Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.3 Ensure repo_gpgcheck is globally activatedCIS Red Hat EL8 Workstation L2 v3.0.0Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.4.4 Remove SETroubleshootCIS Red Hat Enterprise Linux 5 L2 v2.2.1Unix

SYSTEM AND INFORMATION INTEGRITY

1.7.2 Ensure 'TLS 1.0' is set for HTTPS accessCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS accessCIS Cisco Firewall v8.x L1 v4.2.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutesCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

4.3.5 Ensure sudo authentication timeout is configured correctlyCIS Amazon Linux 2023 Server L1 v1.0.0Unix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS Red Hat Enterprise Linux 7 v4.0.0 L1 ServerUnix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS AlmaLinux OS 8 Workstation L1 v3.0.0Unix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS Oracle Linux 8 Server L1 v3.0.0Unix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS Rocky Linux 8 Server L1 v2.0.0Unix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS CentOS Linux 7 v4.0.0 L1 ServerUnix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS Red Hat Enterprise Linux 7 v4.0.0 L1 WorkstationUnix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL

5.2.6 Ensure sudo authentication timeout is configured correctlyCIS Rocky Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL

5.2.6 Ensure sudo authentication timeout is configured correctlyCIS Red Hat Enterprise Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL

5.2.6 Ensure sudo authentication timeout is configured correctlyCIS Rocky Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.2.6 Ensure sudo authentication timeout is configured correctlyCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL

5.2.6 Ensure sudo authentication timeout is configured correctlyCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.2.6 Ensure sudo authentication timeout is configured correctlyCIS SUSE Linux Enterprise 15 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [success=1 default=bad] pam_unix.so'CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.3 Ensure password reuse is limited - system-authCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.3.6 Ensure sudo authentication timeout is configured correctlyCIS Fedora 28 Family Linux Workstation L1 v2.0.0Unix

ACCESS CONTROL

5.3.6 Ensure sudo authentication timeout is configured correctlyCIS CentOS Linux 8 Workstation L1 v2.0.0Unix

ACCESS CONTROL

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failureCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failureCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.15 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failureCIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.12 Ensure all HTTP Header Logging options are enabled - RefererCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

6.12 Ensure all HTTP Header Logging options are enabled - User-AgentCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

9.2.3 Limit Password ReuseCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

CISC-RT-000130 - The Cisco switch must be configured to restrict traffic destined to itself.DISA STIG Cisco NX-OS Switch RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space.DISA STIG Cisco IOS-XR Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.DISA STIG Cisco IOS Switch RTR v3r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000470 - The Cisco BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM).DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.DISA STIG Cisco IOS XE Router RTR v3r2Cisco

ACCESS CONTROL

DTAVSEL-110 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Clean infected files automatically as first action when programs and jokes are found.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

AUDIT AND ACCOUNTABILITY

GEN006650 - The Oracle Linux 5 operating system must use a virus scan program.DISA STIG for Oracle Linux 5 v2r1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

OL6-00-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - module b32DISA STIG Oracle Linux 6 v2r7Unix

AUDIT AND ACCOUNTABILITY

PHTN-67-000001 - The Photon operating system must audit all account creations - groupaddDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

ACCESS CONTROL

PHTN-67-000047 - The Photon operating system must audit all account removal actions - userdelDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

ACCESS CONTROL

RHEL-06-000202 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/modprobe.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

AUDIT AND ACCOUNTABILITY

RHEL-06-000274 - The system must prohibit the reuse of passwords within five iterations - password-auth.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

IDENTIFICATION AND AUTHENTICATION

RHEL-06-000274 - The system must prohibit the reuse of passwords within five iterations - system-auth.DISA Red Hat Enterprise Linux 6 STIG v2r2Unix

IDENTIFICATION AND AUTHENTICATION

SLES-15-040220 - The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes.DISA SLES 15 STIG v2r2Unix

CONFIGURATION MANAGEMENT