Item Search

NameAudit NamePluginCategory
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.14 Ensure that the default administrative credential file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.8.2 Set username secret for all local usersCIS Cisco IOS XR 7.x v1.0.0 L1Cisco

ACCESS CONTROL

3.1 Ensure that the docker.service file ownership is set to root:rootCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

3.1.3 Require explicit authorization for cataloging - 'catalog_noauth = no'CIS IBM DB2 OS L2 v1.2.0Unix

ACCESS CONTROL

3.3 Ensure that docker.socket file ownership is set to root:rootCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

3.5 Ensure that the /etc/docker directory ownership is set to root:rootCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

3.6 Review Superuser/Admin Roles - dbAdminAnyDatabaseCIS MongoDB 3.2 Database Audit L2 v1.0.0MongoDB

ACCESS CONTROL

3.6 Review Superuser/Admin Roles - dbOwnerCIS MongoDB 3.2 Database Audit L2 v1.0.0MongoDB

ACCESS CONTROL

3.6 Review Superuser/Admin Roles - readWriteAnyDatabaseCIS MongoDB 3.2 Database Audit L2 v1.0.0MongoDB

ACCESS CONTROL

3.6 Review Superuser/Admin Roles - readWriteAnyDatabaseCIS MongoDB 3.4 Database Audit L2 v1.0.0MongoDB

ACCESS CONTROL

3.6 Review Superuser/Admin Roles - userAdminCIS MongoDB 3.4 Database Audit L2 v1.0.0MongoDB

ACCESS CONTROL

3.7 Ensure that registry certificate file ownership is set to root:rootCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

3.9 Ensure that TLS CA certificate file ownership is set to root:rootCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

3.11 Ensure that Docker server certificate file ownership is set to root:rootCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

3.13 Ensure that the Docker server certificate key file ownership is set to root:rootCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

3.17 Ensure that the daemon.json file ownership is set to root:rootCIS Docker v1.7.0 L2 Docker - LinuxUnix

ACCESS CONTROL

3.19 Ensure that the /etc/default/docker file ownership is set to root:rootCIS Docker v1.7.0 L2 Docker - LinuxUnix

ACCESS CONTROL

3.22 Ensure that the /etc/sysconfig/docker file ownership is set to root:rootCIS Docker v1.7.0 L2 Docker - LinuxUnix

ACCESS CONTROL

3.23 Ensure that the Containerd socket file ownership is set to root:rootCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

4.1 Ensure Interactive Login is DisabledCIS PostgreSQL 13 OS v1.2.0Unix

ACCESS CONTROL

4.1 Ensure Interactive Login is DisabledCIS PostgreSQL 14 OS v 1.2.0Unix

ACCESS CONTROL

4.1.2 Ensure that the kubelet service file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 WorkerUnix

ACCESS CONTROL

4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:rootCIS Kubernetes v1.10.0 L1 WorkerUnix

ACCESS CONTROL

4.1.6 Avoid use of system:masters groupCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L1GCP

ACCESS CONTROL

4.1.6 Avoid use of system:masters groupCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

ACCESS CONTROL

4.1.7 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes clusterCIS Google Kubernetes Engine (GKE) v1.7.0 L1GCP

ACCESS CONTROL

4.1.7 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes clusterCIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L1GCP

ACCESS CONTROL

4.1.8 Ensure that the client certificate authorities file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 WorkerUnix

ACCESS CONTROL

4.1.10 If the kubelet config.yaml configuration file is being used validate file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 WorkerUnix

ACCESS CONTROL

4.8 Ensure setuid and setgid permissions are removedCIS Docker v1.7.0 L2 Docker - LinuxUnix

ACCESS CONTROL

5.1.8 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes clusterCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

5.2.6 Minimize the admission of containers with allowPrivilegeEscalationCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

5.2.7 Minimize the admission of root containersCIS Kubernetes v1.10.0 L2 MasterUnix

ACCESS CONTROL

5.5 Ensure that privileged containers are not usedCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

5.18 Ensure that host devices are not directly exposed to containersCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

5.23 Ensure that docker exec commands are not used with the privileged optionCIS Docker v1.7.0 L2 Docker - LinuxUnix

ACCESS CONTROL

5.24 Ensure that docker exec commands are not used with the user=root optionCIS Docker v1.7.0 L2 Docker - LinuxUnix

ACCESS CONTROL

5.26 Ensure that the container is restricted from acquiring additional privilegesCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

5.32 Ensure that the Docker socket is not mounted inside any containersCIS Docker v1.7.0 L1 Docker - LinuxUnix

ACCESS CONTROL

6.1.1 Ensure sudo is installedCIS IBM AIX 7 v1.0.0 L2Unix

ACCESS CONTROL

6.2.2 Ensure at.allow is configuredCIS IBM AIX 7 v1.0.0 L1Unix

ACCESS CONTROL

6.2.4 Ensure cron.allow is configuredCIS IBM AIX 7 v1.0.0 L1Unix

ACCESS CONTROL

8.5 Verify that no UID 0 accounts exist other than rootCIS Solaris 9 v1.3Unix

ACCESS CONTROL

10.3 Restrict manager applicationCIS Apache Tomcat 7 L2 v1.1.0Unix

ACCESS CONTROL

10.3 Restrict manager applicationCIS Apache Tomcat 7 L2 v1.1.0 MiddlewareUnix

ACCESS CONTROL