Item Search

Name	Audit Name	Plugin	Category
'local2,local3.* -/var/log/localmessages'	CIS Amazon Linux 2 v3.0.0 L1	Unix
'mail.* -/var/log/mail'	CIS Amazon Linux 2 v3.0.0 L1	Unix
/etc/cron.deny file permissions	CIS Amazon Linux 2 v3.0.0 L1	Unix
/etc/security/opasswd.old file permissions	CIS Amazon Linux 2 v3.0.0 L1	Unix
/etc/security/pwquality.conf	CIS Amazon Linux 2 v3.0.0 L1	Unix
/usr/lib/systemd/system/rescue.service	CIS Amazon Linux 2 v3.0.0 L1	Unix
1.1.1.1 Ensure cramfs kernel module is not available	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
1.1.1.2 Ensure freevxfs kernel module is not available	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
1.1.2.1.1 Ensure /tmp is a separate partition	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
1.1.2.1.3 Ensure nosuid option set on /tmp partition	CIS Amazon Linux 2 v3.0.0 L1	Unix	ACCESS CONTROL, MEDIA PROTECTION
1.1.2.2.2 Ensure nodev option set on /dev/shm partition	CIS Amazon Linux 2 v3.0.0 L1	Unix	ACCESS CONTROL, MEDIA PROTECTION
1.1.2.2.3 Ensure nosuid option set on /dev/shm partition	CIS Amazon Linux 2 v3.0.0 L1	Unix	ACCESS CONTROL, MEDIA PROTECTION
1.1.2.6.4 Ensure noexec option set on /var/log partition	CIS Amazon Linux 2 v3.0.0 L1	Unix	ACCESS CONTROL, MEDIA PROTECTION
1.2.5 Ensure updates, patches, and additional security software are installed	CIS Amazon Linux 2 v3.0.0 L1	Unix	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
1.3.1 Ensure authentication required for single user mode	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
1.4.4 Ensure core dump storage is disabled	CIS Amazon Linux 2 v3.0.0 L1	Unix	ACCESS CONTROL
1.5.1.1 Ensure SELinux is installed	CIS Amazon Linux 2 v3.0.0 L1	Unix	ACCESS CONTROL, MEDIA PROTECTION
1.6.3 Ensure remote login warning banner is configured properly	CIS Amazon Linux 2 v3.0.0 L1	Unix	ACCESS CONTROL
2.2.7 Ensure ftp server services are not in use	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
2.2.11 Ensure print server services are not in use	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
2.2.13 Ensure rsync services are not in use	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
2.2.17 Ensure web proxy server services are not in use	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
2.2.21 Ensure mail transfer agents are configured for local-only mode	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
2.3.1 Ensure ftp client is not installed	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
3.3.1 Ensure ip forwarding is disabled	CIS Amazon Linux 2 v3.0.0 L1	Unix	CONFIGURATION MANAGEMENT
3.4.1.1 Ensure iptables is installed	CIS Amazon Linux 2 v3.0.0 L1	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4.2.1 Ensure firewalld is installed	CIS Amazon Linux 2 v3.0.0 L1	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4.3.1 Ensure nftables is installed	CIS Amazon Linux 2 v3.0.0 L1	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4.4.1.1 Ensure iptables packages are installed	CIS Amazon Linux 2 v3.0.0 L1	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4.4.2.2 Ensure iptables outbound and established connections are configured	CIS Amazon Linux 2 v3.0.0 L1	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
3.4.4.3.2 Ensure ip6tables outbound and established connections are configured	CIS Amazon Linux 2 v3.0.0 L1	Unix	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [default=die] pam_faillock.so'	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth required pam_faillock.so'	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.3.3 Ensure password reuse is limited - system-auth	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.4.1.1 Ensure password expiration is 365 days or less - users	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
5.4.1.5 Ensure all users last password change date is in the past	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bashrc	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
5.5 Ensure root login is restricted to system console	CIS Aliyun Linux 2 L1 v1.0.0	Unix	ACCESS CONTROL
6.1.2 Ensure permissions on /etc/passwd are configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
6.1.5 Ensure permissions on /etc/gshadow are configured	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
6.1.12 Ensure no ungrouped files or directories exist	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
6.1.13 Audit SUID executables	CIS Aliyun Linux 2 L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
6.1.14 Audit SGID executables	CIS Aliyun Linux 2 L1 v1.0.0	Unix	AUDIT AND ACCOUNTABILITY
6.2.4 Ensure no legacy "+" entries exist in /etc/group	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
6.2.9 Ensure users own their home directories	CIS Aliyun Linux 2 L1 v1.0.0	Unix	ACCESS CONTROL
6.2.12 Ensure no users have .netrc files	CIS Aliyun Linux 2 L1 v1.0.0	Unix	IDENTIFICATION AND AUTHENTICATION
6.2.15 Ensure all groups in /etc/passwd exist in /etc/group	CIS Aliyun Linux 2 L1 v1.0.0	Unix	CONFIGURATION MANAGEMENT
Check for rsyslog package	CIS Aliyun Linux 2 L1 v1.0.0	Unix
Ensure ntp is configured - OPTIONS	CIS Aliyun Linux 2 L1 v1.0.0	Unix

Detections

Analytics

Item Search