Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1.1 Ensure mounting of udf filesystems is disabledCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.1.2 Ensure /tmp is configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.12 Ensure noexec option set on /dev/shm partitionCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT

1.1.13 Disable AutomountingCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.3.1 Ensure authentication required for single user modeCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

IDENTIFICATION AND AUTHENTICATION

1.4.3 Ensure address space layout randomization (ASLR) is enabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

SYSTEM AND INFORMATION INTEGRITY

1.5.1.6 Ensure permissions on /etc/issue.net are configuredCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.8 Ensure 'Attachment Filtering Agent' is configuredCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

2.2.5 Ensure 'REMOTE_LISTENER' Is EmptyCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.14 Ensure 'SQL92_SECURITY' Is Set to 'TRUE'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

2.2.15 Ensure '_trace_files_public' Is Set to 'FALSE'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

3.2.2 Ensure ICMP redirects are not acceptedCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.2.7 Ensure Reverse Path Filtering is enabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.2 Ensure IPv6 loopback traffic is configuredCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.4 Ensure IPv6 firewall rules exist for all open portsCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2.1 Ensure default deny firewall policyCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2.2 Ensure loopback traffic is configuredCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

IDENTIFICATION AND AUTHENTICATION

3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5'CIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL

3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All ProfilesCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

IDENTIFICATION AND AUTHENTICATION

4.4 Ensure No Users Are Assigned the 'DEFAULT' ProfileCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL

5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Network" PackagesCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Java" PackagesCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "SQL Injection Helper" PackagesCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' TablesCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.15 Ensure only strong Key Exchange algorithms are usedCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.16 Ensure SSH Idle Timeout Interval is configuredCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL

5.1.19 Ensure SSH PAM is enabledCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

5.2.3 Ensure password hashing algorithm is SHA-512CIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3.1.1 Ensure password expiration is 365 days or lessCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

IDENTIFICATION AND AUTHENTICATION

5.3.3 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.3.4 Ensure AUDIT_ADMIN' Is Revoked from Unauthorized 'GRANTEE'CIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.3.5 Ensure default user shell timeout is 900 seconds or lessCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL

5.4 Ensure root login is restricted to system consoleCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL

6.1.1 Ensure the 'USER' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.2 Ensure the 'ROLE' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.3 Ensure permissions on /etc/group are configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.1.4 Ensure permissions on /etc/gshadow are configuredCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.1.11 Ensure the 'GRANT ANY OBJECT PRIVILEGE' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.1.16 Ensure the 'ALTER SYSTEM' Audit Option Is EnabledCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.2 Ensure the 'ALTER USER' Action Audit Is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.4 Ensure no legacy "+" entries exist in /etc/groupCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL

6.2.5 Ensure root is the only UID 0 accountCIS Google Container-Optimized OS v1.2.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.2.6 Ensure the 'DROP ROLE' Action Audit Is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.8 Ensure the 'REVOKE' Action Audit Is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY

6.2.8 Ensure users' home directories permissions are 750 or more restrictiveCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.2.9 Ensure users own their home directoriesCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.2.15 Ensure all groups in /etc/passwd exist in /etc/groupCIS Google Container-Optimized OS v1.2.0 L2 ServerUnix

ACCESS CONTROL

6.2.27 Ensure the 'LOGON' AND 'LOGOFF' Actions Audit Is EnabledCIS Oracle Server 19c DB Unified Auditing v1.2.0OracleDB

AUDIT AND ACCOUNTABILITY