| 1.1.2 Ensure /tmp is configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.9 Disable Automounting | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | MEDIA PROTECTION |
| 1.1.9 Disable Automounting | CIS CentOS Linux 8 Workstation L2 v2.0.0 | Unix | MEDIA PROTECTION |
| 1.2.3 Ensure gpgcheck is globally activated | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1 Ensure AIDE is installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.4.2 Ensure authentication required for single user mode - emergency.service | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5 (L1) Host integrated hardware management controller must be secure | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.7 Ensure GDM disabling automatic mounting of removable media is not overridden | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | MEDIA PROTECTION |
| 2.1.1.2 Ensure ntp is configured - restrict -6 | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.3 Ensure Avahi Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.5 Ensure DHCP Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure LDAP server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.8 Ensure DNS Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.10 Ensure HTTP server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.12 Ensure Samba is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.13 Ensure HTTP Proxy Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.14 Ensure SNMP Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.15 Ensure mail transfer agent is configured for local-only mode | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rlogin.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rsh.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure telnet server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.21 Ensure talk server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv4.conf.all.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv4.conf.default.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv4.conf.all.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv4.conf.default.accept_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv6.conf.all.accept_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl.conf sysctl.d net.ipv6.conf.default.accept_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.3 Ensure secure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.secure_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.4 Ensure suspicious packets are logged - sysctl net.ipv4.conf.all.log_martians | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - sysctl.conf sysctl.d net.ipv4.conf.default.log_martians | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.7 Ensure Reverse Path Filtering is enabled - sysctl.conf sysctl.d net.ipv4.conf.all.rp_filter | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.all.accept_ra | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.2 Ensure SCTP is disabled - grep modprobe.d | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.3 Ensure RDS is disabled - modprobe | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.1 Ensure default deny firewall policy - Chain INPUT | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.3 Ensure outbound and established connections are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARD | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.4 Ensure IPv6 firewall rules exist for all open ports | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.allow | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.deny | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.4 Ensure permissions on SSH public host key files are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.14 Ensure SSH Idle Timeout Interval is configured - ClientAliveCountMax | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.16 Ensure that strong Key Exchange algorithms are used | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.19 Ensure SSH warning banner is configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth required pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| Login: SSH is enabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
