Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS Rocky Linux 10 v1.0.0 L2 WorkstationUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS AlmaLinux OS 8 v4.0.0 L2 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS AlmaLinux OS 9 v2.0.0 L2 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS AlmaLinux OS 9 v2.0.0 L2 WorkstationUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS AlmaLinux OS 10 v1.0.0 L2 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.1.3 Ensure repo_gpgcheck is globally activatedCIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 WorkstationUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure repo_gpgcheck is globally activatedCIS CentOS Linux 7 v4.0.0 L2 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure repo_gpgcheck is globally activatedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.2.3 Ensure repo_gpgcheck is globally activatedCIS Red Hat Enterprise Linux 7 v4.0.0 L2 WorkstationUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.7.2 Ensure 'TLS 1.2' is set for HTTPS accessCIS Cisco Firewall v8.x L1 v4.2.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS CentOS Linux 7 v4.0.0 L1 WorkstationUnix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS Red Hat Enterprise Linux 7 v4.0.0 L1 ServerUnix

ACCESS CONTROL

4.3.6 Ensure sudo authentication timeout is configured correctlyCIS Red Hat Enterprise Linux 7 v4.0.0 L1 WorkstationUnix

ACCESS CONTROL

4.4.3 Ensure password reuse is limitedCIS Debian Linux 10 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

5.2.6 Ensure sudo authentication timeout is configured correctlyCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.2.6 Ensure sudo authentication timeout is configured correctlyCIS Red Hat Enterprise Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.2.6 Ensure sudo authentication timeout is configured correctlyCIS SUSE Linux Enterprise 15 v2.0.1 L1 WorkstationUnix

ACCESS CONTROL

5.2.6 Ensure sudo timestamp_timeout is configuredCIS Red Hat Enterprise Linux 10 v1.0.1 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.2.6 Ensure sudo timestamp_timeout is configuredCIS Rocky Linux 10 v1.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.2.6 Ensure sudo timestamp_timeout is configuredCIS AlmaLinux OS 8 v4.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.2.9 Ensure sudo timestamp_timeout is configuredCIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so'CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [success=1 default=bad] pam_unix.so'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [success=1 default=bad] pam_unix.so'CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.3 Ensure password reuse is limitedCIS SUSE Linux Enterprise 12 v3.2.1 L1 WorkstationUnix

IDENTIFICATION AND AUTHENTICATION

5.3.3 Ensure password reuse is limitedCIS SUSE Linux Enterprise 12 v3.2.1 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.6 Ensure sudo authentication timeout is configured correctlyCIS CentOS Linux 8 Server L1 v2.0.0Unix

ACCESS CONTROL

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=alwaysCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failureCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

6.12 Ensure all HTTP Header Logging options are enabled - Log Container PageCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

6.12 Ensure all HTTP Header Logging options are enabled - Log Container PageCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

6.12 Ensure all HTTP Header Logging options are enabled - RefererCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

6.12 Ensure all HTTP Header Logging options are enabled - RefererCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

6.12 Ensure all HTTP Header Logging options are enabled - User-AgentCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

6.12 Ensure all HTTP Header Logging options are enabled - User-AgentCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

6.12 Ensure all HTTP Header Logging options are enabled - User-AgentCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

AUDIT AND ACCOUNTABILITY

8.1.17 Collect Kernel Module Loading and Unloading - /sbin/insmodCIS Debian Linux 7 L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

8.1.17 Collect Kernel Module Loading and Unloading - 64 bit init_moduleCIS Debian Linux 7 L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-108 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6Unix

SYSTEM AND INFORMATION INTEGRITY

EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection - versionEDB PostgreSQL Advanced Server v11 DB Audit v2r4PostgreSQLDB

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

GEN005180 - All .Xauthority files must have mode 0600 or less permissive.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

ACCESS CONTROL

GEN005190 - The .Xauthority files must not have extended ACLs.DISA STIG for Red Hat Enterprise Linux 5 v1r18 AuditUnix

ACCESS CONTROL

UBTU-16-030740 - An X Windows display manager must not be installed unless approved.DISA STIG Ubuntu 16.04 LTS v2r3Unix

CONFIGURATION MANAGEMENT