Skip to content
ATO Pathways
  Log In

CCI-000126

Specify the organization-defined event types (subset of the event types defined in AU-2a) along with the frequency of (or situation requiring logging for each identified event type.

Logo
30

Rule

Severity: Medium
Enable auditd Service
Logo
29

Rule

Severity: Medium
Ensure auditd Collects System Administrator Actions
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chmod
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chown
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmod
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmodat
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchown
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchownat
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lchown
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
Logo
29

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - setxattr
Logo
20

Rule

Severity: Unknown
Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces
Logo
20

Rule

Severity: Unknown
Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default
Logo
20

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events - faillock
Logo
23

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events - lastlog
Logo
21

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events - tallylog
Logo
2

Rule

Severity: Medium
The Oracle Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must generate audit records for all unsuccessful account access events.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must generate audit records for all successful account access events.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules