| 2.2.1.2 Ensure ntp is configured - daemon | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Ensure ntp is configured - restrict -4 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.14 Ensure HTTP Proxy Server is not enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.16 Ensure mail transfer agent is configured for local-only mode | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.19 Ensure rsh server is not enabled - rlogin.socket | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.19 Ensure rsh server is not enabled - rsh.socket | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.20 Ensure telnet server is not enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.3.3 Ensure talk client is not installed | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl.conf /etc/sysctl.d/* net.ipv4.conf.default.send_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - /etc/sysctl.conf /etc/sysctl.d/* net.ipv4.conf.all.accept_source_route = 0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl.conf /etc/sysctl.d/* net.ipv4.conf.all.accept_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv6.conf.all.accept_redirects=0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.5 Ensure broadcast ICMP requests are ignored - /etc/sysctl.conf /etc/sysctl.d/* | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.7 Ensure Reverse Path Filtering is enabled - /etc/sysctl.conf /etc/sysctl.d/* net.ipv4.conf.all.rp_filter = 1 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.9 Ensure IPv6 router advertisements are not accepted - /etc/sysctl.conf /etc/sysctl.d/* net.ipv6.conf.default.accept_ra = 0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.4 Ensure permissions on /etc/hosts.allow are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3.1 Ensure IPv6 default deny firewall policy - Chain FORWARD | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.3.1 Ensure IPv6 default deny firewall policy - Chain INPUT | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.2.2 Ensure logging is configured - '*.*;mail.none;news.none -/var/log/messages' | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | |
| 4.2.2.2 Ensure logging is configured - 'mail.info -/var/log/mail.info' | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | |
| 4.2.2.4 Ensure rsyslog is configured to send logs to a remote log host | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.3.3 Ensure syslog-ng default file permissions configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.3.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserver | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.4 Ensure permissions on /etc/cron.daily are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.deny does not exist | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.9 Ensure SSH MaxAuthTries is set to 4 or less | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.2.10 Ensure SSH IgnoreRhosts is enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.18 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.2.19 Ensure SSH LoginGraceTime is set to one minute or less | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.20 Ensure SSH access is limited | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.1 Ensure password creation requirements are configured - system-auth retry=3 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.4 Ensure password hashing algorithm is SHA-512 - system-auth | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.1 Ensure password expiration is 365 days or less - users | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.3 Ensure default group for the root account is GID 0 | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | ACCESS CONTROL |
| 6.1.2 Ensure permissions on /etc/passwd are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.5 Ensure permissions on /etc/gshadow are configured | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.14 Audit SGID executables | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group - + entries exist in /etc/group | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.11 Ensure no users have .forward files | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.17 Ensure no duplicate GIDs exist | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.18 Ensure no duplicate user names exist | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-65-000033 - The password hashes stored on the ESXi host must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm. | DISA STIG VMware vSphere ESXi OS 6.5 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes. | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - The password hashes must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - '/etc/shadow' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm - '/etc/shadow' | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| Old format ModLoad imtcp | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | |
| rsyslog check - enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | |
