/etc/audit/rules.d/*.rules b32 | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
/etc/group | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
/etc/gshadow | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
/etc/sudoers | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
/etc/sudoers.d | CIS Amazon Linux 2 v3.0.0 L2 | Unix | |
1.1.1.7 Ensure udf kernel module is not available | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
1.1.2.5.1 Ensure separate partition exists for /var/tmp | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
1.1.7 Ensure separate partition exists for /var/tmp | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
2.1.5 - MobileIron - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
2.2.20 Ensure X window server services are not in use | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
3.2 Ensure 'debug' is turned off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
3.3 Ensure custom error messages are not off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
3.5 Ensure ASP.NET stack tracing is not enabled - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.12 Ensure Server Header is removed - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
4.1.1.3 Ensure audit logs are not automatically deleted | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.5 Ensure events that modify user/group information are collected - /etc/security/opasswd | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network-scripts | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.6 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.6 Ensure events that modify the system's network environment are collected - auditctl /etc/issue | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.8 Ensure login and logout events are collected - /var/log/faillock | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
4.1.9 Ensure session initiation information is collected - auditctl /var/run/utmp | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.10 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
4.1.13 Ensure successful file system mounts are collected - (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.14 Ensure file deletion events by users are collected - auditctl (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.16 Ensure system administrator actions (sudolog) are collected | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.1.17 Ensure kernel module loading and unloading is collected - auditctl insmod | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
4.2 Ensure 'maxURL request filter' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
4.4 Ensure non-ASCII characters in URLs are not allowed - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
4.5.3.1 Ensure nologin is not listed in /etc/shells | CIS Amazon Linux 2 v3.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
5.2.1.1 Ensure audit is installed | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.18 Ensure successful and unsuccessful attempts to use the usermod command are recorded | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.3.19 Ensure kernel module loading unloading and modification is collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
5.2.6 Ensure SSH X11 forwarding is disabled | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
7.1 Ensure HSTS Header is set - Sites | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
18.2.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
18.2.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
18.2.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
GEN005512 - The SSH client must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
OS is 64 bit | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | |
SLES-12-010210 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs). | DISA SLES 12 STIG v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
SLES-15-010260 - The SUSE operating system must employ FIPS 140-2 approved cryptographic hashing algorithm for system authentication (login.defs). | DISA SLES 15 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
Verify .net extensibility is installed - ASPNET45 | CIS IIS 10 v1.2.1 Level 2 | Windows | |
Verify .net extensibility is installed - NetFxExtensibility45 | CIS IIS 10 v1.2.1 Level 2 | Windows | |