| 1.1.6 Ensure separate partition exists for /var | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.11 Ensure separate partition exists for /var/log | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.12 Ensure separate partition exists for /var/log/audit | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - email | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2 Ensure auditd service is enabled | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - adjtimex (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify user/group information are collected | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/shadow | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/gshadow | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/passwd | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/shadow | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure successful file system mounts are collected - auditctl (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl rmmod | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - modprobe | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.14 Audit system file permissions | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| auditctl /etc/localtime | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl /etc/sudoers | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl /usr/bin/kmod | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl adjtimex x64 | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl b32 chmod | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl b32 chown | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl b32 EPERM | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl b32 fchmod | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl b64 removexattr | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl b64 sethostname | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl clock_settime x32 | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl finit_module b64 | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| auditctl wtmp | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| b32 chown | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| b32 fchownat | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| b32 lchown | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| b64 chown | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| b64 lremovexattr | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| b64 setxattr | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| grubby | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| password-auth preauth root_unlock_time | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| sshd output | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
| system-auth preauth root_unlock_time | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
