Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:rootCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
1.1.14 Ensure that the admin.conf file ownership is set to root:rootCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
1.1.14 Ensure that the admin.conf file ownership is set to root:rootCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:rootCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictiveCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
1.13 Ensure there is only one active access key available for any single IAM userCIS Amazon Web Services Foundations L1 1.5.0amazon_aws
1.13 Ensure there is only one active access key available for any single IAM userCIS Amazon Web Services Foundations L1 2.0.0amazon_aws
2.1 Run the Docker daemon as a non-root user, if possibleCIS Docker v1.3.1 L2 Linux Host OSUnix
2.6 Ensure that the User-ID service account does not have interactive logon rightsCIS Palo Alto Firewall 11 v1.0.0 L1Palo_Alto
2.6 Ensure that the User-ID service account does not have interactive logon rightsCIS Palo Alto Firewall 9 v1.0.1 L1Palo_Alto
2.6 Ensure that the User-ID service account does not have interactive logon rightsCIS Palo Alto Firewall 10 v1.0.0 L1Palo_Alto
2.7 Ensure remote access capabilities for the User-ID service account are forbidden.CIS Palo Alto Firewall 11 v1.0.0 L1Palo_Alto
2.7 Ensure remote access capabilities for the User-ID service account are forbidden.CIS Palo Alto Firewall 10 v1.1.0 L1Palo_Alto
3.1 Ensure that the docker.service file ownership is set to root:rootCIS Docker v1.5.0 L1 Docker LinuxUnix
3.7 Ensure that registry certificate file ownership is set to root:rootCIS Docker v1.5.0 L1 Docker LinuxUnix
3.9 Ensure that TLS CA certificate file ownership is set to root:rootCIS Docker v1.5.0 L1 Docker LinuxUnix
3.15 Ensure that the Docker socket file ownership is set to root:dockerCIS Docker v1.5.0 L1 Docker LinuxUnix
3.19 Ensure that the /etc/default/docker file ownership is set to root:rootCIS Docker v1.5.0 L1 Docker LinuxUnix
3.23 Ensure that the Containerd socket file ownership is set to root:rootCIS Docker v1.5.0 L1 Docker LinuxUnix
3.23 Ensure that the Containerd socket file ownership is set to root:rootCIS Docker v1.3.1 L1 Docker LinuxUnix
4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:rootCIS Kubernetes Benchmark v1.8.0 L1 WorkerUnix
4.1.8 Ensure that the client certificate authorities file ownership is set to root:rootCIS Kubernetes Benchmark v1.7.1 L1 WorkerUnix
4.1.8 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes clusterCIS Google Kubernetes Engine (GKE) v1.5.0 L1GCP
4.1.10 If the kubelet config.yaml configuration file is being used validate file ownership is set to root:rootCIS Kubernetes Benchmark v1.7.1 L1 WorkerUnix
4.1.10 If the kubelet config.yaml configuration file is being used validate file ownership is set to root:rootCIS Kubernetes Benchmark v1.8.0 L1 WorkerUnix
5.1.2 Ensure sudo commands use ptyCIS SUSE Linux Enterprise Workstation 12 L1 v3.0.0Unix
5.1.8 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes clusterCIS Kubernetes Benchmark v1.7.1 L1 MasterUnix
5.2.1 Ensure sudo is installedCIS Amazon Linux 2 v2.0.0 L1Unix
5.2.2 Ensure sudo commands use ptyCIS Amazon Linux 2 v2.0.0 L1Unix
5.2.6 Minimize the admission of containers with allowPrivilegeEscalationCIS Kubernetes Benchmark v1.8.0 L1 MasterUnix
5.2.7 Minimize the admission of root containersCIS Kubernetes Benchmark v1.8.0 L2 MasterUnix
5.4 Ensure that privileged containers are not usedCIS Docker v1.5.0 L1 Docker LinuxUnix
5.22 Ensure that docker exec commands are not used with the privileged optionCIS Docker v1.5.0 L2 Docker LinuxUnix
5.25 Ensure that the container is restricted from acquiring additional privilegesCIS Docker v1.5.0 L1 Docker LinuxUnix
6.1.1 Create baseline of executables that elevate to a different GUID (Not scored)CIS IBM AIX 7.2 L2 v1.0.0Unix
6.1.2 Create baseline of executables that require a specific group for elevation to a different EUID (not scored)CIS IBM AIX 7.2 L2 v1.0.0Unix
6.1.3 Create baseline of executables that elevate directly to a new EUID (not scored)CIS IBM AIX 7.2 L2 v1.0.0Unix
10.2 Restrict access to the web administration applicationCIS Apache Tomcat 10 L1 v1.0.0 MiddlewareUnix
10.2 Restrict access to the web administration applicationCIS Apache Tomcat 10 L1 v1.0.0Unix
10.3 Restrict manager applicationCIS Apache Tomcat 10 L2 v1.0.0Unix
10.3 Restrict manager applicationCIS Apache Tomcat 10 L2 v1.0.0 MiddlewareUnix
10.13 Do not run applications as privilegedCIS Apache Tomcat 10 L1 v1.0.0 MiddlewareUnix