1.1.1 Create Separate Partition for /tmp | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.1.1.6 Ensure squashfs kernel module is not available | CIS Rocky Linux 9 v2.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
1.1.1.6 Ensure squashfs kernel module is not available | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
1.1.1.6 Ensure squashfs kernel module is not available | CIS AlmaLinux OS 9 v2.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
1.1.1.6 Ensure squashfs kernel module is not available | CIS Oracle Linux 9 v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
1.1.1.6 Ensure squashfs kernel module is not available | CIS Oracle Linux 9 v2.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
1.1.1.7 Ensure squashfs kernel module is not available | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
1.1.1.7 Ensure squashfs kernel module is not available | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
1.1.1.7 Ensure squashfs kernel module is not available | CIS SUSE Linux Enterprise 15 v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
1.1.1.7 Ensure squashfs kernel module is not available | CIS SUSE Linux Enterprise 15 v2.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
1.1.14 Add nodev Option to /dev/shm Partition | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
1.5.1 Set User/Group Owner on /etc/grub.conf | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
1.5.5 Disable Interactive Boot | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
1.6.5 Disable Prelink - PRELINKING=no | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
2.1.9 Remove talk | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
2.1.12 Disable chargen-dgram | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
2.1.15 Disable daytime-stream | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
2.1.17 Disable echo-stream | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
2.7 Set default ulimit as appropriate - default-ulimit | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
3.1.3 Check Responses TTL Field - check-response-ttl=yes | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
3.1.6 Restrict Published Information (if publishing is required) - publish-workstation=no | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
3.3 Remove X Windows - /etc/inittab- id:3:initdefault: | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
3.4 Disable Print Server - CUPS | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
3.8 Disable NFS and RPC - nfslock | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
3.8 Disable NFS and RPC - portmap | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
3.16 Configure Mail Transfer Agent for Local-Only Mode - O DaemonPortOptions=Port=smtp, Addr=127.0.0.1, Name=MTA | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
4.2.2 Disable ICMP Redirect Acceptance - net.ipv4.conf.default.accept_redirects = 0 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
4.2.4 Log Suspicious Packets - net.ipv4.conf.all.log_martians = 1 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
4.5.4 Create /etc/hosts.deny | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
4.6.3 Disable RDS | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
5.1.1 Configure /etc/syslog.conf - auth,user | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
5.1.1 Configure /etc/syslog.conf - unused | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
5.1.2 Create and Set Permissions on syslog Log Files - /var/log/daemon.log | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
5.1.2 Create and Set Permissions on syslog Log Files - /var/log/unused.log | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
5.2.4 Create and Set Permissions on rsyslog Log Files - /var/log/syslog | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.5 Configure rsyslog to Send Logs to a Remote Log Host - *.* @@loghost.example.com | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts - $ModLoad imtcp.so | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
6.1.10 Restrict at/cron to Authorized Users - at.allow | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
6.2.3 Set Permissions on /etc/ssh/sshd_config | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
6.2.5 Set SSH MaxAuthTries to 4 or Less | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
6.2.13 Limit Access via SSH - AllowUsers/Groups, DenyUsers/Groups | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
6.3.3 Use pam_deny.so to Deny Services - auth requisite pam_deny.so /etc/pam.d/sshd | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
7.1.1 Set Password Expiration Days - 1-90 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
7.4 Set Default umask for Users | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
8.1.1 Set Warning Banner for Standard Login Services - /etc/issue.net perms | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
9.1.10 Find World Writable Files | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
9.1.14 Find SGID System Executables | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
ALMA-09-046550 - AlmaLinux OS 9 must enable Linux audit logging for the USBGuard daemon. | DISA CloudLinux AlmaLinux OS 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
AS24-W1-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Windows Server v3r1 | Windows | ACCESS CONTROL |
AS24-W1-000010 - The Apache web server must limit the number of allowed simultaneous session requests. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | ACCESS CONTROL |