| 1.1.1.2 Ensure freevxfs kernel module is not available | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.1.1 Ensure /tmp is a separate partition | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.1.4 Ensure noexec option set on /tmp partition | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.2.1 Ensure /dev/shm is a separate partition | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2.5.2 Ensure nodev option set on /var/tmp partition | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.6.3 Ensure nosuid option set on /var/log partition | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.1.1 Ensure GPG keys are configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2.1 Ensure updates, patches, and additional security software are installed | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.4.2 Ensure access to bootloader config is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.7.3 Ensure remote login warning banner is configured properly | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.5 Ensure access to /etc/issue is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.7.6 Ensure access to /etc/issue.net is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.1.5 Ensure dnsmasq services are not in use | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.13 Ensure rsync services are not in use | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.1.14 Ensure snmp services are not in use | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1.3 Ensure permissions on /etc/cron.hourly are configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4.1.6 Ensure permissions on /etc/cron.monthly are configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.5 Ensure icmp redirects are not accepted | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.1.1 Ensure nftables is installed | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.2 Ensure a single firewall configuration utility is in use | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.2 Ensure firewalld loopback traffic is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.2 Ensure nftables established connections are configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.3 Ensure nftables default deny firewall policy | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.1 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.5 Ensure sshd KexAlgorithms is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.8 Ensure sshd Banner is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.1.9 Ensure sshd ClientAliveInterval and ClientAliveCountMax are configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.1.13 Ensure sshd IgnoreRhosts is enabled | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.6 Ensure sudo authentication timeout is configured correctly | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.2.7 Ensure access to the su command is restricted | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.3.2.5 Ensure password maximum sequential characters is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.3.3.1 Ensure password history remember is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.3.4.4 Ensure pam_unix includes use_authtok | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.1.3 Ensure password expiration warning days is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.2.3 Ensure group root is the only GID 0 group | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2.6 Ensure root user umask is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2.8 Ensure accounts without a valid login shell are locked | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2.8 Ensure accounts without a valid login shell are locked | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.3.3 Ensure default user umask is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.1.3 Ensure journald log file rotation is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.1.2 Ensure systemd-journal-upload authentication is configured | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.1.3 Ensure systemd-journal-upload is enabled and active | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.1.4 Ensure systemd-journal-remote service is not in use | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 6.2.2.4 Ensure journald Storage is configured | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.1 Ensure rsyslog is installed | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1.9 Ensure permissions on /etc/shells are configured | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.10 Ensure permissions on /etc/security/opasswd are configured | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.2 Ensure /etc/shadow password fields are not empty | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2.6 Ensure no duplicate user names exist | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
