Capacity
R73
29
Rule
Severity: Medium
Ensure the audit Subsystem is Installed
31
Rule
Severity: Medium
Enable auditd Service
29
Rule
Severity: Medium
Make the auditd Configuration Immutable
29
Rule
Severity: Medium
Record Events that Modify the System's Mandatory Access Controls
29
Rule
Severity: Medium
Ensure auditd Collects Information on Exporting to Media (successful)
29
Rule
Severity: Medium
Record Events that Modify the System's Network Environment
29
Rule
Severity: Medium
Record Attempts to Alter Process and Session Initiation Information
29
Rule
Severity: Medium
Ensure auditd Collects System Administrator Actions
22
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/group
21
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
22
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
22
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
22
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
15
Rule
Severity: Medium
Record Attempts to perform maintenance activities
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chmod
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chown
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmod
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmodat
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchown
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchownat
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fremovexattr
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lchown
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lremovexattr
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - removexattr
28
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - setxattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - umount2
28
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rename
28
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - renameat
28
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rmdir
28
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlink
28
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlinkat
22
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - creat
22
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - ftruncate
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open
22
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - openat
22
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - truncate
22
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
23
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
21
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading - init_module
20
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - faillock
23
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - lastlog
28
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - kmod
29
Rule
Severity: Medium
Record attempts to alter time through adjtimex
29
Rule
Severity: Medium
Record Attempts to Alter Time Through clock_settime
28
Rule
Severity: Medium
Record Attempts to Alter Time Through stime
28
Rule
Severity: Medium
Record Attempts to Alter the localtime File
10
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - insmod
10
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - modprobe
10
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - rmmod
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules