Item Search

Name	Audit Name	Plugin	Category
1.1.12 Ensure separate partition exists for /var/log/audit	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
1.6.1.3 Ensure SELinux policy is configured - /etc/selinux/config	CIS Aliyun Linux 2 L2 v1.0.0	Unix	ACCESS CONTROL
1.6.2 Ensure SELinux is installed	CIS Aliyun Linux 2 L2 v1.0.0	Unix	ACCESS CONTROL
3.2.6 Ensure bogus ICMP responses are ignored - sysctl net.ipv4.icmp_ignore_bogus_error_responses	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.7 Ensure Reverse Path Filtering is enabled - sysctl net.ipv4.conf.all.rp_filter	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.7 Ensure Reverse Path Filtering is enabled - sysctl.conf sysctl.d net.ipv4.conf.default.rp_filter	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.8 Ensure TCP SYN Cookies is enabled - syctl net.ipv4.tcp_syncookies	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.all.accept_ra	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl.conf sysctl.d net.ipv6.conf.all.accept_ra	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.4.2 Ensure SCTP is disabled - grep modprobe.d	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.5.1.1 Ensure default deny firewall policy - Chain FORWARD	CIS Aliyun Linux 2 L1 v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.1.1 Ensure default deny firewall policy - Chain INPUT	CIS Aliyun Linux 2 L1 v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARD	CIS Aliyun Linux 2 L1 v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.6 Disable IPv6	CIS Aliyun Linux 2 L2 v1.0.0	Unix	SYSTEM AND INFORMATION INTEGRITY
4.1.1.1 Ensure audit log storage size is configured	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.1.2 Ensure system is disabled when audit logs are full - email	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.1.2 Ensure system is disabled when audit logs are full - halt	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.1.2 Ensure system is disabled when audit logs are full - root	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.1.3 Ensure audit logs are not automatically deleted	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.5 Ensure events that modify user/group information are collected - /etc/group	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue.net	CIS Aliyun Linux 2 L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.6 Ensure events that modify the system's network environment are collected - auditctl sethostname (32-bit)	CIS Aliyun Linux 2 L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux	CIS Aliyun Linux 2 L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat (64-bit)	CIS Aliyun Linux 2 L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.10 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit)	CIS Aliyun Linux 2 L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.17 Ensure kernel module loading and unloading is collected - auditctl rmmod	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module (64-bit)	CIS Aliyun Linux 2 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
4.1.18 Ensure the audit configuration is immutable	CIS Aliyun Linux 2 L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.2.1.3 Ensure rsyslog default file permissions configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host	CIS Aliyun Linux 2 L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.8 Ensure at/cron is restricted to authorized users - at.deny	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.1.8 Ensure at/cron is restricted to authorized users - cron.deny	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.2.9 Ensure SSH HostbasedAuthentication is disabled	CIS Aliyun Linux 2 L1 v1.0.0	Unix	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [default=die] pam_faillock.so'	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [success=1 default=bad] pam_unix.so'	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.3.4 Ensure password hashing algorithm is SHA-512 - system-auth	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.4.1.4 Ensure inactive password lock is 30 days or less - users	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.4.1.5 Ensure all users last password change date is in the past	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.sh	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.5 Ensure root login is restricted to system console	CIS Aliyun Linux 2 L1 v1.0.0	Unix	ACCESS CONTROL
6.1.2 Ensure permissions on /etc/passwd are configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
6.1.6 Ensure permissions on /etc/passwd- are configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
6.1.8 Ensure permissions on /etc/group- are configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
6.1.12 Ensure no ungrouped files or directories exist	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
6.1.13 Audit SUID executables	CIS Aliyun Linux 2 L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
6.2.9 Ensure users own their home directories	CIS Aliyun Linux 2 L1 v1.0.0	Unix	ACCESS CONTROL
6.2.12 Ensure no users have .netrc files	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
6.2.16 Ensure no duplicate UIDs exist	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search