Item Search

NameAudit NamePluginCategory
1.1.2 Ensure that the API server pod specification file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.4 Ensure that the controller manager pod specification file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.8 Ensure that the etcd pod specification file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.10 Ensure that the Container Network Interface file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.16 Ensure that the scheduler.conf file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictiveCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

1.7.1 - Miscellaneous Enhancements - crontab access - 'cron.allow includes no other users'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

1.7.2 - Miscellaneous Enhancements - at access - 'at.allow includes no other users'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

1.7.3 - Miscellaneous Enhancements - '/etc/ftpusers includes root'CIS AIX 5.3/6.1 L1 v1.1.0Unix

ACCESS CONTROL

1.8.2 Set username secret for all local usersCIS Cisco IOS XR 7.x v1.0.0 L1Cisco

ACCESS CONTROL

2.1 Run BIND as a non-root User - process -u namedCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

ACCESS CONTROL

2.1 Run BIND as a non-root User - process -u namedCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

ACCESS CONTROL

2.1 Run BIND as a non-root User - UIDCIS BIND DNS v3.0.1 Caching Only Name ServerUnix

ACCESS CONTROL

2.1 Run BIND as a non-root User - UIDCIS BIND DNS v3.0.1 Authoritative Name ServerUnix

ACCESS CONTROL

2.2 Run BIND as a non-root user '-u named'CIS ISC BIND 9.0/9.5 v2.0.0Unix

ACCESS CONTROL

2.2 Run BIND as a non-root user 'id named'CIS ISC BIND 9.0/9.5 v2.0.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains adm'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains bin'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains daemon'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains guest'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains invscout'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains lp'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains lpd'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains nuucp'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains sys'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.9 - Miscellaneous Config - /etc/ftpusers - '/etc/ftpusers contains uucp'CIS AIX 5.3/6.1 L2 v1.1.0Unix

ACCESS CONTROL

2.12.13 - Miscellaneous Config - authorized users in at.allow - 'at.allow contains no other entries besides sys and adm'CIS AIX 5.3/6.1 L1 v1.1.0Unix

ACCESS CONTROL

2.12.14 - Miscellaneous Config - authorized users in cron.allow - 'cron.allow contains no other entries besides sys and adm'CIS AIX 5.3/6.1 L1 v1.1.0Unix

ACCESS CONTROL

3.12 Ensure the 'SYSADMIN' Role is Limited to Administrative or Built-in AccountsCIS SQL Server 2022 Database L1 DB v1.1.0MS_SQLDB

ACCESS CONTROL

4.1 Ensure Interactive Login is DisabledCIS PostgreSQL 13 OS v1.2.0Unix

ACCESS CONTROL

4.1 Ensure Interactive Login is DisabledCIS PostgreSQL 14 OS v 1.2.0Unix

ACCESS CONTROL

4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:rootCIS Kubernetes v1.10.0 L1 WorkerUnix

ACCESS CONTROL

4.1.6 Avoid use of system:masters groupCIS Google Kubernetes Engine (GKE) v1.6.1 L1GCP

ACCESS CONTROL

4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 WorkerUnix

ACCESS CONTROL

4.1.7 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes clusterCIS Google Kubernetes Engine (GKE) v1.6.1 L1GCP

ACCESS CONTROL

4.1.8 Ensure that the client certificate authorities file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 WorkerUnix

ACCESS CONTROL

4.1.10 If the kubelet config.yaml configuration file is being used validate file ownership is set to root:rootCIS Kubernetes v1.10.0 L1 WorkerUnix

ACCESS CONTROL

5.2.6 Minimize the admission of containers with allowPrivilegeEscalationCIS Kubernetes v1.10.0 L1 MasterUnix

ACCESS CONTROL

6.3.1 Privilege escalation: sudoCIS IBM AIX 7.2 L2 v1.1.0Unix

ACCESS CONTROL

6.4 Adding authorized users in at.allowCIS IBM AIX 7.2 L1 v1.1.0Unix

ACCESS CONTROL

6.5 Restrict FTP Use - Audit the list of users in /etc/ftpd/ftpusers.CIS Solaris 10 L1 v5.2Unix

ACCESS CONTROL

6.6 Adding authorized users in cron.allowCIS IBM AIX 7.2 L1 v1.1.0Unix

ACCESS CONTROL

6.9 Restrict FTP UseCIS Solaris 11.1 L1 v1.0.0Unix

ACCESS CONTROL

6.9 Restrict FTP UseCIS Solaris 11 L1 v1.1.0Unix

ACCESS CONTROL

6.9 Restrict FTP Use - /etc/ftpd/ftpusersCIS Solaris 11.2 L1 v1.1.0Unix

ACCESS CONTROL

7.4 Create /etc/ftpd/ftpusersCIS Solaris 9 v1.3Unix

ACCESS CONTROL

7.4 Create /etc/ftpusersCIS Solaris 9 v1.3Unix

ACCESS CONTROL

10.3 Restrict manager applicationCIS Apache Tomcat 7 L2 v1.1.0Unix

ACCESS CONTROL

10.3 Restrict manager applicationCIS Apache Tomcat 7 L2 v1.1.0 MiddlewareUnix

ACCESS CONTROL

Access Security - SSH - Deny Root loginsJuniper Hardening JunOS 12 Devices ChecklistJuniper

ACCESS CONTROL