2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
2.2.12 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
4.4.1 Ensure custom authselect profile is used | CIS Amazon Linux 2023 Server L1 v1.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
4.4.2.1 Ensure active authselect profile includes pam modules | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
4.4.2.1 Ensure active authselect profile includes pam modules | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
4.4.2.1 Ensure active authselect profile includes pam modules | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
4.4.2.1 Ensure active authselect profile includes pam modules | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
4.4.2.1 Ensure active authselect profile includes pam modules | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
4.4.2.1 Ensure active authselect profile includes pam modules | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
5.2.1 Ensure Password Account Lockout Threshold Is Configured | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL |
5.3.2 Ensure lockout for failed password attempts is configured | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL |
5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
5.3.2 Ensure lockout for failed password attempts is configured - account pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
5.3.2 Ensure lockout for failed password attempts is configured - auth pam_tally2.so | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
5.3.2 Ensure lockout for failed password attempts is configured - pam_tally2.so | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
5.3.2 Lockout for failed password attempts - 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
5.3.2 Lockout for failed password attempts - 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
5.3.2 Lockout for failed password attempts - 'auth required pam_tally2.so onerr=fail audit silent deny=5 unlock_time=900' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
5.3.2 Lockout for failed password attempts - 'auth sufficient pam_unix.so' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
5.3.2 Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
5.3.2.1 Ensure active authselect profile includes pam modules | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
5.3.2.1 Ensure active authselect profile includes pam modules | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
5.3.2.1 Ensure active authselect profile includes pam modules | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
5.3.2.1 Ensure active authselect profile includes pam modules | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
5.3.2.1 Ensure active authselect profile includes pam modules | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
5.4.1 Ensure custom authselect profile is used | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
5.4.1 Ensure custom authselect profile is used | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
5.4.1 Ensure custom authselect profile is used | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
6.3.2 Set Lockout for Failed Password Attempts - auth required pam_tally2.so deny=5 onerr=fail | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
6.3.3 Use pam_deny.so to Deny Services - auth requisite pam_deny.so /etc/pam.d/sshd | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
7.3 Disable the dnssec-accept-expired Option | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
7.3 Disable the dnssec-accept-expired Option | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |