Item Search

NameAudit NamePluginCategory
1.0.1 Install the latest FixpakCIS IBM DB2 OS L2 v1.2.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.3 Disable MySQL Command HistoryCIS MySQL 8.0 Community Linux OS L2 v1.1.0Unix

MEDIA PROTECTION

1.3 Disable MySQL Command HistoryCIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L2 MySQL OS LinuxUnix

MEDIA PROTECTION

1.3 Disable MySQL Command History - ~/.mysql_historyCIS MySQL 5.6 Community Linux OS L2 v2.0.0Unix

MEDIA PROTECTION

1.3 Disable MySQL Command History - ~/.mysql_historyCIS MySQL 5.7 Enterprise Linux OS L2 v2.0.0Unix

MEDIA PROTECTION

3.2 Configure Security Auditing Flags per local organizational requirements - 'audit all failed events across all audit classes'CIS Apple macOS 10.13 L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

Audit SGID executablesTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Audit SUID executablesTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

CIS_Red_Hat_EL5_v2.2.1_L1.audit from Red Hat Enterprise Linux 5 BenchmarkCIS Red Hat Enterprise Linux 5 L1 v2.2.1Unix
CIS_Red_Hat_EL5_v2.2.1_L2.audit from Red Hat Enterprise Linux 5 BenchmarkCIS Red Hat Enterprise Linux 5 L2 v2.2.1Unix
CIS_SUSE_Linux_Enterprise_12_v3.2.1_L1_Server.audit from CIS SUSE Linux Enterprise 12 Benchmark v3.2.1CIS SUSE Linux Enterprise 12 v3.2.1 L1 ServerUnix
CIS_SUSE_Linux_Enterprise_15_v2.0.0_L1_Server.audit from CIS SUSE Linux Enterprise 15 Benchmark v2.0.0CIS SUSE Linux Enterprise 15 v2.0.0 L1 ServerUnix
CIS_SUSE_Linux_Enterprise_15_v2.0.0_L2_Workstation.audit from CIS SUSE Linux Enterprise 15 Benchmark v2.0.0CIS SUSE Linux Enterprise 15 v2.0.0 L2 WorkstationUnix
DKER-EE-002780 - PIDs cgroup limits must be used in Docker Enterprise.DISA STIG Docker Enterprise 2.x Linux/Unix v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

DTAVSEL-006 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown macro viruses.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-010 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan all file types.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-017 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to deny access to the file if scanning fails.McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5Unix

SYSTEM AND INFORMATION INTEGRITY

Ensure access to the su command is restricted - pam_wheel.soTenable Cisco Firepower Management Center OS Best Practices AuditUnix

ACCESS CONTROL

Ensure access to the su command is restricted - wheel group contains rootTenable Cisco Firepower Management Center OS Best Practices AuditUnix

ACCESS CONTROL

Ensure address space layout randomization (ASLR) is enabled - sysctl.confTenable Cisco Firepower Management Center OS Best Practices AuditUnix

SYSTEM AND INFORMATION INTEGRITY

Ensure AIDE is installed - rpmTenable Cisco Firepower Management Center OS Best Practices AuditUnix

AUDIT AND ACCOUNTABILITY

Ensure at/cron is restricted to authorized users - at.denyTenable Cisco Firepower Management Center OS Best Practices AuditUnix

ACCESS CONTROL

Ensure at/cron is restricted to authorized users - cron.denyTenable Cisco Firepower Management Center OS Best Practices AuditUnix

ACCESS CONTROL

Ensure CUPS Server is not enabledTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure DHCP Server is not enabledTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure GDM login banner is configured - user-dbTenable Cisco Firepower Management Center OS Best Practices AuditUnix

ACCESS CONTROL

Ensure GPG keys are configured - apt-key listTenable Cisco Firepower Management Center OS Best Practices AuditUnix

SYSTEM AND INFORMATION INTEGRITY

Ensure ICMP redirects are not accepted - sysctl ipv4 all acceptTenable Cisco Firepower Management Center OS Best Practices AuditUnix

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure NFS and RPC are not enabled - NFSTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure NFS and RPC are not enabled - RPCTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure NIS Server is not enabledTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 all rp_filterTenable Cisco Firepower Management Center OS Best Practices AuditUnix

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure Samba is not enabledTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure SSH HostbasedAuthentication is disabledTenable Cisco Firepower Management Center OS Best Practices AuditUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Ensure SSH X11 forwarding is disabledTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

Ensure TIPC is disabledTenable Cisco Firepower Management Center OS Best Practices AuditUnix

CONFIGURATION MANAGEMENT

IBM i : Auditing for New Objects (QCRTOBJAUD) - '*CHANGE'IBM System i Security Reference for V7R3AS/400

AUDIT AND ACCOUNTABILITY

IBM i : Authority for New Objects (QCRTAUT) - '*CHANGE'IBM System i Security Reference for V7R2AS/400

ACCESS CONTROL

IBM i : Automatic Configuration of Virtual Devices (QAUTOVRT) - '0'IBM System i Security Reference for V7R2AS/400

SYSTEM AND COMMUNICATIONS PROTECTION

IBM i : Automatic Configuration of Virtual Devices (QAUTOVRT) - '0'IBM System i Security Reference for V7R3AS/400

SYSTEM AND COMMUNICATIONS PROTECTION

IBM i : Character Position Difference for Passwords (QPWDPOSDIF) - '0'IBM System i Security Reference for V7R2AS/400

IDENTIFICATION AND AUTHENTICATION

IBM i : Force Conversion on Restore (QFRCCVNRST) - '>=3'IBM System i Security Reference for V7R1 and V6R1AS/400

CONFIGURATION MANAGEMENT

IBM i : Minimum Length of Passwords (QPWDMINLEN) - '>=7'IBM System i Security Reference for V7R3AS/400

IDENTIFICATION AND AUTHENTICATION

IBM i : Remote Sign-On Control (QRMTSIGN) - '*REJECT'IBM System i Security Reference for V7R2AS/400

IDENTIFICATION AND AUTHENTICATION

IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5'IBM System i Security Reference for V7R1 and V6R1AS/400

IDENTIFICATION AND AUTHENTICATION

IBM i : Required Difference in Passwords (QPWDRQDDIF) - '<=5'IBM System i Security Reference for V7R3AS/400

IDENTIFICATION AND AUTHENTICATION

IBM i : Verify Object on Restore (QVFYOBJRST) - '3'IBM System i Security Reference for V7R3AS/400

SYSTEM AND INFORMATION INTEGRITY

SLES-12-010910 - The SUSE operating system must be configured to not overwrite Pluggable Authentication Modules (PAM) configuration on package changes.DISA SLES 12 STIG v3r2Unix

CONFIGURATION MANAGEMENT

SLES-15-010330 - All SUSE operating system persistent disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at-rest protection.DISA SUSE Linux Enterprise Server 15 STIG v2r4Unix

SYSTEM AND COMMUNICATIONS PROTECTION