| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure the SELinux state is enforcing - sestatus | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.3 Ensure SELinux policy is configured - sestatus | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.6 Ensure no unconfined daemons exist | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.2 Ensure SELinux is installed | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 3.3.10 Ensure tcp syn cookies is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.2.3 Ensure firewalld drops unnecessary services and ports | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.2 Ensure iptables are flushed with nftables | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.1 Ensure iptables loopback traffic is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.4 Ensure iptables default deny firewall policy | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.3.1 Ensure ip6tables loopback traffic is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1.1 Ensure audit log storage size is configured | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - halt | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.3 Ensure permissions on /etc/cron.hourly are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/gshadow | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/passwd | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure successful file system mounts are collected - (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.18 Ensure the audit configuration is immutable | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.9 Ensure SSH HostbasedAuthentication is disabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.2.12 Ensure SSH PermitUserEnvironment is disabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.17 Ensure only strong ciphers are used | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.1 Ensure password creation requirements are configured - minlen | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - ocredit | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth sufficient pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth sufficient pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.4 Ensure password hashing algorithm is SHA-512 - system-auth | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.4 Ensure inactive password lock is 30 days or less - useradd | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.3 Ensure default group for the root account is GID 0 | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/profile | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 6.1.4 Ensure permissions on /etc/group are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.8 Ensure permissions on /etc/group- are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy "+" entries exist in /etc/shadow | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.6 Ensure root PATH Integrity | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.8 Ensure users' home directories permissions are 750 or more restrictive | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.10 Ensure users' dot files are not group or world writable | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.11 Ensure no users have .forward files | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.16 Ensure no duplicate UIDs exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.18 Ensure no duplicate user names exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
