CSCv7|4

Title

Controlled Use of Administrative Privileges

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Use of Administrative Privileges

Audit Items

Name	Plugin	Audit Name
1.1 Ensure a separate user and group exist for Cassandra - group	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - group	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwd	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - passwd	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in group	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
1.1 Ensure a separate user and group exist for Cassandra - user exists in group	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
1.1.2 Ensure that the API server pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.6 Ensure that the scheduler pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.8 Ensure that the etcd pod specification file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.10 Ensure that the Container Network Interface file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.14 Ensure that the admin.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.16 Ensure that the scheduler.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.18 Ensure that the controller-manager.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 600 or more restrictive	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.3.1 Ensure sudo is installed	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.3.1 Ensure sudo is installed	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
1.3.2 Ensure sudo commands use pty	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.3.2 Ensure sudo commands use pty	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0
3.4 Ensure that Cassandra is run using a non-privileged, dedicated service account	Unix	CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0
3.4 Ensure that Cassandra is run using a non-privileged, dedicated service account	Unix	CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0
4.1.2 Ensure that the kubelet service file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
4.1.2 Ensure that the kubelet service file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
4.1.2 Ensure that the kubelet service file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
4.1.4 If proxy kubeconfig file exists ensure ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
4.1.6 Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
4.1.8 Ensure that the client certificate authorities file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
4.1.8 Ensure that the client certificate authorities file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
4.1.8 Ensure that the client certificate authorities file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
4.1.10 Ensure that the kubelet --config configuration file ownership is set to root:root	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker
4.1.10 If the kubelet config.yaml configuration file is being used validate file ownership is set to root:root	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker
4.1.10 If the kubelet config.yaml configuration file is being used validate file ownership is set to root:root	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker
5.2.1 Ensure sudo is installed	Unix	CIS CentOS 6 Workstation L1 v3.0.0

Detections

Analytics

CSCv7|4

Title

Reference Item Details

Audit Items