BP28(R73)

Rule

Severity: Medium

Make the auditd Configuration Immutable

Rule

Severity: Medium

Record Events that Modify the System's Mandatory Access Controls

Rule

Severity: Medium

Ensure auditd Collects Information on Exporting to Media (successful)

Rule

Severity: Medium

Record Events that Modify the System's Network Environment

Rule

Severity: Medium

Record Attempts to Alter Process and Session Initiation Information

Rule

Severity: Medium

Ensure auditd Collects System Administrator Actions

Rule

Severity: Medium

Record Events that Modify User/Group Information - /etc/group

Rule

Severity: Medium

Record Events that Modify User/Group Information - /etc/gshadow

Rule

Severity: Medium

Record Events that Modify User/Group Information - /etc/security/opasswd

Rule

Severity: Medium

Record Events that Modify User/Group Information - /etc/passwd

Rule

Severity: Medium

Record Events that Modify User/Group Information - /etc/shadow

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - chmod

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - chown

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - fchmod

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - fchmodat

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - fchown

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - fchownat

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - fremovexattr

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - fsetxattr

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - lchown

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - lremovexattr

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - lsetxattr

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - removexattr

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - setxattr

Rule

Severity: Medium

Record Events that Modify the System's Discretionary Access Controls - umount2

Rule

Severity: Medium

Ensure auditd Collects File Deletion Events by User - rename

Rule

Severity: Medium

Ensure auditd Collects File Deletion Events by User - renameat

Rule

Severity: Medium

Ensure auditd Collects File Deletion Events by User - rmdir

Rule

Severity: Medium

Ensure auditd Collects File Deletion Events by User - unlink

Rule

Severity: Medium

Ensure auditd Collects File Deletion Events by User - unlinkat

Rule

Severity: Medium

Record Unsuccessful Access Attempts to Files - creat

Rule

Severity: Medium

Record Unsuccessful Access Attempts to Files - ftruncate

Rule

Severity: Medium

Record Unsuccessful Access Attempts to Files - open

Rule

Severity: Medium

Record Unsuccessful Access Attempts to Files - openat

Rule

Severity: Medium

Record Unsuccessful Access Attempts to Files - truncate

Rule

Severity: Medium

Ensure auditd Collects Information on Kernel Module Unloading - delete_module

Rule

Severity: Medium

Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module

Rule

Severity: Medium

Ensure auditd Collects Information on Kernel Module Loading - init_module

Rule

Severity: Medium

Record Attempts to Alter Logon and Logout Events - faillock

Rule

Severity: Medium

Record Attempts to Alter Logon and Logout Events - lastlog

Rule

Severity: Medium

Ensure auditd Collects Information on the Use of Privileged Commands

Rule

Severity: Medium

Ensure auditd Collects Information on the Use of Privileged Commands - insmod

Rule

Severity: Medium

Ensure auditd Collects Information on the Use of Privileged Commands - kmod

Rule

Severity: Medium

Ensure auditd Collects Information on the Use of Privileged Commands - modprobe

Rule

Severity: Medium

Ensure auditd Collects Information on the Use of Privileged Commands - rmmod

Rule

Severity: Medium

Record attempts to alter time through adjtimex

Rule

Severity: Medium

Record Attempts to Alter Time Through clock_settime

Rule

Severity: Medium

Record Attempts to Alter Time Through stime

Rule

Severity: Medium

Record Attempts to Alter the localtime File

Rule

Severity: Medium

Ensure the audit Subsystem is Installed

Rule

Severity: Medium

Enable auditd Service

Rule

Severity: Medium

Record Attempts to perform maintenance activities

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity

Modules