diff --git a/code/linux/audit/autofs-service.yaml b/code/linux/audit/autofs-service.yaml index a152c96809e..7c4027f1429 100644 --- a/code/linux/audit/autofs-service.yaml +++ b/code/linux/audit/autofs-service.yaml @@ -16,7 +16,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu + tags: cis,local,cisecurity,audit,linux,ubuntu self-contained: true diff --git a/code/linux/audit/avahi-daemon.yaml b/code/linux/audit/avahi-daemon.yaml index 70c8c2cf6dd..49fc21900ea 100644 --- a/code/linux/audit/avahi-daemon.yaml +++ b/code/linux/audit/avahi-daemon.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu + tags: cis,local,cisecurity,audit,linux,ubuntu self-contained: true diff --git a/code/linux/audit/dhcp-server.yaml b/code/linux/audit/dhcp-server.yaml index c505a880d63..59d30f219d5 100644 --- a/code/linux/audit/dhcp-server.yaml +++ b/code/linux/audit/dhcp-server.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu + tags: cis,local,cisecurity,audit,linux,ubuntu self-contained: true diff --git a/code/linux/audit/dns-server.yaml b/code/linux/audit/dns-server.yaml index 10aef07ecd6..24e49b520dd 100644 --- a/code/linux/audit/dns-server.yaml +++ b/code/linux/audit/dns-server.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu + tags: cis,local,cisecurity,audit,linux,ubuntu self-contained: true diff --git a/code/linux/audit/dns-zone-transfer-any.yaml b/code/linux/audit/dns-zone-transfer-any.yaml index 80d7cc25323..335bd90719b 100644 --- a/code/linux/audit/dns-zone-transfer-any.yaml +++ b/code/linux/audit/dns-zone-transfer-any.yaml @@ -8,7 +8,7 @@ info: DNS Zone Transfer configured with "allow-transfer { any; };" allowed unrestricted zone transfers.This exposed sensitive details like hostnames, network structure, and system data that attackers could use for reconnaissance and further attacks. reference: - https://isms.kisa.or.kr - tags: linux,kisa,audit,compliance + tags: linux,local,kisa,audit,compliance self-contained: true diff --git a/code/linux/audit/dnsmasq-service.yaml b/code/linux/audit/dnsmasq-service.yaml index 1c3c85c4721..95a052ed9bc 100644 --- a/code/linux/audit/dnsmasq-service.yaml +++ b/code/linux/audit/dnsmasq-service.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu + tags: cis,local,cisecurity,audit,linux,ubuntu self-contained: true diff --git a/code/linux/audit/finger-service-enabled.yaml b/code/linux/audit/finger-service-enabled.yaml index cedfc74683a..9886aba8b62 100644 --- a/code/linux/audit/finger-service-enabled.yaml +++ b/code/linux/audit/finger-service-enabled.yaml @@ -8,7 +8,7 @@ info: The Finger service was enabled on the system and exposed user account details to unauthorized users, which could have been used in password-based attacks or user enumeration.It was checked in both xinetd and systemd environments. reference: - https://isms.kisa.or.kr - tags: linux,code,audit,compliance,kisas + tags: linux,local,code,audit,compliance,kisas self-contained: true diff --git a/code/linux/audit/ftp-client.yaml b/code/linux/audit/ftp-client.yaml index 91b0c12a651..b6ad4e9693a 100644 --- a/code/linux/audit/ftp-client.yaml +++ b/code/linux/audit/ftp-client.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,ftp + tags: cis,local,cisecurity,audit,linux,ubuntu,ftp self-contained: true diff --git a/code/linux/audit/ftp-server.yaml b/code/linux/audit/ftp-server.yaml index e799f840359..7fbaa2a49d2 100644 --- a/code/linux/audit/ftp-server.yaml +++ b/code/linux/audit/ftp-server.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu + tags: cis,local,cisecurity,audit,linux,ubuntu self-contained: true diff --git a/code/linux/audit/home-env-permission.yaml b/code/linux/audit/home-env-permission.yaml index dc7bf182bcd..a33f345a1a1 100644 --- a/code/linux/audit/home-env-permission.yaml +++ b/code/linux/audit/home-env-permission.yaml @@ -8,7 +8,7 @@ info: Shell startup and environment files (e.g., .bashrc, .bash_profile, .bash_logout) were not owned by the user or root and had insecure write permissions.Malicious users could manipulate environment variables or inject commands. reference: - https://isms.kisa.or.kr - tags: linux,audit,compliance,kisa + tags: linux,local,audit,compliance,kisa self-contained: true diff --git a/code/linux/audit/inactive-password-lock-default.yaml b/code/linux/audit/inactive-password-lock-default.yaml index 466b6fd80fb..2120e94cc87 100644 --- a/code/linux/audit/inactive-password-lock-default.yaml +++ b/code/linux/audit/inactive-password-lock-default.yaml @@ -12,7 +12,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,password + tags: cis,local,cisecurity,audit,linux,ubuntu,password self-contained: true diff --git a/code/linux/audit/ldap-client.yaml b/code/linux/audit/ldap-client.yaml index 9fd899580af..a8961a731d3 100644 --- a/code/linux/audit/ldap-client.yaml +++ b/code/linux/audit/ldap-client.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,ldap + tags: cis,local,cisecurity,audit,linux,ubuntu,ldap self-contained: true diff --git a/code/linux/audit/ldap-server.yaml b/code/linux/audit/ldap-server.yaml index 783db1e0f02..21cef693b83 100644 --- a/code/linux/audit/ldap-server.yaml +++ b/code/linux/audit/ldap-server.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu + tags: cis,local,cisecurity,audit,linux,ubuntu self-contained: true diff --git a/code/linux/audit/linux-anonymous-ftp-enabled.yaml b/code/linux/audit/linux-anonymous-ftp-enabled.yaml index 63dec7cf730..b1272baf156 100644 --- a/code/linux/audit/linux-anonymous-ftp-enabled.yaml +++ b/code/linux/audit/linux-anonymous-ftp-enabled.yaml @@ -10,7 +10,7 @@ info: - https://isms.kisa.or.kr metadata: verified: true - tags: linux,kisa,audit,ftp,anonymous,local + tags: linux,local,kisa,audit,ftp,anonymous,local self-contained: true diff --git a/code/linux/audit/linux-rexec-service.yaml b/code/linux/audit/linux-rexec-service.yaml index 7423ef61750..d70b1419fa1 100644 --- a/code/linux/audit/linux-rexec-service.yaml +++ b/code/linux/audit/linux-rexec-service.yaml @@ -8,7 +8,7 @@ info: Assessed the operational status of the rexec service on the system.Running rexec could have allowed unauthorized users to gain access or extract sensitive information, representing a significant security risk. reference: - https://isms.kisa.or.kr - tags: linux,audit,kisa,compliance + tags: linux,local,audit,kisa,compliance self-contained: true diff --git a/code/linux/audit/linux-rhosts-hostsequiv-misconfig.yaml b/code/linux/audit/linux-rhosts-hostsequiv-misconfig.yaml index c9da0de892d..0e5b3cf1116 100644 --- a/code/linux/audit/linux-rhosts-hostsequiv-misconfig.yaml +++ b/code/linux/audit/linux-rhosts-hostsequiv-misconfig.yaml @@ -9,7 +9,7 @@ info: reference: - https://isms.kisa.or.kr - https://linux.die.net/man/5/hosts.equiv - tags: linux,audit,kisa,compliance + tags: linux,local,audit,kisa,compliance self-contained: true diff --git a/code/linux/audit/linux-rlogin-service.yaml b/code/linux/audit/linux-rlogin-service.yaml index 7680863ae16..da0c51a7e4f 100644 --- a/code/linux/audit/linux-rlogin-service.yaml +++ b/code/linux/audit/linux-rlogin-service.yaml @@ -8,7 +8,7 @@ info: Assessed the operational status of the rlogin service on the system.Running rlogin could have allowed unauthorized users to gain access or extract sensitive information, representing a significant security risk. reference: - https://isms.kisa.or.kr - tags: linux,audit,kisa,compliance + tags: linux,local,audit,kisa,compliance self-contained: true diff --git a/code/linux/audit/linux-rsh-service.yaml b/code/linux/audit/linux-rsh-service.yaml index b9c89d8efe8..5301a2babda 100644 --- a/code/linux/audit/linux-rsh-service.yaml +++ b/code/linux/audit/linux-rsh-service.yaml @@ -8,7 +8,7 @@ info: Assessed the operational status of the rsh service on the system.Running rsh could have allowed unauthorized users to gain access or extract sensitive information, representing a significant security risk. reference: - https://isms.kisa.or.kr - tags: linux,audit,kisa,compliance + tags: linux,local,audit,kisa,compliance self-contained: true diff --git a/code/linux/audit/linux-world-writable-file.yaml b/code/linux/audit/linux-world-writable-file.yaml index 3f843af363c..b0159f00e49 100644 --- a/code/linux/audit/linux-world-writable-file.yaml +++ b/code/linux/audit/linux-world-writable-file.yaml @@ -8,7 +8,7 @@ info: System files were configured with world-writable (chmod o+w) permissions.Malicious users could modify them, leading to privilege escalation, backdoors, or service disruption. reference: - https://isms.kisa.or.kr - tags: linux,audit,compliance,kisa + tags: linux,local,audit,compliance,kisa self-contained: true diff --git a/code/linux/audit/message-access-server.yaml b/code/linux/audit/message-access-server.yaml index 1eb9ea0457c..724475d3234 100644 --- a/code/linux/audit/message-access-server.yaml +++ b/code/linux/audit/message-access-server.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu + tags: cis,local,cisecurity,audit,linux,ubuntu self-contained: true diff --git a/code/linux/audit/nfs-daemon-service.yaml b/code/linux/audit/nfs-daemon-service.yaml index 559ae7da7be..1b7c50ea9ea 100644 --- a/code/linux/audit/nfs-daemon-service.yaml +++ b/code/linux/audit/nfs-daemon-service.yaml @@ -8,7 +8,7 @@ info: Assessed the status of the NFS service daemon. A running NFS service may expose the system to unauthorized access, modification, or deletion of files; it is recommended to disable the daemon when not explicitly required. reference: - https://isms.kisa.or.kr - tags: linux,audit,kisa,compliance + tags: linux,local,audit,kisa,compliance self-contained: true diff --git a/code/linux/audit/nfs-insecure-exports.yaml b/code/linux/audit/nfs-insecure-exports.yaml index d5279079d79..2d822be2ed4 100644 --- a/code/linux/audit/nfs-insecure-exports.yaml +++ b/code/linux/audit/nfs-insecure-exports.yaml @@ -8,7 +8,7 @@ info: Verified whether access control was properly configured on NFS.Highlighted possibilities such as allowing all hosts, no_root_squash, or unrestricted all_squash that could let unauthorized users access shared directories. reference: - https://isms.kisa.or.kr - tags: linux,audit,kisa,compliance + tags: linux,local,audit,kisa,compliance self-contained: true diff --git a/code/linux/audit/nis-client.yaml b/code/linux/audit/nis-client.yaml index bfe096b417e..22365ce147c 100644 --- a/code/linux/audit/nis-client.yaml +++ b/code/linux/audit/nis-client.yaml @@ -13,7 +13,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,nis + tags: cis,local,cisecurity,audit,linux,ubuntu,nis self-contained: true diff --git a/code/linux/audit/password-expiration.yaml b/code/linux/audit/password-expiration.yaml index 6838d9d9409..60196b865ef 100644 --- a/code/linux/audit/password-expiration.yaml +++ b/code/linux/audit/password-expiration.yaml @@ -12,7 +12,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,password + tags: cis,local,cisecurity,audit,linux,ubuntu,password self-contained: true diff --git a/code/linux/audit/password-min-days.yaml b/code/linux/audit/password-min-days.yaml index faef7660505..c88cff24de2 100644 --- a/code/linux/audit/password-min-days.yaml +++ b/code/linux/audit/password-min-days.yaml @@ -12,7 +12,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,password + tags: cis,local,cisecurity,audit,linux,ubuntu,password self-contained: true diff --git a/code/linux/audit/password-warn-age.yaml b/code/linux/audit/password-warn-age.yaml index 397b8064eee..2e2695a0e47 100644 --- a/code/linux/audit/password-warn-age.yaml +++ b/code/linux/audit/password-warn-age.yaml @@ -12,7 +12,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,password + tags: cis,local,cisecurity,audit,linux,ubuntu,password self-contained: true diff --git a/code/linux/audit/rsh-client.yaml b/code/linux/audit/rsh-client.yaml index 4c33dcab694..02ee7437560 100644 --- a/code/linux/audit/rsh-client.yaml +++ b/code/linux/audit/rsh-client.yaml @@ -1,4 +1,4 @@ -id: ssh-rsh-client +id: rsh-client info: name: Ensure rsh Client is Not Installed @@ -12,7 +12,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,rsh + tags: cis,local,cisecurity,audit,linux,ubuntu,rsh self-contained: true diff --git a/code/linux/audit/smtp-open-relay.yaml b/code/linux/audit/smtp-open-relay.yaml index 6e241eb18b2..2a1b80c7013 100644 --- a/code/linux/audit/smtp-open-relay.yaml +++ b/code/linux/audit/smtp-open-relay.yaml @@ -8,7 +8,7 @@ info: Sendmail and Postfix were checked for proper restrictions against unauthorized relay attempts. Improper configurations allowed attackers to abuse the server for spam or denial-of-service (DoS) attacks. reference: - https://isms.kisa.or.kr - tags: linux,kisa,audit,compliance + tags: linux,local,kisa,audit,compliance self-contained: true diff --git a/code/linux/audit/ssh-gssapiauthentication-disabled.yaml b/code/linux/audit/ssh-gssapiauthentication-disabled.yaml index e465ce28c6f..06c2e5a9b99 100644 --- a/code/linux/audit/ssh-gssapiauthentication-disabled.yaml +++ b/code/linux/audit/ssh-gssapiauthentication-disabled.yaml @@ -12,7 +12,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,ssh,linux,audit,ubuntu,benchmark + tags: cis,local,ssh,linux,audit,ubuntu,benchmark self-contained: true diff --git a/code/linux/audit/ssh-hostbasedauth-disabled.yaml b/code/linux/audit/ssh-hostbasedauth-disabled.yaml index be87da376bf..825ff365da6 100644 --- a/code/linux/audit/ssh-hostbasedauth-disabled.yaml +++ b/code/linux/audit/ssh-hostbasedauth-disabled.yaml @@ -13,7 +13,7 @@ info: - https://docs.datadoghq.com/security/default_rules/def-000-fqw/ metadata: verified: true - tags: cis,ssh,linux,audit,ubuntu,benchmark + tags: cis,local,ssh,linux,audit,ubuntu,benchmark self-contained: true diff --git a/code/linux/audit/strong-password-hashing.yaml b/code/linux/audit/strong-password-hashing.yaml index 7893a7ce612..7d74e569ac2 100644 --- a/code/linux/audit/strong-password-hashing.yaml +++ b/code/linux/audit/strong-password-hashing.yaml @@ -12,7 +12,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,password + tags: cis,local,cisecurity,audit,linux,ubuntu,password self-contained: true diff --git a/code/linux/audit/syslog-rsyslog-permission.yaml b/code/linux/audit/syslog-rsyslog-permission.yaml index f40ede68f81..1e727d6cd21 100644 --- a/code/linux/audit/syslog-rsyslog-permission.yaml +++ b/code/linux/audit/syslog-rsyslog-permission.yaml @@ -8,7 +8,7 @@ info: The /etc/syslog.conf or /etc/rsyslog.conf file was not owned by root or had insecure permissions,allowing attackers to manipulate logging settings to evade detection. reference: - https://isms.kisa.or.kr - tags: linux,kisa,audit,compliance + tags: linux,local,kisa,audit,compliance self-contained: true diff --git a/code/linux/audit/talk-client.yaml b/code/linux/audit/talk-client.yaml index 2f2a25dd470..577d7367166 100644 --- a/code/linux/audit/talk-client.yaml +++ b/code/linux/audit/talk-client.yaml @@ -12,7 +12,7 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,talk + tags: cis,local,cisecurity,audit,linux,ubuntu,talk self-contained: true diff --git a/code/linux/audit/tcpwrapper-access.yaml b/code/linux/audit/tcpwrapper-access.yaml index 3adc8f39198..8474a326e54 100644 --- a/code/linux/audit/tcpwrapper-access.yaml +++ b/code/linux/audit/tcpwrapper-access.yaml @@ -8,7 +8,7 @@ info: Checked if IP and port restrictions were properly applied using TCP Wrapper (/etc/hosts.allow and /etc/hosts.deny). Reported systems as vulnerable if unrestricted remote access (e.g. Telnet, RSH, SSH) was possible. reference: - https://isms.kisa.or.kr - tags: linux,audit,kisa,compliance + tags: linux,local,audit,kisa,compliance self-contained: true diff --git a/code/linux/audit/telnet-client.yaml b/code/linux/audit/telnet-client.yaml index d012f938c00..11c3e8e8ebf 100644 --- a/code/linux/audit/telnet-client.yaml +++ b/code/linux/audit/telnet-client.yaml @@ -12,12 +12,13 @@ info: - https://www.cisecurity.org/benchmark/ubuntu_linux metadata: verified: true - tags: cis,cisecurity,audit,linux,ubuntu,telnet + tags: cis,local,cisecurity,audit,linux,ubuntu,telnet self-contained: true code: - engine: + - sh - bash args: diff --git a/code/linux/audit/tftp-service-enabled.yaml b/code/linux/audit/tftp-service-enabled.yaml index 49be59137c6..b88d75ba7b6 100644 --- a/code/linux/audit/tftp-service-enabled.yaml +++ b/code/linux/audit/tftp-service-enabled.yaml @@ -8,7 +8,7 @@ info: The tftp service was rarely needed and contained known vulnerabilities that could have been targeted by attackers.It was checked to confirm that the tftp service was properly disabled in the xinetd configuration. reference: - https://isms.kisa.or.kr - tags: linux,code,audit,compliance,kisas + tags: linux,local,code,audit,compliance,kisas self-contained: true diff --git a/code/linux/audit/weak-password-complexity.yaml b/code/linux/audit/weak-password-complexity.yaml index 426f818743b..413353c08f2 100644 --- a/code/linux/audit/weak-password-complexity.yaml +++ b/code/linux/audit/weak-password-complexity.yaml @@ -10,7 +10,7 @@ info: - https://isms.kisa.or.kr/main/csap/notice/ metadata: verified: true - tags: linux,audit,kisa,compliance,local + tags: linux,local,audit,kisa,compliance,local self-contained: true