Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.1.3 Ensure Avahi Server is not enabledCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.4 Ensure CUPS is not enabledCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.5 Ensure DHCP Server is not enabledCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.6 Ensure LDAP server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.8 Ensure DNS Server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.14 Ensure SNMP Server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.15 Ensure mail transfer agent is configured for local-only modeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.17 Ensure rsh server is not enabled - rlogin.socketCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.17 Ensure rsh server is not enabled - rsh.socketCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.18 Ensure telnet server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.21 Ensure talk server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv4.conf.all.accept_source_routeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv4.conf.default.accept_source_routeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv4.conf.all.accept_source_routeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv4.conf.default.accept_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv6.conf.all.accept_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - sysctl.conf sysctl.d net.ipv6.conf.default.accept_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.3 Ensure secure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.secure_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.4 Ensure suspicious packets are logged - sysctl net.ipv4.conf.all.log_martiansCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

3.2.4 Ensure suspicious packets are logged - sysctl.conf sysctl.d net.ipv4.conf.default.log_martiansCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

3.2.7 Ensure Reverse Path Filtering is enabled - sysctl.conf sysctl.d net.ipv4.conf.all.rp_filterCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.all.accept_raCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.4.2 Ensure SCTP is disabled - grep modprobe.dCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.4.3 Ensure RDS is disabled - modprobeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.5.1.1 Ensure default deny firewall policy - Chain INPUTCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.3 Ensure outbound and established connections are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARDCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.4 Ensure IPv6 firewall rules exist for all open portsCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

5.1.8 Ensure at/cron is restricted to authorized users - at.allowCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.1.8 Ensure at/cron is restricted to authorized users - at.denyCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.2.4 Ensure permissions on SSH public host key files are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.2.14 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMaxCIS Aliyun Linux 2 L1 v1.0.0Unix

ACCESS CONTROL

5.2.16 Ensure that strong Key Exchange algorithms are usedCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

5.2.19 Ensure SSH warning banner is configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [success=1 default=bad] pam_unix.so'CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so'CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3.4 Ensure password hashing algorithm is SHA-512 - password-authCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.4.1.2 Ensure minimum days between password changes is 7 or more - usersCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.4.1.4 Ensure inactive password lock is 30 days or less - usersCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.shCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

6.1.9 Ensure permissions on /etc/gshadow- are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

6.2.1 Ensure password fields are not emptyCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

6.2.5 Ensure root is the only UID 0 accountCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

6.2.13 Ensure users' .netrc Files are not group or world accessibleCIS Aliyun Linux 2 L1 v1.0.0Unix

ACCESS CONTROL

6.2.17 Ensure no duplicate GIDs existCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

6.2.19 Ensure no duplicate group names existCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

Check if Postfix is installedCIS Aliyun Linux 2 L1 v1.0.0Unix
Check NTP installedCIS Aliyun Linux 2 L1 v1.0.0Unix
Check writable dirs in root path variableCIS Aliyun Linux 2 L1 v1.0.0Unix
Ensure ntp is configured - ExecStartCIS Aliyun Linux 2 L1 v1.0.0Unix