Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.2.2.2 Ensure nodev option set on /dev/shm partitionCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.3 Ensure nosuid option set on /dev/shm partitionCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.2.4 Ensure noexec option set on /dev/shm partitionCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.3 Ensure nosuid option set on /var partitionCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.1 Ensure separate partition exists for /var/tmpCIS AlmaLinux OS 9 v2.0.0 L2 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.3 Ensure nosuid option set on /var/tmp partitionCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.3 Ensure nosuid option set on /var/log partitionCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.2 Ensure nodev option set on /var/log/audit partitionCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.4 Ensure noexec option set on /var/log/audit partitionCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.5 Ensure that the scheduler pod specification file permissions are set to 600 or more restrictiveCIS Kubernetes Benchmark v1.9.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.9 Ensure that the Container Network Interface file permissions are set to 600 or more restrictiveCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.9 Ensure that the Container Network Interface file permissions are set to 600 or more restrictiveCIS Kubernetes Benchmark v1.9.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.12 Ensure that the etcd data directory ownership is set to etcd:etcdCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictiveCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.17 Ensure that the controller-manager.conf file permissions are set to 600 or more restrictiveCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:rootCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.6 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes v1.23 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.13 Ensure that the admission control plugin ServiceAccount is setCIS Kubernetes v1.24 Benchmark v1.0.0 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.2.26 Ensure that the --service-account-lookup argument is set to trueCIS Kubernetes v1.20 Benchmark v1.0.1 L1 MasterUnix

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.1 Ensure SELinux is installedCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.3 Ensure SELinux policy is configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.3.1.6 Ensure no unconfined services existCIS AlmaLinux OS 9 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

2.4.1.2 Ensure permissions on /etc/crontab are configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

2.4.1.5 Ensure permissions on /etc/cron.weekly are configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

2.4.2.1 Ensure at is restricted to authorized usersCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.1 Ensure that the kubelet service file permissions are set to 600 or more restrictiveCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.7 Ensure that the certificate authorities file permissions are set to 600 or more restrictiveCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.9 If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictiveCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.1.9 If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictiveCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.2.1 Ensure that the --anonymous-auth argument is set to falseCIS Kubernetes v1.23 Benchmark v1.0.1 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

4.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllowCIS Kubernetes v1.24 Benchmark v1.0.0 L1 WorkerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1.1 Ensure permissions on /etc/ssh/sshd_config are configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.1.3 Ensure permissions on SSH public host key files are configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.2 Ensure audit log files are mode 0640 or less permissiveCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.3 Ensure only authorized users own audit log filesCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.8 Ensure audit tools are 755 or more restrictiveCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.10 Ensure audit tools belong to group rootCIS AlmaLinux OS 8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.4.2.3 Ensure group root is the only GID 0 groupCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

5.4.2.4 Ensure root account access is controlledCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

5.4.2.6 Ensure root user umask is configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.2.1.2 Ensure journald log file access is configuredCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

6.3.4.6 Ensure audit configuration files owner is configuredCIS AlmaLinux OS 9 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.3.4.7 Ensure audit configuration files group owner is configuredCIS AlmaLinux OS 9 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1.2 Ensure permissions on /etc/passwd- are configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1.3 Ensure permissions on /etc/group are configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1.5 Ensure permissions on /etc/shadow are configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1.8 Ensure permissions on /etc/gshadow- are configuredCIS AlmaLinux OS 9 v2.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1.11 Ensure world writable files and directories are securedCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1.12 Ensure no files or directories without an owner and a group existCIS AlmaLinux OS 9 v2.0.0 L1 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION