Detections
Analytics

CIS Amazon Linux 2 v2.0.0 L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Amazon Linux 2 v2.0.0 L2

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.18

Estimated Item Count: 128

File Details

Filename: CIS_Amazon_Linux_2_v2.0.0_L2.audit

Size: 346 kB

MD5: 7448b18bdaddebc91b444f91d9935b82
SHA256: a8854ad41431b17c51222eec8fd8b06d2471ca6af8aaac90ec7c8ae0624620b9

Audit Items

DescriptionCategories
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmod
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobe
1.1.10 Ensure separate partition exists for /var
1.1.11 Ensure separate partition exists for /var/tmp
1.1.15 Ensure separate partition exists for /var/log
1.1.16 Ensure separate partition exists for /var/log/audit
1.1.17 Ensure separate partition exists for /home
1.6.1.5 Ensure the SELinux mode is enforcing
3.1.1 Disable IPv6
3.4.1 Ensure DCCP is disabled - lsmod
3.4.1 Ensure DCCP is disabled - modprobe
3.4.2 Ensure SCTP is disabled - lsmod
3.4.2 Ensure SCTP is disabled - modprobe
4.1.1.1 Ensure auditd is installed - audit
4.1.1.1 Ensure auditd is installed - audit-libs
4.1.1.2 Ensure auditd service is enabled and running - enabled
4.1.1.2 Ensure auditd service is enabled and running - running
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct
4.1.2.3 Ensure system is disabled when audit logs are full - admin_space_left_action
4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action
4.1.2.4 Ensure audit_backlog_limit is sufficient
4.1.3 Ensure events that modify date and time information are collected - adjtimex
4.1.3 Ensure events that modify date and time information are collected - adjtimex b32
4.1.3 Ensure events that modify date and time information are collected - adjtimex b64
4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex
4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex b64
4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime
4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime b64
4.1.3 Ensure events that modify date and time information are collected - auditctl localtime
4.1.3 Ensure events that modify date and time information are collected - clock_settime
4.1.3 Ensure events that modify date and time information are collected - clock_settime b32
4.1.3 Ensure events that modify date and time information are collected - clock_settime b64
4.1.3 Ensure events that modify date and time information are collected - localtime
4.1.3 Ensure events that modify date and time information are collected - localtime b64
4.1.4 Ensure events that modify user/group information are collected - /etc/group
4.1.4 Ensure events that modify user/group information are collected - /etc/gshadow
4.1.4 Ensure events that modify user/group information are collected - /etc/passwd
4.1.4 Ensure events that modify user/group information are collected - /etc/security/opasswd
4.1.4 Ensure events that modify user/group information are collected - /etc/shadow
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/group
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/gshadow
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/passwd
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/shadow
4.1.5 Ensure events that modify the system's network environment are collected - /etc/hosts
4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue
4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue.net