Detections
Analytics

Item Search

NameAudit NamePluginCategory
3.4.2.8 Ensure nftables default deny firewall policyCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.9 Ensure nftables default deny firewall policyCIS CentOS Linux 8 Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.9 Ensure nftables default deny firewall policyCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.2.9 Ensure nftables default deny firewall policyCIS CentOS Linux 8 Server L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.2.1 Ensure iptables default deny firewall policyCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.3.1 Ensure ip6tables default deny firewall policyCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.3.1 Ensure ip6tables default deny firewall policyCIS Debian 10 Workstation L1 v2.0.0Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.7 Ensure events that modify the system's network environment are collected - /etc/issueCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/networkCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/hostsCIS Distribution Independent Linux Server L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.netCIS Distribution Independent Linux Server L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.4.2.1 Ensure iptables default deny firewall policyCIS Debian Linux 12 v1.1.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure a client list is set for SNMPv1/v2 communitiesCIS Juniper OS Benchmark v2.1.0 L1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'ORA_{SID}_DBA Group has no unauthorized users'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

ACCESS CONTROL

DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - 'Oracle Advanced Security is installed'DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0083-ORACLE11 - Automated notification of suspicious activity detected in the audit trail should be implemented.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0092-ORACLE11 - Database data files containing sensitive information should be encrypted.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0093-ORACLE11 - Remote adminstrative connections to the database should be encrypted - all protocols use TCPS'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

ACCESS CONTROL

DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\bin\extproc.exe does not exist'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

CONFIGURATION MANAGEMENT

DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\hs\admin\extproc.ora SET EXTPROC_DLLS = ONLY'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

CONFIGURATION MANAGEMENT

DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\hs\admin\extproc.ora SET EXTPROC_DLLS contains only valid paths'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

CONFIGURATION MANAGEMENT

DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\rdbms\admin\externaljob.ora run_user = nobody'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

CONFIGURATION MANAGEMENT

DG0103-ORACLE11 - Network access to the DBMS must be restricted to authorized personnel - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA tcp.invited_nodes = valid IP Range'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

SYSTEM AND COMMUNICATIONS PROTECTION

DG0106-ORACLE11 - Database data encryption controls should be configured in accordance with application requirements.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0108-ORACLE11 - The DBMS restoration priority should be assigned.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0110-ORACLE11 - The DBMS should not share a host supporting an independent security service - 'DomainRole != 4 or 5'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

CONFIGURATION MANAGEMENT

DG0120-ORACLE11 - Unauthorized access to external database objects should be removed from application user roles.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0167-ORACLE11 - Sensitive data served by the DBMS should be protected by encryption when transmitted across the network.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0186-ORACLE11 - The database should not be directly accessible from public or unauthorized networks.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DG0187-ORACLE11 - DBMS software libraries should be periodically backed up - '$ORACLE_HOME files are being backed up'DISA STIG Oracle 11 Installation v9r1 LinuxUnix

CONTINGENCY PLANNING

DG0195-ORACLE11 - DBMS production application and data directories should be protected from developers on shared production/development DBMS host systems - 'root is not a mamber of the oracle group'DISA STIG Oracle 11 Installation v9r1 LinuxUnix

ACCESS CONTROL

DG7001-ORACLE11 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle services use appropriate service accounts'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

ACCESS CONTROL

DO0145-ORACLE11 - OS DBA group membership should be restricted to authorized accounts.DISA STIG Oracle 11 Installation v9r1 LinuxUnix

ACCESS CONTROL

DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\listener.ora INBOUND_CONNECT_TIMEOUT_listener > 0'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

ACCESS CONTROL

DO0360-ORACLE11 - Connections by mid-tier web and application systems to the Oracle DBMS should be protected, encrypted and authenticated according to database, web, application, enclave and network requirements.DISA STIG Oracle 11 Installation v9r1 LinuxUnix
DO0360-ORACLE11 - Connections by mid-tier web and application systems to the Oracle DBMS should be protected, encrypted and authenticated according to database, web, application, enclave and network requirements.DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DO3630-ORACLE11 - The Oracle Listener should be configured to require administration authentication - 'LSNRCTL Security'DISA STIG Oracle 11 Installation v9r1 WindowsWindows
DO3630-ORACLE11 - The Oracle Listener should be configured to require administration authentication - 'No listeners are running'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

ACCESS CONTROL

DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA LOG_DIRECTORY_SERVER is configured'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

AUDIT AND ACCOUNTABILITY

DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA LOG_FILE_SERVER is configured'DISA STIG Oracle 11 Installation v9r1 WindowsWindows

AUDIT AND ACCOUNTABILITY

DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '$ORACLE_HOME/network/admin/listener.ora DIAG_ADR_ENABLED_{listener} = on'DISA STIG Oracle 11 Installation v9r1 LinuxUnix

AUDIT AND ACCOUNTABILITY

DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '$ORACLE_HOME/network/log/listener.log mode 640'DISA STIG Oracle 11 Installation v9r1 LinuxUnix

AUDIT AND ACCOUNTABILITY

DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_DIRECTORY_{listener} is configured'DISA STIG Oracle 11 Installation v9r1 LinuxUnix

AUDIT AND ACCOUNTABILITY

DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_DIRECTORY_SERVER = $ORACLE_BASElog'DISA STIG Oracle 11 Installation v9r1 LinuxUnix

AUDIT AND ACCOUNTABILITY

MSFT-11-001100 - Microsoft Android 11 allow list must be configured to not include applications with the following characteristics:AirWatch - DISA Microsoft Android 11 COBO v1r2MDM

CONFIGURATION MANAGEMENT

WBSP-AS-000640 - The WebSphere Application Server must alert the SA and ISSO, in the event of a log processing failure - enabledDISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

WBSP-AS-000640 - The WebSphere Application Server must alert the SA and ISSO, in the event of a log processing failure - enabledDISA IBM WebSphere Traditional 9 STIG v1r1Unix

AUDIT AND ACCOUNTABILITY

WBSP-AS-000640 - The WebSphere Application Server must alert the SA and ISSO, in the event of a log processing failure - enabledDISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

AUDIT AND ACCOUNTABILITY

WBSP-AS-000640 - The WebSphere Application Server must alert the SA and ISSO, in the event of a log processing failure - notificationDISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

AUDIT AND ACCOUNTABILITY