1.1.10 Ensure nodev option set on /dev/shm partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
1.2.1 Ensure dm-verity is enabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
1.6 Ensure AppArmor is installed | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
3.1.1 Ensure packet redirect sending is disabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
3.2.1 Ensure source routed packets are not accepted | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.1.1 Ensure IPv6 default deny firewall policy | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION |
3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
4.1.3 Ensure permissions on all logfiles are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Network" Packages | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "SQL Injection Helper" Packages | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
5.1.2 Ensure permissions on SSH private host key files are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on "Non-default" Packages | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
5.1.7 Ensure SSH MaxAuthTries is set to 4 or less | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
5.1.10 Ensure SSH root login is disabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL |
5.1.11 Ensure SSH PermitEmptyPasswords is disabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
5.1.18 Ensure SSH warning banner is configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
5.1.20 Ensure SSH AllowTcpForwarding is disabled | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
5.1.22 Ensure SSH MaxSessions is set to 4 or less | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
5.2.1 Ensure password creation requirements are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
5.2.9 Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
5.2.14 Ensure 'GRANT ANY OBJECT PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
5.3.1.2 Ensure minimum days between password changes is 7 or more | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
5.3.3 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
5.3.4 Ensure AUDIT_ADMIN' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
5.3.4 Ensure default user umask is 027 or more restrictive | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
5.5 Ensure access to the su command is restricted | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.1.5 Ensure permissions on /etc/passwd- are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.1.8 Ensure permissions on /etc/gshadow- are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
6.2.1 Ensure the 'CREATE USER' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
6.2.6 Ensure root PATH Integrity | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
6.2.9 Ensure the 'CREATE PROFILE' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
6.2.10 Ensure the 'ALTER PROFILE' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
6.2.14 Ensure the 'DROP DATABASE LINK' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
6.2.16 Ensure the 'ALTER SYNONYM' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
6.2.20 Ensure the 'CREATE PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
6.2.21 Ensure the 'ALTER PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
6.2.22 Ensure the 'DROP PROCEDURE/FUNCTION/PACKAGE/PACKAGE BODY' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
6.2.24 Ensure the 'CREATE TRIGGER' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |