Item Search

Name	Audit Name	Plugin	Category
1.2.1.3 Ensure repo_gpgcheck is globally activated	CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation	Unix	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.2.1.3 Ensure repo_gpgcheck is globally activated	CIS Rocky Linux 9 v2.0.0 L2 Server	Unix	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.2.3 Ensure repo_gpgcheck is globally activated	CIS AlmaLinux OS 8 Server L2 v3.0.0	Unix	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.2.3 Ensure repo_gpgcheck is globally activated	CIS CentOS Linux 7 v4.0.0 L2 Workstation	Unix	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.2.3 Ensure repo_gpgcheck is globally activated	CIS Red Hat EL8 Workstation L2 v3.0.0	Unix	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.2.4 Ensure repo_gpgcheck is globally activated	CIS Amazon Linux 2023 Server L2 v1.0.0	Unix	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.3.1.8 Ensure SETroubleshoot is not installed	CIS Rocky Linux 9 v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT
1.3.1.8 Ensure SETroubleshoot is not installed	CIS AlmaLinux OS 9 v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT
1.3.1.8 Ensure SETroubleshoot is not installed	CIS Oracle Linux 9 v2.0.0 L1 Server	Unix	CONFIGURATION MANAGEMENT
1.5.1.8 Ensure SETroubleshoot is not installed	CIS AlmaLinux OS 8 Server L1 v3.0.0	Unix	CONFIGURATION MANAGEMENT
1.5.1.8 Ensure SETroubleshoot is not installed	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
1.6.1.4 Ensure SETroubleshoot is not installed	CIS Aliyun Linux 2 L2 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.6.1.7 Ensure SETroubleshoot is not installed	CIS Amazon Linux 2023 Server L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
1.6.1.7 Ensure SETroubleshoot is not installed	CIS CentOS Linux 8 Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
1.6.1.7 Ensure SETroubleshoot is not installed	CIS Fedora 28 Family Linux Server L1 v2.0.0	Unix	CONFIGURATION MANAGEMENT
1.8.6.1 Ensure 'Default File Format' is set to Enabled (Word Document (.docx))	CIS Microsoft Office Word 2013 v1.1.0	Windows	CONFIGURATION MANAGEMENT
1.10.11 Ensure 'logging trap severity ' is greater than or equal to '5'	Tenable Cisco Firepower Best Practices Audit	Cisco	AUDIT AND ACCOUNTABILITY
2.1 Disable Local-only Graphical Login Environment	CIS Solaris 11.2 L1 v1.1.0	Unix	CONFIGURATION MANAGEMENT
2.2 Disable Local-only Graphical Login Environment	CIS Oracle Solaris 11.4 L1 v1.1.0	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.4.4 - CDE - remote GUI login disabled	CIS AIX 5.3/6.1 L2 v1.1.0	Unix	ACCESS CONTROL
4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module (32-bit)	CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module (64-bit)	CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.16 Ensure kernel module loading and unloading is collected - auditctl insmod	CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.16 Ensure kernel module loading and unloading is collected - auditctl modprobe	CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.16 Ensure kernel module loading and unloading is collected - auditctl rmmod	CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.16 Ensure kernel module loading and unloading is collected - init_module/delete_module (32-bit)	CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.16 Ensure kernel module loading and unloading is collected - init_module/delete_module (32-bit)	CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.16 Ensure kernel module loading and unloading is collected - insmod	CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.1.16 Ensure kernel module loading and unloading is collected - modprobe	CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0	Unix	CONFIGURATION MANAGEMENT
4.3 (L1) Ensure the maximum failed login attempts is set to 5	CIS VMware ESXi 7.0 v1.4.0 L1	VMware	ACCESS CONTROL
5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [default=die] pam_faillock.so'	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.3.3 Ensure password reuse is limited	CIS SUSE Linux Enterprise 12 v3.2.0 L1 Server	Unix	IDENTIFICATION AND AUTHENTICATION
5.7 Do not enable the "root" account	CIS Apple OSX 10.9 L1 v1.3.0	Unix	ACCESS CONTROL
5.14 Ensure 'on-failure' container restart policy is set to '5' - RestartPolicyName	CIS Docker Community Edition v1.1.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=always	CIS Docker 1.11.0 v1.0.0 L1 Docker	Unix
5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=always	CIS Docker 1.12.0 v1.0.0 L1 Docker	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
5.15 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=always	CIS Docker 1.6 v1.0.0 L1 Docker	Unix
8.1.17 Collect Kernel Module Loading and Unloading - /sbin/modprobe	CIS Debian Linux 7 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
8.1.17 Collect Kernel Module Loading and Unloading - /sbin/rmmod	CIS Debian Linux 7 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
8.1.17 Collect Kernel Module Loading and Unloading - 32 bit init_module	CIS Debian Linux 7 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
8.1.17 Collect Kernel Module Loading and Unloading - 64 bit init_module	CIS Debian Linux 7 L2 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
AIX7-00-002128 - If bash is used, AIX must display logout messages.	DISA STIG AIX 7.x v3r1	Unix	ACCESS CONTROL
CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) switch must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries.	DISA STIG Cisco NX-OS Switch RTR v3r2	Cisco	SYSTEM AND COMMUNICATIONS PROTECTION
DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO.	McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6	Unix	SYSTEM AND INFORMATION INTEGRITY
DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO.	McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5	Unix	SYSTEM AND INFORMATION INTEGRITY
DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when a virus or Trojan is detected.	McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6	Unix	SYSTEM AND INFORMATION INTEGRITY
DTAVSEL-108 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must only be configured with exclusions which are documented and approved by the ISSO/ISSM/AO.	McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5	Unix	SYSTEM AND INFORMATION INTEGRITY
Ensure 'console session timeout' is less than or equal to '5' minutes	Tenable Cisco Firepower Best Practices Audit	Cisco	ACCESS CONTROL
EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection - version	EDB PostgreSQL Advanced Server v11 DB Audit v2r4	PostgreSQLDB	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
GEN000000-LNX00360 - The X server must have the correct options enabled - '-s <= 15'	DISA STIG for Oracle Linux 5 v2r1	Unix	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search