Item Search

NameAudit NamePluginCategory
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.1.1.2 Ensure mounting of jffs2 filesystems is disabled - modprobeCIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

1.1.1.3 Ensure mounting of hfs filesystems is disabled - modprobeCIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

1.1.1.3 Ensure mounting of hfs filesystems is disabled - modprobeCIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobeCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmodCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure mounting of udf filesystems is disabled - modprobeCIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

1.1.1.5 Ensure mounting of udf filesystems is disabled - modprobeCIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

1.1.1.6 Ensure mounting of squashfs filesystems is disabled - lsmodCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.1.1.6 Ensure mounting of squashfs filesystems is disabled - modprobeCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.4.1 Ensure permissions on bootloader config are configuredCIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

1.7.1.1 Ensure message of the day is configured properlyCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.7.1.3 Ensure remote login warning banner is configured properlyCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

1.7.1.4 Ensure permissions on /etc/motd are configuredCIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.1.1 Ensure IP forwarding is disabled - ipv4 sysctlCIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.1.2 Ensure packet redirect sending is disabled - all /etc/sysctl.conf /etc/sysctl.d/*CIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.1.2 Ensure packet redirect sending is disabled - all sysctlCIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - files net.ipv6.conf.all.accept_redirects= 0CIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - files net.ipv6.conf.all.accept_redirects= 0CIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - files net.ipv6.conf.default.accept_redirects= 0CIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - files net.ipv6.conf.default.accept_redirects= 0CIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.all.accept_redirectsCIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.2.7 Ensure Reverse Path Filtering is enabled - files net.ipv4.conf.default.rp_filter = 1CIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.2.8 Ensure TCP SYN Cookies is enabled - files net.ipv4.tcp_syncookies = 1CIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.2.9 Ensure IPv6 router advertisements are not accepted - files net.ipv6.conf.all.accept_ra = 0CIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

3.2.9 Ensure IPv6 router advertisements are not accepted - files net.ipv6.conf.default.accept_ra = 0CIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify date and time information are collected - 'adjtimex - 64bit'CIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify date and time information are collected - 'auditctl adjtimex'CIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify date and time information are collected - 'clock_settime - 64bit'CIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.7 Ensure events that modify the system's network environment are collected - auditctl b32 sethostnameCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.7 Ensure events that modify the system's network environment are collected - b32 sethostnameCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.7 Ensure events that modify the system's network environment are collected - b64 sethostnameCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor.d/CIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux/CIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.11 Ensure discretionary access control permission modification events are collected - auditctl b32 chown fchownCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.11 Ensure discretionary access control permission modification events are collected - auditctl b32 setxattrCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.11 Ensure discretionary access control permission modification events are collected - b64 setxattrCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.18 Ensure kernel module loading and unloading is collected - auditctl init_moduleCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.1.18 Ensure kernel module loading and unloading is collected - insmodCIS Distribution Independent Linux Workstation L2 v2.0.0Unix

CONFIGURATION MANAGEMENT

4.2.3 Ensure permissions on all logfiles are configuredCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

5.1.1 Ensure cron daemon is enabledCIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

5.1.1 Ensure cron daemon is enabledCIS Distribution Independent Linux Server L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

5.1.2 Ensure permissions on /etc/crontab are configuredCIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

5.1.4 Ensure permissions on /etc/cron.daily are configuredCIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

5.2.1 Ensure permissions on /etc/ssh/sshd_config are configuredCIS Debian 9 Server L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

5.2.1 Ensure permissions on /etc/ssh/sshd_config are configuredCIS Debian 9 Workstation L1 v1.0.1Unix

CONFIGURATION MANAGEMENT

5.6 Ensure access to the su command is restricted - wheel group contains rootCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

6.2.6 Ensure root PATH IntegrityCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

6.2.11 Ensure no users have .forward filesCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

CONFIGURATION MANAGEMENT

6.2.20 Ensure shadow group is emptyCIS Distribution Independent Linux Workstation L1 v2.0.0Unix

CONFIGURATION MANAGEMENT