| /etc/group | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | |
| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1.3 Ensure nodev option set on /tmp partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.6 Ensure nosuid option set on /var partition | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.7 Ensure noexec option set on /var partition | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.9 Ensure nodev option set on /home partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.11 Ensure nosuid option set on /dev/shm partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.1.4 Ensure rsync service is not enabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or 'XML,EXTENDED' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 2.2.4 Ensure 'OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 2.2.12 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 2.2.15 Ensure '_trace_files_public' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.16 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.4 Ensure suspicious packets are logged | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.6 Ensure bogus ICMP responses are ignored | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.1 Ensure default deny firewall policy | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3 Ensure iptables is installed | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 4.1.1.2 Ensure Logging Service is Running | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.4 Ensure SSH Protocol is set to 2 | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.12 Ensure SSH PermitUserEnvironment is disabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.13 Ensure only strong Ciphers are used | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.1.2 Ensure minimum days between password changes is 7 or more | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1.5 Ensure all users last password change date is in the past | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.1 Ensure permissions on /etc/passwd are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.2 Ensure permissions on /etc/shadow are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.5 Ensure permissions on /etc/passwd- are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure permissions on /etc/gshadow- are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.10 Ensure users' dot files are not group or world writable | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.12 Ensure no users have .netrc files | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.16 Ensure no duplicate UIDs exist | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.17 Ensure no duplicate GIDs exist | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| banner text | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| banner text | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | |
| chronyd process user | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| iptables Chain OUTPUT | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| net.ipv4.conf.all.accept_redirects | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| net.ipv4.conf.all.secure_redirects | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| net.ipv4.conf.default.accept_redirects | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| net.ipv6.conf.all.accept_redirects | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| net.ipv6.conf.all.accept_source_route | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| on disk - net.ipv4.icmp_ignore_bogus_error_responses | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | |
| on disk - net.ipv4.tcp_syncookies | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | |
| passwdqc.conf - retry | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| passwdqc.conf - similar | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| running - net.ipv4.icmp_echo_ignore_broadcasts | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | |
| shadow password min days | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
| systemctl is-enabled fluent-bit | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | |
