Item Search

Name	Audit Name	Plugin	Category
1.1.5.2.3 Set 'Windows Firewall: Private: Apply local firewall rules' to 'Yes (default)'	CIS Windows 8 L1 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
1.1.5.2.8 Set 'Windows Firewall: Private: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\privatefw.log'	CIS Windows 8 L1 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
3.3.1 Ensure TCP Wrappers is installed	CIS Debian 9 Server L1 v1.0.1	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.3.1 Ensure TCP Wrappers is installed	CIS Debian 9 Workstation L1 v1.0.1	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.3.3 Ensure /etc/hosts.deny is configured	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.4.1.1 Ensure a Firewall package is installed	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.4.2 Ensure /etc/hosts.allow is configured	CIS CentOS 6 Workstation L1 v3.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.4.2 Ensure /etc/hosts.allow is configured	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.4.2 Ensure /etc/hosts.allow is configured	CIS Oracle Linux 6 Server L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.4.3 Ensure /etc/hosts.deny is configured	CIS CentOS 6 Server L1 v3.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.4.3 Ensure /etc/hosts.deny is configured	CIS Oracle Linux 6 Workstation L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.4.4.2.2 Ensure loopback traffic is configured	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.4.4.2.3 Ensure outbound and established connections are configured	CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.1.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.1.2 Ensure IPv6 loopback traffic is configured - INPUT	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.1.2 Ensure IPv6 loopback traffic is configured - OUTPUT	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.1.3 Ensure IPv6 outbound and established connections are configured	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.1.4 Ensure IPv6 firewall rules exist for all open ports	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.2.1 Ensure default deny firewall policy - Chain FORWARD	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.2.2 Ensure loopback traffic is configured - INPUT	CIS Distribution Independent Linux Server L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.3 Ensure iptables is installed	CIS Distribution Independent Linux Workstation L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.5.3.3.3 Ensure ip6tables outbound and established connections are configured	CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.6.4.1.1 Ensure default deny firewall policy - 'Chain INPUT'	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.6.4.1.2 Ensure loopback traffic is configured	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.6.4.1.3 Ensure outbound and established connections are configured	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
3.6.4.2.4 Ensure IPv6 firewall rules exist for all open ports	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
6.6 Ensure ModSecurity Is Installed and Enabled	CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia Level	CIS Apache HTTP Server 2.2 L2 v3.6.0	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
18.4.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.4.5 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.4.8 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.4.11 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.4.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'	CIS Windows 7 Workstation Level 2 v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.5.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
Ensure broadcast ICMP requests are ignored - sysctl	Tenable Cisco Firepower Management Center OS Best Practices Audit	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 default accept	Tenable Cisco Firepower Management Center OS Best Practices Audit	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
Ensure IP forwarding is disabled - /etc/sysctl	Tenable Cisco Firepower Management Center OS Best Practices Audit	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
Ensure IPv6 router advertisements are not accepted - sysctl ipv6 default accept	Tenable Cisco Firepower Management Center OS Best Practices Audit	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
Ensure packet redirect sending is disabled - /etc/sysctl ipv4 all send	Tenable Cisco Firepower Management Center OS Best Practices Audit	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
Ensure TCP SYN Cookies is enabled - sysctl	Tenable Cisco Firepower Management Center OS Best Practices Audit	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)	MSCT Windows Server v20H2 DC v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)	MSCT Windows Server v2004 MS v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)	MSCT Windows 10 v2004 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)	MSCT Windows 10 v21H2 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)	MSCT Windows Server 1903 DC v1.19.9	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (DisableIPSourceRouting) IP source routing protection level (Protects against packet spoofing)	MSCT Windows 10 v1507 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)	MSCT Windows 10 1809 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)	MSCT Windows Server v20H2 MS v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes	MSCT Windows Server v20H2 DC v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes	MSCT Windows 10 v2004 v1.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

Item Search