| 3.1.3 Ensure bluetooth services are not in use | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.6 Ensure secure icmp redirects are not accepted | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.7 Ensure reverse path filtering is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.2.2 Ensure firewalld service enabled and running | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.5 Ensure nftables loopback traffic is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.7 Ensure nftables default deny firewall policy | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.3 Ensure iptables rules exist for all open ports | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.5 Ensure iptables rules are saved | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.6 Ensure iptables service is enabled and active | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.3.3 Ensure ip6tables firewall rules exist for all open ports | CIS Amazon Linux 2 v3.0.0 L1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1.2 Ensure permissions on /etc/crontab are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.7 Ensure permissions on /etc/cron.d are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.11 Ensure sshd IgnoreRhosts is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.2.13 Ensure sshd LoginGraceTime is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.2.20 Ensure sshd PermitRootLogin is disabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.2.22 Ensure sshd UsePAM is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3.6 Ensure sudo authentication timeout is configured correctly | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.4.2.2.6 Ensure password maximum sequential characters is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.4.2.4.3 Ensure pam_unix includes a strong password hashing algorithm | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.1.1 Ensure strong password hashing algorithm is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.2.1.1 Ensure systemd-journal-remote is installed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.1.4 Ensure journald is not configured to receive logs from a remote client | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.2.2 Ensure journald service is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.3 Ensure journald is configured to compress large log files | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.6 Ensure journald log rotation is configured per site policy | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.3 Ensure logrotate is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3.2 Ensure filesystem integrity is regularly checked | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.1.7 Ensure permissions on /etc/gshadow are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure permissions on /etc/gshadow- are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 6.2.6 Ensure no duplicate user names exist | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.8 Ensure root path integrity | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| at is installed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| autofs.service enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| banner text | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Chain INPUT | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Check for systemd-journal-remote package | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Check if cron is installed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| ClientAliveInterval is greater than 0 | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Ensure at least one file named /etc/pam.d/password-auth exists and matches password pattern | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Ensure at least one file named /etc/pam.d/system-auth exists and matches pattern | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Ensure at least one file named /etc/pam.d/system-auth exists and matches pattern (?i)^h*passwordh+(requisite|required)h+pam_pwhistory.so� | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Ensure at least one file named /etc/pam.d/system-auth exists and matches pattern ^h*authh+(required|requisite)h+([^# | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Ensure no file named /etc/pam.d/password-auth pam_unix.so contains remember | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Ensure no file named /etc/pam.d/system-auth exists and matches pattern | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Ensure no file named /etc/pam.d/system-auth pam_unix.so contains remember | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Global configuration is set correctly | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| INPUT drop | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Nftables check - active | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
| Old format ModLoad imtcp | CIS Amazon Linux 2 v3.0.0 L1 | Unix | |
