Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.2.2 Ensure avahi daemon services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.5 Ensure dnsmasq services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.14 Ensure snmp services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.15 Ensure telnet server services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.16 Ensure tftp server services are not in useCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.2.22 Ensure only approved services are listening on a network interfaceCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

2.3.4 Ensure telnet client is not installedCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.1 Ensure IPv6 status is identifiedCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

3.1.2 Ensure wireless interfaces are disabledCIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT

3.3.9 Ensure suspicious packets are loggedCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

3.4.3.3 Ensure an nftables table existsCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.6 Ensure nftables outbound and established connections are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.3.9 Ensure nftables rules are permanentCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.4.3.4 Ensure ip6tables default deny firewall policyCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4.4.3.5 Ensure ip6tables rules are savedCIS Amazon Linux 2 v3.0.0 L1Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.2.1 Ensure at is restricted to authorized usersCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.2.5 Ensure sshd Banner is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.2.7 Ensure sshd ClientAliveInterval and ClientAliveCountMax are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.2.12 Ensure sshd KexAlgorithms is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.19 Ensure sshd PermitEmptyPasswords is disabledCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.3.5 Ensure re-authentication for privilege escalation is not disabled globallyCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

4.4.1.2 Ensure libpwquality is installedCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.4.2.3.2 Ensure password history remember is configuredCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.4.2.3.3 Ensure password history is enforced for the root userCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.4.2.4.2 Ensure pam_unix does not include rememberCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

4.5.2.1 Ensure default group for the root account is GID 0CIS Amazon Linux 2 v3.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

4.5.2.4 Ensure root password is setCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

5.1.1.1 Ensure rsyslog is installedCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.1.3 Ensure journald is configured to send logs to rsyslogCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.1.4 Ensure rsyslog default file permissions are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

5.1.1.6 Ensure rsyslog is configured to send logs to a remote log hostCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.2.1.3 Ensure systemd-journal-remote is enabledCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

5.1.2.4 Ensure journald is configured to write logfiles to persistent diskCIS Amazon Linux 2 v3.0.0 L1Unix

AUDIT AND ACCOUNTABILITY

6.1.9 Ensure permissions on /etc/shells are configuredCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.11 Ensure world writable files and directories are securedCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.12 Ensure no unowned or ungrouped files or directories existCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.13 Ensure SUID and SGID files are reviewedCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

6.2.2 Ensure /etc/shadow password fields are not emptyCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

6.2.4 Ensure no duplicate UIDs existCIS Amazon Linux 2 v3.0.0 L1Unix

IDENTIFICATION AND AUTHENTICATION

6.2.9 Ensure root is the only UID 0 accountCIS Amazon Linux 2 v3.0.0 L1Unix

ACCESS CONTROL

check if firewalld is not activeCIS Amazon Linux 2 v3.0.0 L1Unix
Check rsync installedCIS Amazon Linux 2 v3.0.0 L1Unix
config file maxauthtries settingCIS Amazon Linux 2 v3.0.0 L1Unix
Ensure at least one file named /etc/pam.d/password-auth exists and matches pattern (?i)^h*passwordh+(requisite|required)h+pam_pwhistory.soCIS Amazon Linux 2 v3.0.0 L1Unix
Ensure at least one file named /etc/pam.d/system-auth exists and matches password patternCIS Amazon Linux 2 v3.0.0 L1Unix
INPUT acceptCIS Amazon Linux 2 v3.0.0 L1Unix
Loopback on Port 587CIS Amazon Linux 2 v3.0.0 L1Unix
New format input imtcpCIS Amazon Linux 2 v3.0.0 L1Unix
On disk timestamp_timeoutCIS Amazon Linux 2 v3.0.0 L1Unix
URLCIS Amazon Linux 2 v3.0.0 L1Unix