Item Search

NameAudit NamePluginCategory
1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictiveCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.1.4 Ensure noexec option set on /tmp partitionCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.1.4 Ensure noexec option set on /tmp partitionCIS Red Hat Enterprise Linux 7 v4.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.3.1 Ensure separate partition exists for /homeCIS Red Hat EL8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.1 Ensure separate partition exists for /varCIS Red Hat EL8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.4.2 Ensure nodev option set on /var partitionCIS Red Hat Enterprise Linux 7 v4.0.0 L1 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.1 Ensure separate partition exists for /var/tmpCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.5.3 Ensure nosuid option set on /var/tmp partitionCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.2 Ensure nodev option set on /var/log partitionCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.2 Ensure nodev option set on /var/log partitionCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.3 Ensure nosuid option set on /var/log partitionCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.6.4 Ensure noexec option set on /var/log partitionCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.2.7.3 Ensure nosuid option set on /var/log/audit partitionCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.1.11 Ensure that the etcd data directory permissions are set to 700 or more restrictiveCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, MEDIA PROTECTION

1.1.13 Ensure that the kubeconfig file permissions are set to 600 or more restrictiveCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, MEDIA PROTECTION

1.2.10 Ensure that the admission control plugin AlwaysAdmit is not setCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, MEDIA PROTECTION

1.2.11 Ensure that the admission control plugin AlwaysPullImages is not setCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, MEDIA PROTECTION

1.2.25 Ensure that the --service-account-lookup argument is set to trueCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, MEDIA PROTECTION

1.5.1.1 Ensure SELinux is installedCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.5.1.2 Ensure SELinux is not disabled in bootloader configurationCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.5.1.2 Ensure SELinux is not disabled in bootloader configurationCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.5.1.3 Ensure SELinux policy is configuredCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.5.1.3 Ensure SELinux policy is configuredCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.5.1.5 Ensure the SELinux mode is enforcingCIS Red Hat EL8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

1.7.4 Ensure access to /etc/motd is configuredCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

2.1 Ensure the file permissions mask is correctCIS PostgreSQL 13 OS v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

2.1 Ensure the file permissions mask is correctCIS PostgreSQL 16 OS v1.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.1.1.3 Ensure permissions on /etc/cron.hourly are configuredCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.2.2 Ensure that the --anonymous-auth argument is set to falseCIS RedHat OpenShift Container Platform v1.6.0 L1OpenShift

ACCESS CONTROL, MEDIA PROTECTION

4.2.3 Ensure permissions on SSH public host key files are configuredCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.3.7 Ensure access to the su command is restrictedCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure Row Level Security (RLS) is configured correctlyCIS PostgreSQL 16 DB v1.0.0PostgreSQLDB

ACCESS CONTROL, MEDIA PROTECTION

4.5.2.3 Ensure system accounts are securedCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.5.2.3 Ensure system accounts are securedCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.5.2.4 Ensure root password is setCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.1 Ensure the audit log directory is 0750 or more restrictiveCIS Red Hat EL8 Server L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.2 Ensure audit log files are mode 0640 or less permissiveCIS Red Hat EL8 Server L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.4 Ensure only authorized groups are assigned ownership of audit log filesCIS Red Hat EL8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.6 Ensure audit configuration files are owned by rootCIS Red Hat EL8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.10 Ensure audit tools belong to group rootCIS Red Hat EL8 Workstation L2 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.1 Ensure permissions on /etc/passwd are configuredCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.3 Ensure permissions on /etc/opasswd are configuredCIS Red Hat EL8 Workstation L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

6.1.4 Ensure permissions on /etc/group are configuredCIS Red Hat EL8 Server L1 v3.0.0Unix

ACCESS CONTROL, MEDIA PROTECTION

6.3.4.2 Ensure audit log files mode is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L2 WorkstationUnix

ACCESS CONTROL, MEDIA PROTECTION

6.3.4.3 Ensure audit log files owner is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.3.4.6 Ensure audit configuration files owner is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.3.4.8 Ensure audit tools mode is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

6.3.4.9 Ensure audit tools owner is configuredCIS Red Hat Enterprise Linux 9 v2.0.0 L2 ServerUnix

ACCESS CONTROL, MEDIA PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION

7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not existCIS Palo Alto Firewall 9 v1.1.0 L1Palo_Alto

ACCESS CONTROL, MEDIA PROTECTION