Item Search

NameAudit NamePluginCategory
1.1.14 Ensure nodev option set on /home partitionCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.16 Ensure nosuid option set on /dev/shm partitionCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.4.1 Ensure permissions on bootloader config are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.7.1.1 Ensure message of the day is configured properly - banner textCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.7.1.2 Ensure local login warning banner is configured properly - banner checkCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.7.1.3 Ensure remote login warning banner is configured properly - msrvCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.1.1 Ensure time synchronization is in useCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

2.1.7 Ensure NFS and RPC are not enabled - nfs statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.7 Ensure NFS and RPC are not enabled - rpcbindCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.11 Ensure IMAP and POP3 server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.12 Ensure Samba is not enabledCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.16 Ensure NIS Server is not enabledCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.16 Ensure NIS Server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.17 Ensure rsh server is not enabled - rlogin.socket statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.20 Ensure rsync service is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.21 Ensure talk server is not enabledCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.2.1 Ensure NIS Client is not installedCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.2.2 Ensure rsh client is not installedCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

2.2.3 Ensure talk client is not installedCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.2.4 Ensure telnet client is not installedCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

3.1.1 Ensure IP forwarding is disabled - ipv6 sysctl.conf sysctl.dCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.1.2 Ensure packet redirect sending is disabled - net.ipv4.conf.all.send_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.1.2 Ensure packet redirect sending is disabled - net.ipv4.conf.default.send_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv6.conf.default.accept_source_routeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv6.conf.default.accept_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - sysctl.conf sysctl.d net.ipv4.conf.default.accept_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - sysctl.conf sysctl.d net.ipv6.conf.all.accept_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.4 Ensure suspicious packets are logged - sysctl net.ipv4.conf.default.log_martiansCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

3.2.5 Ensure broadcast ICMP requests are ignored - sysctl.conf sysctl.d net.ipv4.icmp_echo_ignore_broadcastsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.6 Ensure bogus ICMP responses are ignored - sysctl net.ipv4.icmp_ignore_bogus_error_responsesCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.6 Ensure bogus ICMP responses are ignored - sysctl.conf sysctl.d net.ipv4.icmp_ignore_bogus_error_responsesCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.7 Ensure Reverse Path Filtering is enabled - sysctl net.ipv4.conf.all.rp_filterCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.8 Ensure TCP SYN Cookies is enabled - sysctl.conf sysctl.d net.ipv4.tcp_syncookiesCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.default.accept_raCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl.conf sysctl.d net.ipv6.conf.default.accept_raCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.3.1 Ensure TCP Wrappers is installedCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1 Ensure DCCP is disabled - grep modprobe.dCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.4.1 Ensure DCCP is disabled - modprobeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.4.2 Ensure SCTP is disabled - modprobeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.4.4 Ensure TIPC is disabled - modprobeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.5.1.2 Ensure loopback traffic is configured - outputCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.1 Ensure IPv6 default deny firewall policy - Chain INPUTCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.2 Ensure IPv6 loopback traffic is configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

12.3 Ensure the Apache AppArmor Profile Is in Enforce ModeCIS Apache HTTP Server 2.2 L2 v3.6.0Unix

CONFIGURATION MANAGEMENT

12.3 Ensure the Apache AppArmor Profile Is in Enforce ModeCIS Apache HTTP Server 2.2 L2 v3.6.0 MiddlewareUnix

CONFIGURATION MANAGEMENT

CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network.DISA STIG Cisco ASA VPN v2r2Cisco

ACCESS CONTROL

CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm.DISA STIG Cisco IOS-XR Router NDM v3r2Cisco

ACCESS CONTROL

CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.DISA STIG Cisco IOS Router NDM v3r2Cisco

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

OH12-1X-000102 - OHS must have the LoadModule include_module directive disabled.DISA STIG Oracle HTTP Server 12.1.3 v2r3Unix

CONFIGURATION MANAGEMENT

WBLC-02-000074 - Oracle WebLogic must produce audit records containing sufficient information to establish what type of JVM-related events and severity levels occurred.Oracle WebLogic Server 12c Windows v2r2Windows

AUDIT AND ACCOUNTABILITY