Item Search

NameAudit NamePluginCategory
1.1.1.3 Ensure hfs kernel module is not availableCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

1.1.1.4 Ensure hfsplus kernel module is not availableCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

1.1.1.9 Ensure unused filesystems kernel modules are not availableCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

1.1.2.1.2 Ensure nodev option set on /tmp partitionCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

1.1.2.3.2 Ensure nodev option set on /home partitionCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.2 Ensure nodev option set on /var partitionCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.2 Ensure nodev option set on /var/log partitionCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.1.2 Ensure gpgcheck is globally activatedCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3.1.2 Ensure SELinux is not disabled in bootloader configurationCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.6.2 Ensure system wide crypto policy is not set in sshd configurationCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure system wide crypto policy disables sha1 hash and signature supportCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.4 Ensure system wide crypto policy disables macs less than 128 bitsCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.5 Ensure system wide crypto policy disables cbc for sshCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.6 Ensure system wide crypto policy disables chacha20-poly1305 for sshCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.7.2 Ensure local login warning banner is configured properlyCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL

2.1.8 Ensure message access server services are not in useCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.12 Ensure rpcbind services are not in useCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.16 Ensure tftp server services are not in useCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.1.21 Ensure mail transfer agents are configured for local-only modeCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

2.4.1.1 Ensure cron daemon is enabled and activeCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

3.1.1 Ensure IPv6 status is identifiedCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

CONFIGURATION MANAGEMENT

3.3.1 Ensure ip forwarding is disabledCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

3.3.3 Ensure bogus icmp responses are ignoredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

3.3.9 Ensure suspicious packets are loggedCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

4.3.1 Ensure nftables base chains existCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.4 Ensure nftables loopback traffic is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3.4 Ensure nftables loopback traffic is configuredCIS Oracle Linux 9 v2.0.0 L1 WorkstationUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.2 Ensure permissions on SSH private host key files are configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1.5 Ensure sshd KexAlgorithms is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.8 Ensure sshd Banner is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.1.9 Ensure sshd ClientAliveInterval and ClientAliveCountMax are configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.1.17 Ensure sshd MaxStartups is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.1.19 Ensure sshd PermitEmptyPasswords is disabledCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.2.2 Ensure sudo commands use ptyCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.2.5 Ensure re-authentication for privilege escalation is not disabled globallyCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.3.1.1 Ensure latest version of pam is installedCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.2.4 Ensure pam_pwhistory module is enabledCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.3.1.1 Ensure password failed attempts lockout is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

5.3.3.2.1 Ensure password number of changed characters is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.3.2.2 Ensure password length is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.3.3.2 Ensure password history is enforced for the root userCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.4.2.3 Ensure group root is the only GID 0 groupCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.4.3.2 Ensure default user shell timeout is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL

6.1.2 Ensure filesystem integrity is regularly checkedCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

6.2.3.7 Ensure rsyslog is not configured to receive logs from a remote clientCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

6.2.3.8 Ensure rsyslog logrotate is configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

AUDIT AND ACCOUNTABILITY

7.1.2 Ensure permissions on /etc/passwd- are configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1.8 Ensure permissions on /etc/gshadow- are configuredCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1.12 Ensure no files or directories without an owner and a group existCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.2.5 Ensure no duplicate GIDs existCIS Oracle Linux 9 v2.0.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION