| 2.7 Ensure the default ulimit is configured appropriately | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7 Set default ulimit as appropriate - default-ulimit | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10 Set default ulimit as appropriate '--default-ulimit' | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1.1 Ensure ufw is installed | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1.5 Ensure rsyslog is configured to send logs to a remote log host | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host | CIS Debian 8 Server L1 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host | CIS Debian 9 Server L1 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.6 Ensure rsyslog is configured to send logs to a remote log host | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure mounting of cramfs filesystems is disabled - lsmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| GEN000000-LNX00800 - Use a Linux Security Module configured to limit the privileges of system services - 'SELINUX = enforcing' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| OL07-00-040400 - The Oracle Linux operating system must be configured so that the SSH daemon is configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms - MACs employing FIPS 140-2 approved cryptographic hash algorithms. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL |
| RHEL-06-000007 - The system must use a separate file system for user home directories. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000017 - The system must use a Linux Security Module at boot time. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-06-000028 - The system must prevent the root account from logging in from serial consoles. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000030 - The system must not have accounts configured with blank or null passwords - system-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000031 - The /etc/passwd file must not contain password hashes. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000034 - The /etc/shadow file must be group-owned by root. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000035 - The /etc/shadow file must have mode 0000. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000036 - The /etc/gshadow file must be owned by root. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000038 - The /etc/gshadow file must have mode 0000. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000039 - The /etc/passwd file must be owned by root. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000047 - All system command files must have mode 755 or less permissive - '/sbin/*' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000053 - User passwords must be changed at least every 60 days. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - system-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'password-auth [default=die]' | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000061 - The system must disable accounts after three consecutive unsuccessful logon attempts - 'password-auth required'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000064 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes (libuser.conf) - libuser.conf. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000071 - The system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-06-000073 - The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, console login prompts. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | ACCESS CONTROL |
| RHEL-06-000078 - The system must implement virtual address space randomization - sysctl | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-06-000079 - The system must limit the ability of processes to have simultaneous write and execute access to memory - config | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-09-654255 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654275 - RHEL 9 audit system must protect auditing rules from unauthorized change. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-671015 - RHEL 9 must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
