Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1 Ensure mounting of squashfs filesystems is disabled - modprobeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.4 Ensure nosuid option set on /tmp partitionCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.5 Ensure noexec option set on /tmp partitionCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.8 Ensure nodev option set on /var/tmp partitionCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.9 Ensure nosuid option set on /var/tmp partitionCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.10 Ensure noexec option set on /var/tmp partitionCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.17 Ensure noexec option set on /dev/shm partitionCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.3.2 Ensure filesystem integrity is regularly checkedCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

1.5.1 Ensure core dumps are restricted - fs.suid_dumpable (sysctl.conf/sysctl.d)CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.5.1 Ensure core dumps are restricted - hard core (limits.conf/limits.d)CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf/sysctl.dCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.5.3 Ensure prelink is disabledCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

1.7.1.2 Ensure local login warning banner is configured properly - msrvCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.7.1.4 Ensure permissions on /etc/motd are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.7.1.5 Ensure permissions on /etc/issue are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.1.3 Ensure chrony is configured - OPTIONSCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

2.1.10 Ensure HTTP server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.1.2 Ensure wireless interfaces are disabledCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

3.3.9 Ensure suspicious packets are loggedCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

3.4.3.3 Ensure an nftables table existsCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.6 Ensure nftables outbound and established connections are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.9 Ensure nftables rules are permanentCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.4.3.4 Ensure ip6tables default deny firewall policyCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.4.3.5 Ensure ip6tables rules are savedCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.2.1 Ensure at is restricted to authorized usersCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.2.5 Ensure sshd Banner is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.2.7 Ensure sshd ClientAliveInterval and ClientAliveCountMax are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.2.12 Ensure sshd KexAlgorithms is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.19 Ensure sshd PermitEmptyPasswords is disabledCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.3.2 Ensure sudo commands use ptyCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.3.5 Ensure re-authentication for privilege escalation is not disabled globallyCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.4.1.2 Ensure libpwquality is installedCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.4.2.3.2 Ensure password history remember is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.4.2.3.3 Ensure password history is enforced for the root userCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.4.2.4.2 Ensure pam_unix does not include rememberCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.5.2.1 Ensure default group for the root account is GID 0CIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.5.2.4 Ensure root password is setCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.1 Ensure rsyslog is installedCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.1.3 Ensure journald is configured to send logs to rsyslogCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.1.4 Ensure rsyslog default file permissions are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

5.1.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.2.4 Ensure journald is configured to write logfiles to persistent diskCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

6.1.9 Ensure permissions on /etc/shells are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.11 Ensure world writable files and directories are securedCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.12 Ensure no unowned or ungrouped files or directories existCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.13 Ensure SUID and SGID files are reviewedCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.2.2 Ensure /etc/shadow password fields are not emptyCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

6.2.4 Ensure no duplicate UIDs existCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

6.2.9 Ensure root is the only UID 0 accountCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL