Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.2 Enable SSH (PermitRootLogin)CIS FreeBSD v1.0.5Unix

ACCESS CONTROL

1.2 Enable SSH (Protocol 2)CIS FreeBSD v1.0.5Unix
1.2 Enable SSH (sshd_enable)CIS FreeBSD v1.0.5Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.1 Ensure software update repositories are configuredCIS Bottlerocket L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.3 Enable TCP Wrappers and a host based firewall (/etc/hosts.allow)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

1.3 Enable TCP Wrappers and a host based firewall (inetd_enable)CIS FreeBSD v1.0.5Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.3 Enable TCP Wrappers and a host based firewall (ipfw_load)CIS FreeBSD v1.0.5Unix

SYSTEM AND COMMUNICATIONS PROTECTION

1.4.3 Ensure unprivileged eBPF is disabledCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.5.1 Ensure SELinux is configuredCIS Bottlerocket L1Unix

ACCESS CONTROL, MEDIA PROTECTION

1.6 Ensure updates, patches, and additional security software are installedCIS Bottlerocket L1Unix

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

2.1 Disable all inetd daemonsCIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

2.6 Only enable finger if absolutely necessaryCIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

2.7 Only enable Kerberos-related daemons if absolutely necessary (kadmind5_server_enable)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

2.7 Only enable Kerberos-related daemons if absolutely necessary (kerberos5_enable)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

2.7 Only enable Kerberos-related daemons if absolutely necessary (kpasswdd_server_enable)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

3.1 Disable login prompts on serial ports (ttyd1)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

3.1 Disable login prompts on serial ports (ttyd2)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

3.1 Disable login prompts on serial ports (ttyd3)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

3.2.1 Ensure source routed packets are not acceptedCIS Bottlerocket L2Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.5 Ensure broadcast ICMP requests are ignoredCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2.7 Ensure TCP SYN Cookies is enabledCIS Bottlerocket L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.3 Set daemon umask (/etc/* umask)CIS FreeBSD v1.0.5Unix

ACCESS CONTROL

3.4.1.1 Ensure IPv4 default deny firewall policyCIS Bottlerocket L2Unix

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Disable the email server if possible (sendmail_enable)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

3.5 Disable the email server if possible (sendmail_msp_queue_enable)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

3.12 Only enable NIS if absolutely necessary (nis_yppasswdd_enable)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

3.12 Only enable NIS if absolutely necessary (rpc_ypupdated_enable)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

4.2 Set a default secure levelCIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

4.3 Block users from viewing unowned processesCIS FreeBSD v1.0.5Unix

ACCESS CONTROL

4.4 Block users from viewing processes in other groupsCIS FreeBSD v1.0.5Unix

ACCESS CONTROL

5.5 Configure newsyslog for secure file permissions (/var/log/daily.log)CIS FreeBSD v1.0.5Unix

AUDIT AND ACCOUNTABILITY

5.5 Configure newsyslog for secure file permissions (/var/log/messages)CIS FreeBSD v1.0.5Unix

AUDIT AND ACCOUNTABILITY

6.1 Add nosuid option to /etc/fstabCIS FreeBSD v1.0.5Unix
6.3 Set sticky bit on world writable directoriesCIS FreeBSD v1.0.5Unix

ACCESS CONTROL

6.5 Find SUID and SGID files (/usr/bin)CIS FreeBSD v1.0.5Unix

ACCESS CONTROL

6.5 Find SUID and SGID files (/usr/compat/)CIS FreeBSD v1.0.5Unix

ACCESS CONTROL

7.4 Restrict at/cron to authorized users (/etc/crontab permissions)CIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

7.7 Prevent xdm from listening on port 6000/TCPCIS FreeBSD v1.0.5Unix

CONFIGURATION MANAGEMENT

Bottlerocket is installedCIS Bottlerocket L2Unix
Ensure dm-verity is configured - /dev/dm-0CIS Bottlerocket L1Unix
Ensure dm-verity is configured - restart_on_corruptionCIS Bottlerocket L1Unix
Ensure IPv4 default deny firewall policy - Chain FORWARDCIS Bottlerocket L2Unix
Ensure IPv4 loopback traffic is configured - Chain INPUT (127.0.0.0/8)CIS Bottlerocket L2Unix
Ensure IPv4 loopback traffic is configured - Chain INPUT (lo)CIS Bottlerocket L2Unix
Ensure IPv6 default deny firewall policy - Chain FORWARDCIS Bottlerocket L2Unix
Ensure IPv6 default deny firewall policy - Chain INPUTCIS Bottlerocket L2Unix
Ensure IPv6 loopback traffic is configured - Chain INPUT (::1)CIS Bottlerocket L2Unix
Ensure IPv6 loopback traffic is configured - Chain INPUT (lo)CIS Bottlerocket L2Unix
Ensure source routed packets are not accepted - net.ipv4.conf.all.accept_source_routeCIS Bottlerocket L2Unix
Ensure source routed packets are not accepted - net.ipv4.conf.default.accept_source_routeCIS Bottlerocket L2Unix