1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | CONFIGURATION MANAGEMENT |
1.7.6 Do not admit root containers | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | CONFIGURATION MANAGEMENT |
1.7.7 Do not admit containers with dangerous capabilities | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | CONFIGURATION MANAGEMENT |
2.1 Ensure that IP addresses are mapped to usernames - Zones | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
2.1.6 Ensure that the --protect-kernel-defaults argument is set to true | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.1 Ensure that the kubelet.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.3 Ensure that the kubelet service file permissions are set to 644 or more restrictive | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.5 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.6 Ensure that the proxy kubeconfig file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
2.2.8 Ensure that the client certificate authorities file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
2.4 Configure TCP Wrappers - Make sure that /etc/hosts.allow does exist. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
2.4.4 Disable Printer Sharing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
2.22 Disable Mounting of hfsplus Filesystems | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
3.1 Verify that docker.service file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.2 Verify that docker.service file permissions are set to 644 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.4 Ensure that docker.socket file permissions are set to 644 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.10 Ensure that TLS CA certificate file permissions are set to 444 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.14 Verify that docker-storage environment file permissions are set to 644 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.17 Ensure that daemon.json file ownership is set to root:root | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.20 Ensure that /etc/default/docker file permissions are set to 644 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
3.22 Verify that Docker server certificate file permissions are set to 444 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
4.2 Enable 'Show Wi-Fi status in menu bar' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
6.1.3 Disable SSH X11 Forwarding - Check if X11Forwarding is set to no and not commented for the server. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
6.2 Turn on filename extensions | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
6.3 Disable X11 Forwarding for SSH - X11Forwarding = no | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
6.5 Configure Network Time Protocol (NTP) - restrict -4 default kod nomodify notrap nopeer noquery | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
7.1 (L1) Ensure 'Cookies and website data' is set to 'Allow from websites I visit' | CIS MacOS Safari v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
7.1 Ensure that key file permissions are set correctly | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
7.2 Ensure that database file permissions are set correctly | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
8.2.4 Create and Set Permissions on rsyslog Log Files - /var/log/mail | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
8.2.4 Create and Set Permissions on rsyslog Log Files - /var/log/mail.err | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
8.2.4 Create and Set Permissions on rsyslog Log Files - /var/log/mail.info | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
8.2.4 Create and Set Permissions on rsyslog Log Files - /var/log/messages | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
9.1.2 Set User/Group Owner and Permission on /etc/crontab | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
9.1.3 Set User/Group Owner and Permission on /etc/cron.hourly | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
9.1.6 Set User/Group Owner and Permission on /etc/cron.monthly | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
9.7 Check Permissions on User Home Directories | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
9.7 Check Permissions on User Home Directories - Should Be Mode 750 or More Restrictive | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
9.9 Check Permissions on User .netrc Files | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
9.12 Check That Users Are Assigned Home Directories | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
9.13 Check That Defined Home Directories Exist | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
9.14 Check User Home Directory Ownership | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
11.1 Set Warning Banner for Standard Login Services - /etc/issue permissions | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
11.2 Remove OS Information from Login Warning Banners - /etc/issue.net | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
13.6 Ensure root PATH Integrity - .tcshrc | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
13.13 Check User Home Directory Ownership | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
IBM i : Automatic Device Configuration (QAUTOCFG) - '0' | IBM System i Security Reference for V7R3 | AS/400 | CONFIGURATION MANAGEMENT |
IBM i : Force Conversion on Restore (QFRCCVNRST) - '>=3' | IBM System i Security Reference for V7R2 | AS/400 | CONFIGURATION MANAGEMENT |
IBM i : Remote Service Attribute (QRMTSRVATR) - '0' | IBM System i Security Reference for V7R2 | AS/400 | CONFIGURATION MANAGEMENT |