| 1.1.2 Ensure /tmp is configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.4 Ensure nosuid option set on /tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.8 Ensure nodev option set on /var/tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.10 Ensure noexec option set on /var/tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.1 Ensure package manager repositories are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure GPG keys are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.7.1.3 Ensure remote login warning banner is configured properly - msrv | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1.2 Ensure ntp is configured - -u ntp:ntp | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.3 Ensure Avahi Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.5 Ensure DHCP Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS and RPC are not enabled - nfs | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.12 Ensure Samba is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.12 Ensure Samba is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.13 Ensure HTTP Proxy Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.15 Ensure mail transfer agent is configured for local-only mode - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure NIS Client is not installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure packet redirect sending is disabled - net.ipv4.conf.default.send_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv4.conf.all.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv6.conf.default.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv6.conf.all.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv6.conf.default.accept_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl.conf sysctl.d net.ipv6.conf.default.accept_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain INPUT | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3 Ensure iptables is installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts. - $ModLoad | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2 Ensure rsyslog is installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2 Ensure permissions on /etc/crontab are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.10 Ensure SSH root login is disabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.12 Ensure SSH PermitUserEnvironment is disabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.13 Ensure only strong MAC algorithms are used | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.1 Ensure password creation requirements are configured - lcredit | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - minlen | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - passwd-auth retry | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - try_first_pass | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.3 Ensure password reuse is limited - password-auth | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.4 Ensure password hashing algorithm is SHA-512 - password-auth | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.3 Ensure password expiration warning days is 7 or more - users | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.6 Ensure access to the su command is restricted - /etc/pam.d/su | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.3 Ensure permissions on /etc/shadow are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.7 Ensure permissions on /etc/shadow- are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.10 Ensure no world writable files exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.4 Ensure no legacy "+" entries exist in /etc/group | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.5 Ensure root is the only UID 0 account | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.13 Ensure users' .netrc Files are not group or world accessible | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.14 Ensure no users have .rhosts files | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.18 Ensure no duplicate user names exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8 - Managing TLS and SSL - SSLv3 disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | SYSTEM AND COMMUNICATIONS PROTECTION |