| 1.1.1 Ensure mounting of squashfs filesystems is disabled - lsmod | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.3 Ensure nodev option set on /tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.18 Ensure sticky bit is set on all world-writable directories | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.3 Ensure gpgcheck is globally activated | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure prelink is disabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.7.1.1 Ensure message of the day is configured properly - msrv | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1.2 Ensure ntp is configured - NTP server/pool | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.1.2 Ensure ntp is configured - restrict -4 | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.1.3 Ensure chrony is configured - OPTIONS | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.2 Ensure X Window System is not installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS and RPC are not enabled - rpcbind status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.13 Ensure HTTP Proxy Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.16 Ensure NIS Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rexec.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rexec.socket status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rlogin.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rlogin.socket status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.20 Ensure rsync service is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.20 Ensure rsync service is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure IP forwarding is disabled - ipv6 sysctl.conf sysctl.d | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure packet redirect sending is disabled - sysctl.conf sysctl.d net.ipv4.conf.default.send_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv4.conf.default.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv4.conf.all.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv4.conf.default.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.accept_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.1 Ensure default deny firewall policy - Chain INPUT | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARD | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.3 Ensure rsyslog default file permissions configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.deny | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.8 Ensure at/cron is restricted to authorized users - cron.deny | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.9 Ensure SSH HostbasedAuthentication is disabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [default=die] pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.4 Ensure password hashing algorithm is SHA-512 - system-auth | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.4 Ensure inactive password lock is 30 days or less - users | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.5 Ensure all users last password change date is in the past | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.2 Ensure system accounts are non-login | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.sh | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.5 Ensure root login is restricted to system console | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.1.2 Ensure permissions on /etc/passwd are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.6 Ensure permissions on /etc/passwd- are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.8 Ensure permissions on /etc/group- are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.12 Ensure no ungrouped files or directories exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.13 Audit SUID executables | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.9 Ensure users own their home directories | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.12 Ensure no users have .netrc files | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.16 Ensure no duplicate UIDs exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| SOL-11.1-040130 - Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. | DISA Solaris 11 SPARC STIG v3r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
