Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.1 Restrict network traffic between containersCIS Docker 1.11.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Restrict network traffic between containersCIS Docker 1.6 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.3 Restrict NTP server to loopback interface - interface listen loCIS Apple OSX 10.11 El Capitan L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Allow Docker to make changes to iptablesCIS Docker 1.12.0 v1.0.0 L1 DockerUnix

SYSTEM AND COMMUNICATIONS PROTECTION

2.4.2 Set AAA 'source-interface'CIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - hosts.allowCIS Solaris 11.1 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Configure TCP Wrappers - hosts.denyCIS Solaris 11.1 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2 Ensure packet redirect sending is disabled - sysctl ipv4 default sendCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Ensure source routed packets are not accepted - /etc/sysctl ipv4 all accceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Ensure source routed packets are not accepted - /etc/sysctl ipv4 default acceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 default acceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 default acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - sysctl ipv4 all acceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - sysctl ipv4 all acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Set inbound 'ip access-group' on the External InterfaceCIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not accepted - sysctl ipv4 default secureCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.7 Ensure Reverse Path Filtering is enabled - sysctl ipv4 default rp_filterCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.8 Ensure TCP SYN Cookies is enabled - sysctlCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - sysctl ipv6 default acceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1 Ensure IPv6 router advertisements are not accepted - sysctl ipv6 default acceptCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 default acceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Ensure IPv6 redirects are not accepted - sysctl ipv6 all acceptCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.14 sockthreshCIS IBM AIX 7.1 L1 v2.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.4.1 Ensure TCP Wrappers is installedCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1 Ensure nftables is installedCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.1 Ensure ufw is installedCIS Debian Linux 11 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.3 Ensure ufw service is enabledCIS Debian Linux 11 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.1 Ensure firewalld drops unnecessary services and portsCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.2 Ensure firewalld loopback traffic is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.2 Ensure ufw is uninstalled or disabled with nftablesCIS Debian Linux 11 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.3 Ensure iptables are flushed with nftablesCIS Debian Linux 11 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.3 Ensure iptables are flushed with nftablesCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.1.3 Ensure ufw is uninstalled or disabled with iptablesCIS Debian Linux 11 v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.2.2 Ensure iptables loopback traffic is configuredCIS Debian Linux 11 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.3.2 Ensure ip6tables loopback traffic is configuredCIS Debian Linux 11 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.4 Ensure nftables loopback traffic is configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.8 (L1) Host should reject promiscuous mode requests on standard virtual switches and port groupsCIS VMware ESXi 8.0 v1.2.0 L1VMware

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.7 Ensure subnets for the App tier are createdCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.12 Ensure a route table for the private subnets is createdCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.13 Ensure Routing Table associated with Web tier ELB subnet have the default route (0.0.0.0/0) defined to allow connectivityCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.16 Ensure Routing Table associated with Data tier subnet have NO default route (0.0.0.0/0) defined to allow connectivityCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.23 Ensure App tier Security Group has no inbound rules for CIDR of 0 (Global Allow)CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.24 Create the Data tier Security Group and ensure it allows inbound connections from App tier Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

7.2.5 Enable Ignore Broadcast RequestsCIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.7 Ensure Firewall is active - iptables-persistent run level 4CIS Debian Linux 7 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (127.0.0.0/8)TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice AuditAlcatel

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall Filter - Ensure the last term, default-deny, includes the syslog optionJuniper Hardening JunOS 12 Devices ChecklistJuniper

SYSTEM AND COMMUNICATIONS PROTECTION

Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - clients restrictJuniper Hardening JunOS 12 Devices ChecklistJuniper

SYSTEM AND COMMUNICATIONS PROTECTION

USB portArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

USB portArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION