Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.3 Ensure that the controller manager pod specification file permissions are set to 600 or more restrictiveCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.9 Ensure that the Container Network Interface file permissions are set to 600 or more restrictiveCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.13 Ensure that the admin.conf file permissions are set to 600CIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictiveCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.16 Ensure nosuid option set on /dev/shm partitionCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.18 Ensure nodev option set on removable media partitionsCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:rootCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.6 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.10 Ensure that the admission control plugin AlwaysAdmit is not setCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.11 Ensure that the admission control plugin AlwaysPullImages is setCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.13 Ensure that the admission control plugin ServiceAccount is setCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.23 Ensure that the --service-account-lookup argument is set to trueCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.26 Ensure that the --service-account-lookup argument is set to trueCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

2.2 Ensure extension directory has appropriate ownership and permissionsCIS PostgreSQL 14 OS v 1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

2.2 Ensure extension directory has appropriate ownership and permissionsCIS PostgreSQL 13 OS v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

2.3.18.5 Ensure 'Prevent users from changing permissions on rights managed content' is set to 'Disabled'CIS Microsoft Office Enterprise v1.1.0 L1Windows

ACCESS CONTROL, MEDIA PROTECTION

3.1 Ensure 'datadir' Has Appropriate PermissionsCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.1 Ensure 'datadir' Has Appropriate PermissionsCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.3 Ensure 'log_error' Has Appropriate PermissionsCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.3 Ensure 'log_error' Has Appropriate PermissionsCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.4 Ensure 'slow_query_log' Has Appropriate PermissionsCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure 'relay_log_basename' Files Have Appropriate PermissionsCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure 'relay_log_basename' Files Have Appropriate PermissionsCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure Access to Audit Records Is Controlled - /var/auditCIS Apple macOS 10.14 v2.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

3.6 Ensure 'general_log_file' Has Appropriate PermissionsCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure Plugin Directory Has Appropriate PermissionsCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure Plugin Directory Has Appropriate PermissionsCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.9 Secure MySQL Keyring - keyring_encrypted_file_data_pathCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

3.9 Secure MySQL Keyring - keyring_file_data_pathCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.1.3 If proxy kubeconfig file exists ensure permissions are set to 600 or more restrictiveCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictiveCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.7 Ensure that the certificate authorities file permissions are set to 600 or more restrictiveCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.9 Ensure that the kubelet --config configuration file has permissions set to 600 or more restrictiveCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.2.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes v1.20 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - --skip-grant-tablesCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - /etc/my.cnfCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - mysqld processCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - SYSCONFDIR/my.cnfCIS MySQL 5.7 Community Linux OS L1 v2.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.1 Ensure Home Folders Are SecureCIS Apple macOS 10.14 v2.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.3.1 Ensure a dynamic group for guest users is createdCIS Microsoft 365 Foundations E3 L1 v3.0.0microsoft_azure

ACCESS CONTROL, MEDIA PROTECTION

5.6 Ensure access to the su command is restricted - /etc/groupCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1Unix

ACCESS CONTROL, MEDIA PROTECTION

5.6 Ensure access to the su command is restricted - /etc/groupCIS SUSE Linux Enterprise Server 11 L1 v2.1.1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.4 Ensure Guest Access to Shared Folders Is Disabled - AFP SharingCIS Apple macOS 10.14 v2.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

7.2.4 Ensure OneDrive content sharing is restrictedCIS Microsoft 365 Foundations E3 L2 v3.0.0microsoft_azure

ACCESS CONTROL, MEDIA PROTECTION

7.2.7 Ensure link sharing is restricted in SharePoint and OneDriveCIS Microsoft 365 Foundations E3 L1 v3.0.0microsoft_azure

ACCESS CONTROL, MEDIA PROTECTION

9.1.7 Ensure shareable links are restrictedCIS Microsoft 365 Foundations E3 L1 v3.0.0microsoft_azure

ACCESS CONTROL, MEDIA PROTECTION

10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB ClusterCIS MySQL 8.0 Enterprise Database L2 v1.3.0MySQLDB

ACCESS CONTROL, MEDIA PROTECTION

18.9.4.1 Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled'CIS Microsoft Windows Server 2016 STIG MS L2 v1.1.0Windows

ACCESS CONTROL, MEDIA PROTECTION