| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Ensure the file permissions mask is correct | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | ACCESS CONTROL |
| 2.2 Ensure the PostgreSQL pg_wheel group membership is correct - /etc/groups | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | ACCESS CONTROL |
| 2.3 Disable RPC Encryption Key | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.5 Disable NIS Client Services - client | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.11 Configure TCP Wrappers - hosts.allow | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Configure TCP Wrappers - hosts.deny | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Restrict Core Dumps to Protected Directory - global core file content | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.1.3 Ensure the logging collector is enabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.6 Ensure the log file permissions are set correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
| 3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.8 Ensure the maximum log file lifetime is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.9 Ensure the maximum log file size is set correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.13 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.18 Ensure 'log_connections' is enabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.22 Ensure 'log_line_prefix' is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.24 Ensure 'log_timezone' is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Enable Stack Protection - set noexec_user_stack = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Enable Stack Protection - set noexec_user_stack_log = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Enable Strong TCP Sequence Number Generation - TCP_STRONG_ISS = 2 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Disable Source Packet Forwarding - persistent ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Disable Source Packet Forwarding - persistent ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Disable Response to ICMP Broadcast Timestamp Requests - current ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Disable Response to ICMP Broadcast Netmask Requests - persistent ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ignore ICMP Redirect Messages - persistent ipv4 = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.14 Disable TCP Reverse IP Source Routing - persistent tcp = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv4-forwarding persistent = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure sudo is configured correctly | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | ACCESS CONTROL |
| 4.3 Ensure excessive function privileges are revoked | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 5.2 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure 'Attack Vectors' Runtime Parameters are Configured | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.2 Disable 'nobody' Access for RPC Encryption Key Storage Service | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Disable X11 Forwarding for SSH - X11Forwarding = no | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.6 Ensure 'User' Runtime Parameters are Configured | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
| 6.11 Remove Autologin Capabilities from the GNOME desktop - pam.d/gdm-autologin | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.15 Set Retry Limit for Account Lockout - RETRIES = 3 | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.17 Secure the GRUB Menu (Intel) - grub.cfg timeout = 30 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure SSL Certificates are Configured For Replication - ssl key file | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure WAL archiving is configured and functional - archive_mode | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONTINGENCY PLANNING |
| 8.4 Ensure miscellaneous configuration settings are correct | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 9.4 Verify No Legacy '+' Entries Exist in passwd, shadow, and group Files - Check for shadow. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 9.5 Verify that no UID 0 accounts exist other than root | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 9.8 Check User Dot File Permissions. Please audit the results of this check and take action in accordance with corporate policy. | CIS Solaris 10 L1 v5.2 | Unix | |
| 9.25 Find Files and Directories with Extended Attributes | CIS Solaris 10 L1 v5.2 | Unix | |
| 10.1 Enable process accounting at boot time | CIS Solaris 10 L2 v5.2 | Unix | |
| 11.1 Samba: Enable SSH Port Forwarding in Web Admin Tool | CIS Solaris 10 L2 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 11.6 Samba: Set Secure smb.conf File Options - permissions | CIS Solaris 10 L2 v5.2 | Unix | |
| 11.7 sendmail: Set Secure Logfile Ownership to the root User | CIS Solaris 10 L2 v5.2 | Unix | |
