Item Search

Name	Audit Name	Plugin	Category
1.1.1 Ensure mounting of squashfs filesystems is disabled - modprobe	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.1.4 Ensure nosuid option set on /tmp partition	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.1.5 Ensure noexec option set on /tmp partition	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.1.8 Ensure nodev option set on /var/tmp partition	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.1.9 Ensure nosuid option set on /var/tmp partition	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.1.10 Ensure noexec option set on /var/tmp partition	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.1.17 Ensure noexec option set on /dev/shm partition	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.3.2 Ensure filesystem integrity is regularly checked	CIS Aliyun Linux 2 L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
1.5.1 Ensure core dumps are restricted - fs.suid_dumpable (sysctl.conf/sysctl.d)	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.5.1 Ensure core dumps are restricted - hard core (limits.conf/limits.d)	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl.conf/sysctl.d	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.5.3 Ensure prelink is disabled	CIS Aliyun Linux 2 L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
1.7.1.2 Ensure local login warning banner is configured properly - msrv	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.7.1.4 Ensure permissions on /etc/motd are configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.7.1.5 Ensure permissions on /etc/issue are configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
2.1.1.3 Ensure chrony is configured - OPTIONS	CIS Aliyun Linux 2 L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
2.1.2 Ensure X Window System is not installed	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
2.1.5 Ensure DHCP Server is not enabled - status	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
2.1.8 Ensure DNS Server is not enabled	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
2.1.9 Ensure FTP Server is not enabled - status	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
2.1.10 Ensure HTTP server is not enabled - status	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
2.1.17 Ensure rsh server is not enabled - rsh.socket status	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
2.1.18 Ensure telnet server is not enabled	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only)	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.26 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)	CIS Windows Server 2012 MS L1 v3.0.0	Windows	ACCESS CONTROL
2.2.26 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.27 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS	Windows	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
2.2.34 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS	Windows	ACCESS CONTROL
3.1.1 Ensure IP forwarding is disabled - ipv6 sysctl	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.1.2 Ensure packet redirect sending is disabled - sysctl.conf sysctl.d net.ipv4.conf.all.send_redirects	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv6.conf.all.accept_source_route	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv4.conf.default.accept_source_route	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv6.conf.all.accept_source_route	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.accept_redirects	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.3 Ensure secure ICMP redirects are not accepted - sysctl net.ipv4.conf.default.secure_redirects	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.3 Ensure secure ICMP redirects are not accepted - sysctl.conf sysctl.d net.ipv4.conf.all.secure_redirects	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.7 Ensure Reverse Path Filtering is enabled - sysctl net.ipv4.conf.default.rp_filter	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.2.8 Ensure TCP SYN Cookies is enabled - syctl net.ipv4.tcp_syncookies	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.3.4 Ensure permissions on /etc/hosts.allow are configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.4.3 Ensure RDS is disabled - grep modprobe.d	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
3.5.1.1 Ensure default deny firewall policy - Chain FORWARD	CIS Aliyun Linux 2 L1 v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.8 Ensure the Lock File Is Secured - configured	CIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware	Unix	ACCESS CONTROL, MEDIA PROTECTION
4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts. - $InputTCPServerRun	CIS Aliyun Linux 2 L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
5.1.2 Ensure permissions on /etc/crontab are configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.2.14 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval	CIS Aliyun Linux 2 L1 v1.0.0	Unix	ACCESS CONTROL
5.2.15 Ensure SSH LoginGraceTime is set to one minute or less	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
CISC-L2-000140 - The Cisco switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports.	DISA STIG Cisco NX-OS Switch L2S v3r2	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
Ensure 'TACACS+/RADIUS' is configured correctly - protocol	Tenable Cisco Firepower Best Practices Audit	Cisco	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION
Ensure 'TACACS+/RADIUS' is configured correctly - protocol	Tenable Cisco Firepower Threat Defense Best Practices Audit	Cisco_Firepower	ACCESS CONTROL
FNFG-FW-000050 - The FortiGate firewall must protect traffic log records from unauthorized access while in transit to the central audit server. - set mode	DISA Fortigate Firewall STIG v1r3	FortiGate	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search