| 1.1.12 Ensure separate partition exists for /var/log/audit | CIS CentOS 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.6.1.4 Ensure the SELinux mode is enforcing or permissive - config | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.8.3 Ensure last logged in user display is disabled - disable user list | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.3 Ensure last logged in user display is disabled - user-db:user | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.10 Ensure xinetd is not enabled | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.3 Ensure ntp is configured - NTP Server | CIS CentOS 6 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.3 Ensure ntp is configured - OPTIONS or ExecStart -u ntp:ntp | CIS CentOS 6 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.5 Ensure DHCP Server is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure IMAP and POP3 server is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.13 Ensure net-snmp is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.15 Ensure telnet-server is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure rpcbind is not installed or the rpcbind service is disabled | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.1 Ensure NIS Client is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure wireless interfaces are disabled | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 3.3.2 Ensure ICMP redirects are not accepted - 'net.ipv4.conf.default.accept_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.all.secure_redirects = 0 /sbin/sysctl' | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 /etc/sysctl.conf /etc/sysctl.d/*' | CIS CentOS 6 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.all.log_martians = 1 /sbin/sysctl' | CIS CentOS 6 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians = 1 /etc/sysctl.conf /etc/sysctl.d/*' | CIS CentOS 6 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3.8 Ensure TCP SYN Cookies is enabled - sysctl | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0 /sbin/sysctl' | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0 /sbin/sysctl' | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.1 Ensure TCP Wrappers is installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.4 Ensure TIPC is disabled | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.6.2.2 Ensure IPv4 loopback traffic is configured - OUTPUT | CIS CentOS 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.1 Ensure IPv6 default deny firewall policy - OUTPUT | CIS CentOS 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2 Ensure IPv6 loopback traffic is configured - OUTPUT | CIS CentOS 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.2 Ensure rsyslog Service is enabled | CIS CentOS 6 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.3 Ensure logrotate is configured | CIS CentOS 6 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2 Ensure permissions on /etc/crontab are configured | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.1.6 Ensure permissions on /etc/cron.monthly are configured | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.3.4 Ensure SSH Protocol is set to 2 | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.17 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.3.19 Ensure SSH warning banner is configured | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.22 Ensure SSH MaxStartups is configured - sshd | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.23 Ensure SSH MaxSessions is limited - sshd_config | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.1 Ensure password creation requirements are configured - password-auth lcredit | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - password-auth minlen | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1 Ensure password creation requirements are configured - system-auth lcredit | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.4 Ensure password hashing algorithm is SHA-512 - system-auth | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5.1.4 Ensure inactive password lock is 30 days or less - useradd | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.1.3 Ensure permissions on /etc/passwd- are configured | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.4 Ensure permissions on /etc/group are configured | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.7 Ensure permissions on /etc/shadow- are configured | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.1 Ensure accounts in /etc/passwd use shadowed passwords | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.11 Ensure users' dot files are not group or world writable | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.17 Ensure no duplicate GIDs exist | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.20 Ensure shadow group is empty - /etc/passwd | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
