1.6.1.1 Ensure SELinux or AppArmor are installed | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing - 'SELinux status' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | ACCESS CONTROL |
1.6.1.2 Ensure the SELinux state is enforcing - 'SELINUX' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | ACCESS CONTROL |
1.6.2.2 Ensure all AppArmor Profiles are enforcing | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | ACCESS CONTROL |
1.6.2.2 Ensure all AppArmor Profiles are enforcing - 'complian mode' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | ACCESS CONTROL |
1.6.3 Ensure SELinux or AppArmor are installed | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | ACCESS CONTROL |
1.6.3.2 Ensure all AppArmor Profiles are enforcing - 0 profiles are in complain mode | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode - loaded | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | ACCESS CONTROL |
1.7.1.3 Ensure SELinux policy is configured - /etc/selinux/config | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | ACCESS CONTROL |
1.7.1.4 Ensure all AppArmor Profiles are enforcing - profiles complain | CIS SUSE Linux Enterprise 15 Server L2 v1.0.0 | Unix | ACCESS CONTROL |
1.7.1.4 Ensure all AppArmor Profiles are enforcing - profiles loaded | CIS SUSE Linux Enterprise 15 Workstation L2 v1.0.0 | Unix | ACCESS CONTROL |
1.7.1.4 Ensure the SELinux mode is enforcing or permissive - /etc/selinux/config | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | ACCESS CONTROL |
1.7.1.5 Ensure the SELinux mode is enforcing - getenforce | CIS Red Hat EL7 Server L2 v3.0.1 | Unix | ACCESS CONTROL |
1.7.1.6 Ensure no unconfined services exist | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | ACCESS CONTROL |
2.1 Ensure that authentication is enabled for Cassandra databases | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
2.2 Ensure that authorization is enabled for Cassandra databases | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
2.4 Set root Ownership of BIND Directories | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
2.8 Set Other Permissions Read-Only for All BIND Directories and Files - files | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
2.9 Isolate BIND with chroot'ed Subdirectory | CIS BIND DNS v1.0.0 L2 Authoritative Name Server | Unix | ACCESS CONTROL |
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
3.3 Restrict Query Origins | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
3.4 Ensure Apache Directories and Files Are Owned By Root | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
3.5.2.11 Ensure nftables rules are permanent | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | ACCESS CONTROL |
3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
3.9 Secure the Pid File - 'PidFile directory' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
3.9 Secure the Pid File - 'PidFile directory' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Deny = from all | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Require directives exist' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Require all denied | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Allow is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Allow is configured' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Deny is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Order Deny,Allow' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'Require is configured' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
4.4 Ensure OverRide Is Disabled for All Directories | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
4.4 Restrict Access to All Key Files - group root/named | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
4.4 Restrict Access to All Key Files - user root/named | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
5.1.2 Ensure permissions on /etc/crontab are configured | CIS Debian Family Server L1 v1.0.0 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - '/etc/bash.bashrc' | CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bashrc | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.sh | CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0 | Unix | ACCESS CONTROL |
6.1.1 Audit system file permissions | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL |
7.3 Ensure the Server's Private Key Is Protected | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
7.3 Ensure the Server's Private Key Is Protected | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
11.2 Ensure Apache Processes Run in the httpd_t Confined Context - apachectl | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
18.9.59.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
19.7.26.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |