2.0	OracleDB	ACCESS CONTROL
4.4.1 Ensure custom authselect profile is used	CIS Amazon Linux 2023 Server L1 v1.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
4.4.2.1 Ensure active authselect profile includes pam modules	CIS Rocky Linux 8 Server L1 v2.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
4.4.2.1 Ensure active authselect profile includes pam modules	CIS AlmaLinux OS 8 Server L1 v3.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
4.4.2.1 Ensure active authselect profile includes pam modules	CIS Red Hat EL8 Server L1 v3.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
4.4.2.1 Ensure active authselect profile includes pam modules	CIS Rocky Linux 8 Workstation L1 v2.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
4.4.2.1 Ensure active authselect profile includes pam modules	CIS Oracle Linux 8 Workstation L1 v3.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
4.4.2.1 Ensure active authselect profile includes pam modules	CIS Red Hat EL8 Workstation L1 v3.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
5.2.1 Ensure Password Account Lockout Threshold Is Configured	CIS Apple macOS 11.0 Big Sur v4.0.0 L1	Unix	ACCESS CONTROL
5.3.2 Ensure lockout for failed password attempts is configured	CIS Debian 9 Workstation L1 v1.0.1	Unix	ACCESS CONTROL
5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.so	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0	Unix	ACCESS CONTROL
5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.so	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0	Unix	ACCESS CONTROL
5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.so	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0	Unix	ACCESS CONTROL
5.3.2 Ensure lockout for failed password attempts is configured - auth pam_tally2.so	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0	Unix	ACCESS CONTROL
5.3.2 Ensure lockout for failed password attempts is configured - pam_tally2.so	CIS Debian Family Workstation L1 v1.0.0	Unix	ACCESS CONTROL
5.3.2 Lockout for failed password attempts - 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	ACCESS CONTROL
5.3.2 Lockout for failed password attempts - 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	ACCESS CONTROL
5.3.2 Lockout for failed password attempts - 'auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	ACCESS CONTROL
5.3.2 Lockout for failed password attempts - 'auth sufficient pam_unix.so'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	ACCESS CONTROL
5.3.2 Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900'	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	ACCESS CONTROL
5.3.2.1 Ensure active authselect profile includes pam modules	CIS Rocky Linux 9 v2.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
5.3.2.1 Ensure active authselect profile includes pam modules	CIS AlmaLinux OS 9 v2.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
5.3.2.1 Ensure active authselect profile includes pam modules	CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
5.3.2.1 Ensure active authselect profile includes pam modules	CIS Oracle Linux 9 v2.0.0 L1 Server	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
5.3.2.1 Ensure active authselect profile includes pam modules	CIS AlmaLinux OS 9 v2.0.0 L1 Workstation	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
5.4.1 Ensure custom authselect profile is used	CIS CentOS Linux 8 Server L1 v2.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
5.4.1 Ensure custom authselect profile is used	CIS Fedora 28 Family Linux Server L1 v2.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
5.4.1 Ensure custom authselect profile is used	CIS Fedora 28 Family Linux Workstation L1 v2.0.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT
6.3.2 Set Lockout for Failed Password Attempts - auth required pam_tally2.so deny=5 onerr=fail	CIS Red Hat Enterprise Linux 5 L1 v2.2.1	Unix	ACCESS CONTROL
6.3.3 Use pam_deny.so to Deny Services - auth requisite pam_deny.so /etc/pam.d/sshd	CIS Red Hat Enterprise Linux 5 L1 v2.2.1	Unix	ACCESS CONTROL
7.3 Disable the dnssec-accept-expired Option	CIS BIND DNS v1.0.0 L1 Authoritative Name Server	Unix	ACCESS CONTROL
7.3 Disable the dnssec-accept-expired Option	CIS BIND DNS v1.0.0 L1 Caching Only Name Server	Unix	ACCESS CONTROL

Detections

Analytics

Item Search