Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.2 Ensure only trusted users are allowed to control Docker daemonCIS Docker v1.8.0 L1 OS LinuxUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.1.2 Ensure that the API server pod specification file ownership is set to root:rootCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL

1.1.2 Ensure that the API server pod specification file ownership is set to root:rootCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL

1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL

1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL

1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL

1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL

1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL

1.3.1 Ensure sudo is installedCIS SUSE Linux Enterprise 12 v3.2.1 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.2 Ensure sudo commands use ptyCIS SUSE Linux Enterprise 12 v3.2.1 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.3.2 Ensure sudo commands use ptyCIS SUSE Linux Enterprise 12 v3.2.1 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.6.1.9 Ensure non-privileged users are prevented from executing privileged functionsCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

ACCESS CONTROL

1.6.1.9 Ensure non-privileged users are prevented from executing privileged functionsCIS Amazon Linux 2 STIG v2.0.0 STIGUnix

ACCESS CONTROL

2.1 Run the Docker daemon as a non-root user, if possibleCIS Docker v1.8.0 L1 OS LinuxUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4 Ensure Docker is allowed to make changes to iptablesCIS Docker v1.8.0 L1 OS LinuxUnix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6 Ensure that the User-ID service account does not have interactive logon rightsCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

ACCESS CONTROL

2.7 Ensure remote access capabilities for the User-ID service account are forbidden.CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0Palo_Alto

ACCESS CONTROL

2.7 Ensure remote access capabilities for the User-ID service account are forbidden.CIS Palo Alto Firewall 10 v1.3.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.7 Ensure remote access capabilities for the User-ID service account are forbidden.CIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.15 Ensure containers are restricted from acquiring new privilegesCIS Docker v1.8.0 L1 OS LinuxUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

3.3 Ensure that docker.socket file ownership is set to root:rootCIS Docker v1.8.0 L1 OS LinuxUnix

ACCESS CONTROL

3.7 Ensure that registry certificate file ownership is set to root:rootCIS Docker v1.8.0 L1 OS LinuxUnix

ACCESS CONTROL

3.15 Ensure that the Docker socket file ownership is set to root:dockerCIS Docker v1.8.0 L1 OS LinuxUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.2 Ensure that the kubelet service file ownership is set to root:rootCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL

4.1.2 Ensure that the kubelet service file ownership is set to root:rootCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

ACCESS CONTROL

4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:rootCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL

4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:rootCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL

4.1.8 Ensure that the client certificate authorities file ownership is set to root:rootCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL

5.1.7 Avoid use of system:masters groupCIS Kubernetes v1.12.0 L1 Master NodeUnix

ACCESS CONTROL

5.1.8 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes clusterCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL

5.1.8 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes clusterCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL

5.2.1 Ensure sudo is installedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.1 Ensure sudo is installedCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.1 Ensure sudo is installedCIS Red Hat 6 Server L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.1 Ensure sudo is installedCIS Red Hat 6 Workstation L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.1 Minimize the admission of privileged containersCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL

5.2.2 Ensure sudo commands use ptyCIS Red Hat 6 Server L1 v3.0.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.2 Ensure sudo commands use ptyCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.2 Ensure sudo commands use ptyCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.2 Ensure sudo commands use ptyCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.2 Ensure sudo commands use ptyCIS Amazon Linux 2 STIG v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.2.2 Minimize the admission of privileged containersCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL

5.2.2 Minimize the admission of privileged containersCIS Kubernetes v1.12.0 L1 Master NodeUnix

ACCESS CONTROL

5.2.7 Minimize the admission of root containersCIS Kubernetes v1.12.0 L2 Master NodeUnix

ACCESS CONTROL

5.2.7 Minimize the admission of root containersCIS Kubernetes v1.23 Benchmark v1.0.1 L2 MasterUnix

ACCESS CONTROL

5.2.7 Minimize the admission of root containersCIS Kubernetes v1.24 Benchmark v1.0.0 L2 MasterUnix

ACCESS CONTROL

5.5 Ensure that privileged containers are not usedCIS Docker v1.8.0 L1 OS LinuxUnix

ACCESS CONTROL

5.8.3 Ensure Legacy Authorization (ABAC) is DisabledCIS Google Kubernetes Engine GKE v1.9.0 L1 GCPGCP

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

6.9.3 Ensure SSH Key Authentication is not set for Root LoginCIS Juniper OS Benchmark v2.1.0 L1Juniper

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

6.10.1.5 Ensure Remote Root-Login is denied via SSHCIS Juniper OS Benchmark v2.1.0 L1Juniper

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION