Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.1 Ensure mounting of cramfs filesystems is disabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.1.3 Ensure mounting of udf filesystems is disabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.3 Ensure noexec option set on /tmp partitionCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.1.5 Ensure nosuid option set on /tmp partitionCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION

1.1.18 Ensure /home partition includes the nodev optionCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION

1.1.22 Ensure nosuid option set on removable media partitionsCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.2.1 Ensure GPG keys are configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.4.2 Ensure permissions on bootloader config are configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.1 Ensure core dumps are restrictedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.2 Ensure XD/NX support is enabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SYSTEM AND INFORMATION INTEGRITY

1.5.3 Ensure address space layout randomization (ASLR) is enabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.6.1.7 Ensure SETroubleshoot is not installedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.3 Ensure Avahi Server is not installedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.2.18 Ensure rpcbind is not installed or the rpcbind services are maskedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

2.3.1 Ensure NIS Client is not installedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

3.2.2 Ensure packet redirect sending is disabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

3.3.9 Ensure TCP SYN Cookies is enabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.5.1.2 Ensure iptables-services not installed with firewalldCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.3 Ensure nftables either not installed or masked with firewalldCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.3 Ensure iptables-services not installed with nftablesCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.6 Ensure nftables base chains existCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.2.6 Ensure iptables is enabled and runningCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.3.3.3 Ensure ip6tables firewall rules exist for all open portsCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.1.2 Ensure rsyslog Service is enabled and runningCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

4.2.1.4 Ensure logging is configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts.CIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

4.2.2.1 Ensure journald is configured to send logs to rsyslogCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

4.2.2.2 Ensure journald is configured to compress large log filesCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

5.1.1 Ensure cron daemon is enabled and runningCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.1.4 Ensure permissions on /etc/cron.daily are configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1.5 Ensure permissions on /etc/cron.weekly are configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.3.6 Ensure SSH access is limitedCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.3.13 Ensure SSH PermitEmptyPasswords is disabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.3.22 Ensure SSH PAM is enabledCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

5.4.1 Ensure password creation requirements are configuredCIS Amazon Linux 2 STIG v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

18.10.15.3 (L1) Ensure 'Prevent the use of security questions for local accounts' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NGWindows

CONFIGURATION MANAGEMENT

ESXI5-VM-000018 - The unexposed feature keyword isolation.tools.memSchedFakeSampleStats.disable must be initialized to decrease the VMs potential attack vectors.DISA VMware ESXi Version 5 Virtual Machine STIG v2r1VMware

CONFIGURATION MANAGEMENT

ESXI5-VM-000026 - The unexposed feature keyword isolation.tools.unity.push.update.disable must be initialized to decrease the VMs potential attack vectors.DISA VMware ESXi Version 5 Virtual Machine STIG v2r1VMware

CONFIGURATION MANAGEMENT

ESXI5-VM-000027 - The unexposed feature keyword isolation.tools.unity.taskbar.disable must be initialized to decrease the VMs potential attack vectors.DISA VMware ESXi Version 5 Virtual Machine STIG v2r1VMware

CONFIGURATION MANAGEMENT

ESXI5-VM-000028 - The unexposed feature keyword isolation.tools.unityActive.disable must be initialized to decrease the VMs potential attack vectors.DISA VMware ESXi Version 5 Virtual Machine STIG v2r1VMware

CONFIGURATION MANAGEMENT

GEN000520 - The root user must not own the logon session for an application requiring a continuous display.DISA STIG AIX 6.1 v1r14Unix

ACCESS CONTROL

macOS Compliance Policy - Block Simple PasswordsTenable Best Practices for Microsoft Intune macOS v1.0microsoft_azure

ACCESS CONTROL, CONFIGURATION MANAGEMENT

macOS Compliance Policy - Require a password to unlock devices.Tenable Best Practices for Microsoft Intune macOS v1.0microsoft_azure

ACCESS CONTROL

macOS Device Management - FirewallTenable Best Practices for Microsoft Intune macOS v1.0microsoft_azure

ACCESS CONTROL

macOS Device Management - Incoming connectionsTenable Best Practices for Microsoft Intune macOS v1.0microsoft_azure

ACCESS CONTROL

SLEM-05-611090 - SLEM 5 must employ FIPS 140-2/140-3 approved cryptographic hashing algorithm for system authentication (login.defs).DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4Unix

IDENTIFICATION AND AUTHENTICATION

VM : disable-unexposed-features-getcredsVMWare vSphere 5.X Hardening GuideVMware

CONFIGURATION MANAGEMENT

VM : disable-unexposed-features-launchmenuVMWare vSphere 5.X Hardening GuideVMware

CONFIGURATION MANAGEMENT

VM : disable-unexposed-features-memsfssVMWare vSphere 5.X Hardening GuideVMware

CONFIGURATION MANAGEMENT

VM : disable-unexposed-features-trayiconVMWare vSphere 5.X Hardening GuideVMware

CONFIGURATION MANAGEMENT