| 1.1.1 Ensure mounting of squashfs filesystems is disabled - modprobe | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.4 Ensure nosuid option set on /tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.5 Ensure noexec option set on /tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.8 Ensure nodev option set on /var/tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.9 Ensure nosuid option set on /var/tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.10 Ensure noexec option set on /var/tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.17 Ensure noexec option set on /dev/shm partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure filesystem integrity is regularly checked | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.5.1 Ensure core dumps are restricted - fs.suid_dumpable (sysctl.conf/sysctl.d) | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.1 Ensure core dumps are restricted - hard core (limits.conf/limits.d) | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf/sysctl.d | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.3 Ensure prelink is disabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.7.1.2 Ensure local login warning banner is configured properly - msrv | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.4 Ensure permissions on /etc/motd are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.5 Ensure permissions on /etc/issue are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1.3 Ensure chrony is configured - OPTIONS | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.2 Ensure X Window System is not installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.5 Ensure DHCP Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.8 Ensure DNS Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.9 Ensure FTP Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.10 Ensure HTTP server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rsh.socket status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure telnet server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure IP forwarding is disabled - ipv6 sysctl | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure packet redirect sending is disabled - sysctl.conf sysctl.d net.ipv4.conf.all.send_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv6.conf.all.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv4.conf.default.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv6.conf.all.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.accept_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.3 Ensure secure ICMP redirects are not accepted - sysctl net.ipv4.conf.default.secure_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.3 Ensure secure ICMP redirects are not accepted - sysctl.conf sysctl.d net.ipv4.conf.all.secure_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.7 Ensure Reverse Path Filtering is enabled - sysctl net.ipv4.conf.default.rp_filter | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.8 Ensure TCP SYN Cookies is enabled - syctl net.ipv4.tcp_syncookies | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.4 Ensure permissions on /etc/hosts.allow are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.3 Ensure RDS is disabled - grep modprobe.d | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.1 Ensure default deny firewall policy - Chain FORWARD | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts. - $InputTCPServerRun | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.6 Ensure rsyslog is configured to send logs to a remote log host | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2 Ensure permissions on /etc/crontab are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2.1.3 Ensure systemd-journal-remote is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.4 Ensure journald is configured to write logfiles to persistent disk | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.14 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.15 Ensure SSH LoginGraceTime is set to one minute or less | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.9 Ensure permissions on /etc/shells are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.11 Ensure world writable files and directories are secured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.12 Ensure no unowned or ungrouped files or directories exist | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.13 Ensure SUID and SGID files are reviewed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.2 Ensure /etc/shadow password fields are not empty | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no duplicate UIDs exist | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.9 Ensure root is the only UID 0 account | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
