Detections
Analytics

Item Search

NameAudit NamePluginCategory
/etc/audit/rules.d/*.rulesCIS Amazon Linux 2 v3.0.0 L2Unix
/etc/audit/rules.d/*.rules b64CIS Amazon Linux 2 v3.0.0 L2Unix
/etc/default/grubCIS Amazon Linux 2 v3.0.0 L2Unix
/etc/hostsCIS Amazon Linux 2 v3.0.0 L2Unix
/usr/bin/kmodCIS Amazon Linux 2 v3.0.0 L2Unix
1.1.2.7.1 Ensure separate partition exists for /var/log/auditCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

2.3.2 Ensure ldap client is not installedCIS Amazon Linux 2 v3.0.0 L2Unix

CONFIGURATION MANAGEMENT

3.2.3 Ensure rds kernel module is not availableCIS Amazon Linux 2 v3.0.0 L2Unix

CONFIGURATION MANAGEMENT

4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswdCIS Aliyun Linux 2 L2 v1.0.0Unix

AUDIT AND ACCOUNTABILITY

4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/networkCIS Aliyun Linux 2 L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

4.1.6 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.netCIS Aliyun Linux 2 L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

4.1.6 Ensure events that modify the system's network environment are collected - sethostname (64-bit)CIS Aliyun Linux 2 L2 v1.0.0Unix

CONFIGURATION MANAGEMENT

4.1.8 Ensure login and logout events are collected - /var/log/faillogCIS Aliyun Linux 2 L2 v1.0.0Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

4.1.9 Ensure session initiation information is collected - /var/log/btmpCIS Aliyun Linux 2 L2 v1.0.0Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

4.1.9 Ensure session initiation information is collected - auditctl /var/log/wtmpCIS Aliyun Linux 2 L2 v1.0.0Unix

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

4.3.4 Ensure users must provide password for escalationCIS Amazon Linux 2 v3.0.0 L2Unix

ACCESS CONTROL

5.2.1.2 Ensure auditing for processes that start prior to auditd is enabledCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.2.4 Ensure system warns when audit logs are low on spaceCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.3.3 Ensure events that modify the sudo log file are collectedCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.3.6 Ensure use of privileged commands are collectedCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.3.7 Ensure unsuccessful file access attempts are collectedCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.3.9 Ensure discretionary access control permission modification events are collectedCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.3.13 Ensure file deletion events by users are collectedCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.3.21 Ensure the running and on disk configuration is the sameCIS Amazon Linux 2 v3.0.0 L2Unix

AUDIT AND ACCOUNTABILITY

5.2.4.3 Ensure only authorized users own audit log filesCIS Amazon Linux 2 v3.0.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.7 Ensure audit configuration files belong to group rootCIS Amazon Linux 2 v3.0.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2.4.9 Ensure audit tools are owned by rootCIS Amazon Linux 2 v3.0.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/bashrcCIS Aliyun Linux 2 L2 v1.0.0Unix

ACCESS CONTROL

6.1.1 Audit system file permissionsCIS Aliyun Linux 2 L2 v1.0.0Unix

ACCESS CONTROL

audit-libs installedCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl /etc/issue.netCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl /etc/sudoers.dCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl b32 fchmodatCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl b32 lremovexattrCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl b32 sethostnameCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl b64 chmodCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl b64 EACCESCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl b64 fsetxattrCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl btmpCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl create_module b64CIS Amazon Linux 2 v3.0.0 L2Unix
auditctl lastlogCIS Amazon Linux 2 v3.0.0 L2Unix
auditctl query_module b64CIS Amazon Linux 2 v3.0.0 L2Unix
auditctl sudo logCIS Amazon Linux 2 v3.0.0 L2Unix
b32CIS Amazon Linux 2 v3.0.0 L2Unix
b32 chmodCIS Amazon Linux 2 v3.0.0 L2Unix
b32 unlinkCIS Amazon Linux 2 v3.0.0 L2Unix
b64 fchmodatCIS Amazon Linux 2 v3.0.0 L2Unix
b64 lchownCIS Amazon Linux 2 v3.0.0 L2Unix
Per repository configurationCIS Amazon Linux 2 v3.0.0 L2Unix
Verify if the audit log files are owned by the root or adm groupCIS Amazon Linux 2 v3.0.0 L2Unix