Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.4 Ensure mounting of hfs filesystems is disabled - /etc/modprobe.d/CIS.confCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - /etc/modprobe.d/CIS.confCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.1.7 Ensure mounting of udf filesystems is disabled - lsmodCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.1.8 Ensure mounting of FAT filesystems is disabled - /etc/modprobe.d/CIS.confCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.1.8 Ensure mounting of FAT filesystems is disabled - lsmodCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

1.1.3 Ensure nodev option set on /tmp partitionCIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

1.1.10 Ensure noexec option set on /var/tmp partitionCIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

1.1.14 Ensure nodev option set on /home partitionCIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

1.1.15 Ensure nodev option set on /dev/shm partitionCIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

1.2.3.1.3 Set 'Turn off Windows Update device driver searching' to 'Enabled'CIS Windows 8 L1 v1.0.0Windows

CONFIGURATION MANAGEMENT

1.3.2 Ensure filesystem integrity is regularly checkedCIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND INFORMATION INTEGRITY

1.4.2 Ensure authentication required for single user modeCIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND INFORMATION INTEGRITY

1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND INFORMATION INTEGRITY

2.1.1 Ensure chargen services are not enabled - chargen-dgramCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.3 Ensure discard services are not enabled - discard-streamCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.1.4 Ensure echo services are not enabled - echo-dgramCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.1.2 Ensure ntp is configured - restrict -4CIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.2 Ensure X Window System is not installedCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.6 Ensure LDAP server is not enabledCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.7 Ensure NFS and RPC are not enabled - RPCCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.10 Ensure HTTP server is not enabledCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.13 Ensure HTTP Proxy Server is not enabledCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.14 Ensure SNMP Server is not enabledCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure source routed packets are not accepted - 'net.ipv4.conf.all.accept_source_route = 0 - /etc/sysctl.conf /etc/sysctl.d/*'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - 'net.ipv4.conf.all.accept_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Ensure ICMP redirects are not accepted - 'net.ipv4.conf.default.accept_redirects = 0 sysctl'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.all.secure_redirects = 0 sysctl'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 sysctl'CIS Amazon Linux v2.1.0 L1Unix

AUDIT AND ACCOUNTABILITY

3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians = 1 /etc/sysctl.conf /etc/sysctl.d/*'CIS Amazon Linux v2.1.0 L1Unix

AUDIT AND ACCOUNTABILITY

3.2.7 Ensure Reverse Path Filtering is enabled - 'net.ipv4.conf.all.rp_filter = 1 sysctl'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2 Ensure IPv6 redirects are not accepted - 'sysctl net.ipv6.conf.all.accept_redirects = 0'CIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.3 Ensure IPv6 is disabledCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

3.4.1 Ensure TCP Wrappers is installedCIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2 Ensure SCTP is disabledCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

3.5.3 Ensure RDS is disabledCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

3.6.2 Ensure default deny firewall policy - Chain INPUTCIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.6.3 Ensure loopback traffic is configured - INPUTCIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.6.5 Ensure firewall rules exist for all open portsCIS Amazon Linux v2.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.3 Ensure logrotate is configuredCIS Amazon Linux v2.1.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.8 Ensure at/cron is restricted to authorized users - at.deny does not existCIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.1.8 Ensure at/cron is restricted to authorized users - cron.allowCIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.2.5 Ensure SSH MaxAuthTries is set to 4 or lessCIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.2.7 Ensure SSH HostbasedAuthentication is disabledCIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

5.2.10 Ensure SSH PermitUserEnvironment is disabledCIS Amazon Linux v2.1.0 L1Unix

CONFIGURATION MANAGEMENT

5.2.14 Ensure SSH access is limitedCIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.1 Ensure password creation requirements are configured - minlenCIS Amazon Linux v2.1.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

5.3.1 Ensure password creation requirements are configured - password-auth ucreditCIS Amazon Linux v2.1.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL

5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth required pam_faillock.so preauth audit silent deny=5 unlock_time=900'CIS Amazon Linux v2.1.0 L1Unix

ACCESS CONTROL