Skip to content
Log In

CCI-000126

Specify the organization-defined event types (subset of the event types defined in AU-2a) along with the frequency of (or situation requiring logging for each identified event type.

Ensure auditd Collects System Administrator Actions

34 rules found Severity: Medium

Logo

Enable auditd Service

8 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - chmod

7 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - chown

7 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fchmod

7 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fchmodat

7 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fchown

7 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fchownat

7 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fsetxattr

7 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - lchown

7 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - lsetxattr

7 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - setxattr

7 rules found Severity: Medium

Logo

Record Attempts to Alter Logon and Logout Events - faillock

6 rules found Severity: Medium

Logo

Record Attempts to Alter Logon and Logout Events - lastlog

7 rules found Severity: Medium

Logo

Record Attempts to Alter Logon and Logout Events - tallylog

6 rules found Severity: Medium

Logo

Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces

5 rules found

Logo

Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default

5 rules found

Logo

The Red Hat Enterprise Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must generate audit records for all unsuccessful account access events.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must generate audit records for all successful account access events.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.

1 rule found Severity: Medium

Logo