1.1.21 Ensure sticky bit is set on all world-writable directories | CIS Debian 9 Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing | CIS Distribution Independent Linux Server L2 v1.1.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing | Huawei EulerOS 2 Server L2 v1.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.3 Ensure SELinux policy is configured | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
1.6.1.4 Ensure the SELinux mode is enforcing or permissive - config | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
1.6.1.4 Ensure the SELinux mode is enforcing or permissive - getenforce | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
1.6.1.5 Ensure the SELinux mode is enforcing - config | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.5 Ensure the SELinux mode is enforcing - config | CIS Red Hat 6 Server L2 v3.0.0 | Unix | ACCESS CONTROL |
1.6.1.6 Ensure no unconfined daemons exist | Huawei EulerOS 2 Workstation L2 v1.0 | Unix | ACCESS CONTROL |
1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration - /boot/grub/menu.lst apparmor=0 | CIS Distribution Independent Linux Server L2 v1.1.0 | Unix | ACCESS CONTROL |
1.6.3 Ensure SELinux or AppArmor are installed | CIS Debian 9 Server L2 v1.0.1 | Unix | ACCESS CONTROL |
1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode - 0 processes are unconfined | CIS Debian Family Server L1 v1.0.0 | Unix | ACCESS CONTROL |
1.7.1.5 Ensure no unconfined services exist | CIS Red Hat EL8 Server L2 v1.0.0 | Unix | ACCESS CONTROL |
2.2.59 Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS | Windows | ACCESS CONTROL |
2.3.10.14 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 MS | Windows | ACCESS CONTROL |
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions | CIS MySQL 8.0 Enterprise Database L1 v1.3.0 | MySQLDB | ACCESS CONTROL |
3.3 Ensure 'log_error' Has Appropriate Permissions | CIS MySQL 8.0 Community Database L1 v1.0.0 | MySQLDB | ACCESS CONTROL |
3.3 Set daemon umask (/etc/periodic/* umask) | CIS FreeBSD v1.0.5 | Unix | ACCESS CONTROL |
3.3 Set daemon umask (/usr/local/etc/rc.d umask) | CIS FreeBSD v1.0.5 | Unix | ACCESS CONTROL |
3.04 Oracle account .profile file - 'Unix systems umask 022' | CIS v1.1.0 Oracle 11g OS L1 | Unix | ACCESS CONTROL |
3.7 Ensure SSL Key Files Have Appropriate Permissions | CIS MySQL 8.0 Enterprise Database L1 v1.3.0 | MySQLDB | ACCESS CONTROL |
3.8 Ensure Plugin Directory Has Appropriate Permissions | CIS MySQL 8.0 Enterprise Database L1 v1.3.0 | MySQLDB | ACCESS CONTROL |
4.4 Ensure logrotate assigns appropriate permissions | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
5.1 Set daemon umask - Check if CMASK is set to 022 in /etc/default/init. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
5.2.2 Ensure permissions on SSH private host key files are configured | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bash.bashrc.local | CIS SUSE Linux Enterprise Server 12 L1 v2.1.0 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bashrc | Huawei EulerOS 2 Server L1 v1.0 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - /etc/pam.d/common-session | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile | Huawei EulerOS 2 Workstation L1 v1.0 | Unix | ACCESS CONTROL |
5.5.5 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.sh | CIS Red Hat EL8 Server L1 v1.0.0 | Unix | ACCESS CONTROL |
5.6 Ensure access to the su command is restricted | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | ACCESS CONTROL |
5.6 Ensure access to the su command is restricted | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | ACCESS CONTROL |
6.1.10 Ensure no world writable files exist | CIS Debian Family Server L1 v1.0.0 | Unix | ACCESS CONTROL |
6.2.7 Ensure users own their home directories | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
6.2.13 Ensure users' .netrc Files are not group or world accessible | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL |
6.2.20 Ensure shadow group is empty - /etc/passwd | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
7.4 Set Default File Creation Mask for FTP Users | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
7.4 Set Default File Creation Mask for FTP Users | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
7.4 Set Default File Creation Mask for FTP Users | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/profile. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
7.6 Set Default umask for Users, Check if 'UMASK' is set to 077. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
8.1.1 Set Warning Banner for Standard Login Services - /etc/motd | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
8.8 Set default umask for users (/etc/csh.login) | CIS FreeBSD v1.0.5 | Unix | ACCESS CONTROL |
8.8 Set default umask for users (/etc/profile) | CIS FreeBSD v1.0.5 | Unix | ACCESS CONTROL |
8.8 Set default umask for users (/usr/share/skel/dot.shrc) | CIS FreeBSD v1.0.5 | Unix | ACCESS CONTROL |
9.1.11 Find Un-owned Files and Directories | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
9.1.13 Find SUID System Executables | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
9.25 Find Files and Directories with Extended Attributes | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
18.10.3.1 (L2) Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | ACCESS CONTROL |