CSCv7|9.4

Title

Apply Host-based Firewalls or Port Filtering

Description

Apply host-based firewalls or port filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Limitation and Control of Network Ports, Protocols, and Services

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2 Ensure /tmp is configured	Unix	CIS Amazon Linux 2 v2.0.0 L1
1.1.2 Ensure /tmp is configured	Unix	CIS CentOS 7 v3.1.1 Server L1
1.1.2 Ensure /tmp is configured	Unix	CIS CentOS 7 v3.1.2 Workstation L1
1.1.2 Ensure /tmp is configured	Unix	CIS Red Hat EL7 Server L1 v3.1.1
1.1.2 Ensure /tmp is configured	Unix	CIS Red Hat EL7 Server L1 v3.0.1
1.1.2 Ensure /tmp is configured	Unix	CIS Red Hat EL7 Workstation L1 v3.0.1
1.1.2 Ensure /tmp is configured	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0
1.1.2 Ensure /tmp is configured	Unix	CIS CentOS 7 v3.1.1 Workstation L1
1.1.2 Ensure /tmp is configured	Unix	CIS Oracle Linux 7 Server L1 v3.1.1
1.1.2 Ensure /tmp is configured	Unix	CIS Red Hat EL7 Workstation L1 v3.1.1
1.1.2 Ensure /tmp is configured	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.1.2 Ensure /tmp is configured	Unix	CIS CentOS 7 v3.1.2 Server L1
1.1.2 Ensure /tmp is configured	Unix	CIS Oracle Linux 7 Workstation L1 v3.1.1
1.1.2 Ensure /tmp is configured	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
1.1.2 Ensure /tmp is configured	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.0.0
1.1.2 Ensure separate partition exists for /tmp	Unix	CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1
1.1.2 Ensure separate partition exists for /tmp	Unix	CIS SUSE Linux Enterprise Server 11 L2 v2.1.1
1.2.14 Ensure that the admission control plugin SecurityContextConstraint is set	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.14 Ensure that the admission control plugin SecurityContextConstraint is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.2.14 Ensure that the admission control plugin SecurityContextConstraint is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.15 Ensure that the admission control plugin NodeRestriction is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.2.15 Ensure that the admission control plugin NodeRestriction is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.15 Ensure that the admission control plugin NodeRestriction is set	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - Admission	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - Admission	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - Allow Privileged	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - Allow Privileged	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - anyuid	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - anyuid	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - Disabled	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - Disabled	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - hostaccess	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - hostaccess	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - hostmount-anyuid	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - hostmount-anyuid	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - hostnetwork	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - hostnetwork	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - node-exporter	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - node-exporter	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - nonroot	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - nonroot	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - Overrides	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - Overrides	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - privileged	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - privileged	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - restricted	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.2.0 L1
1.2.16 Ensure that the admission control plugin SecurityContextConstraint is set - restricted	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.17 Ensure that the --insecure-port argument is set to 0	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.17 Ensure that the --insecure-port argument is set to 0	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.4.0 L1
1.2.17 Ensure that the --insecure-port argument is set to 0	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1

Detections

Analytics

CSCv7|9.4

Title

Description

Reference Item Details

Audit Items