Item Search

NameAudit NamePluginCategory
1.1.1 Ensure mounting of squashfs filesystems is disabled - lsmodCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.3 Ensure nodev option set on /tmp partitionCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.1.18 Ensure sticky bit is set on all world-writable directoriesCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

1.2.3 Ensure gpgcheck is globally activatedCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND INFORMATION INTEGRITY

1.5.3 Ensure prelink is disabledCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

1.7.1.1 Ensure message of the day is configured properly - msrvCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.1.2 Ensure ntp is configured - NTP server/poolCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

2.1.1.2 Ensure ntp is configured - restrict -4CIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

2.1.1.3 Ensure chrony is configured - OPTIONSCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

2.1.2 Ensure X Window System is not installedCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.7 Ensure NFS and RPC are not enabled - rpcbind statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.13 Ensure HTTP Proxy Server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.16 Ensure NIS Server is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.17 Ensure rsh server is not enabled - rexec.socketCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.17 Ensure rsh server is not enabled - rexec.socket statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.17 Ensure rsh server is not enabled - rlogin.socketCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.17 Ensure rsh server is not enabled - rlogin.socket statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.20 Ensure rsync service is not enabledCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

2.1.20 Ensure rsync service is not enabled - statusCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.1.1 Ensure IP forwarding is disabled - ipv6 sysctl.conf sysctl.dCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.1.2 Ensure packet redirect sending is disabled - sysctl.conf sysctl.d net.ipv4.conf.default.send_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv4.conf.default.accept_source_routeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv4.conf.all.accept_source_routeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv4.conf.default.accept_source_routeCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.accept_redirectsCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

3.5.1.1 Ensure default deny firewall policy - Chain INPUTCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.5.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARDCIS Aliyun Linux 2 L1 v1.0.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

4.2.1.3 Ensure rsyslog default file permissions configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

5.1.8 Ensure at/cron is restricted to authorized users - at.denyCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.1.8 Ensure at/cron is restricted to authorized users - cron.denyCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.2.9 Ensure SSH HostbasedAuthentication is disabledCIS Aliyun Linux 2 L1 v1.0.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [default=die] pam_faillock.so'CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [success=1 default=bad] pam_unix.so'CIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.3.4 Ensure password hashing algorithm is SHA-512 - system-authCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defsCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.4.1.4 Ensure inactive password lock is 30 days or less - usersCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

5.4.1.5 Ensure all users last password change date is in the pastCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.4.2 Ensure system accounts are non-loginCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.shCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

5.5 Ensure root login is restricted to system consoleCIS Aliyun Linux 2 L1 v1.0.0Unix

ACCESS CONTROL

6.1.2 Ensure permissions on /etc/passwd are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

6.1.6 Ensure permissions on /etc/passwd- are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

6.1.8 Ensure permissions on /etc/group- are configuredCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

6.1.12 Ensure no ungrouped files or directories existCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

6.1.13 Audit SUID executablesCIS Aliyun Linux 2 L1 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

6.2.9 Ensure users own their home directoriesCIS Aliyun Linux 2 L1 v1.0.0Unix

ACCESS CONTROL

6.2.12 Ensure no users have .netrc filesCIS Aliyun Linux 2 L1 v1.0.0Unix

IDENTIFICATION AND AUTHENTICATION

6.2.16 Ensure no duplicate UIDs existCIS Aliyun Linux 2 L1 v1.0.0Unix

CONFIGURATION MANAGEMENT

SOL-11.1-040130 - Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.DISA Solaris 11 SPARC STIG v3r4Unix

IDENTIFICATION AND AUTHENTICATION