Capacity
CCI-000162
Protect audit information from unauthorized access.
30
Rule
Severity: Medium
Make the auditd Configuration Immutable
29
Rule
Severity: Medium
System Audit Logs Must Have Mode 0750 or Less Permissive
40
Rule
Severity: Medium
System Audit Logs Must Be Owned By Root
17
Rule
Severity: Medium
System Audit Logs Must Have Mode 0640 or Less Permissive
9
Rule
Severity: Medium
Configure immutable Audit login UIDs
6
Rule
Severity: Medium
System Audit Directories Must Be Group Owned By Root
6
Rule
Severity: Medium
System Audit Directories Must Be Owned By Root
11
Rule
Severity: Medium
System Audit Logs Must Be Group Owned By Root
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OAuth Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OpenShift Audit Logs Must Be Owned By Root
4
Rule
Severity: Medium
The Apache web server log files must only be accessible by privileged users.
2
Rule
Severity: Medium
The ALG must protect audit information from unauthorized read access.
2
Rule
Severity: Medium
The application server must protect log information from any type of unauthorized read access.
2
Rule
Severity: Medium
The application must protect audit information from any type of unauthorized read access.
1
Rule
Severity: Medium
The CA API Gateway must protect audit information from unauthorized read access.
2
Rule
Severity: Medium
The Central Log Server must protect audit information from any type of unauthorized read access.
1
Rule
Severity: Medium
The FortiGate firewall must protect traffic log records from unauthorized access while in transit to the central audit server.
1
Rule
Severity: Medium
The HP FlexFabric Switch must protect audit information from any type of unauthorized read access.
1
Rule
Severity: Medium
The DataPower Gateway must protect audit information from any type of unauthorized read access.
1
Rule
Severity: Medium
The audit information produced by DB2 must be protected from unauthorized read access.
1
Rule
Severity: Medium
The IBM Aspera Console must protect audit information from unauthorized read access.
1
Rule
Severity: Medium
IBM Aspera Faspex must protect audit information from unauthorized modification.
1
Rule
Severity: Medium
IBM Aspera Shares must protect audit information from unauthorized deletion.
1
Rule
Severity: Medium
The DataPower Gateway must protect audit information from unauthorized read access.
2
Rule
Severity: Medium
The WebSphere Liberty Server must log remote session and security activity.
2
Rule
Severity: Medium
The WebSphere Liberty Server must be configured to encrypt log information.
1
Rule
Severity: Low
The WebSphere Application Server must be configured to protect log information from any type of unauthorized read access.
1
Rule
Severity: Medium
CA VM:Secure product AUDIT file must be restricted to authorized personnel.
2
Rule
Severity: Medium
File permissions must be configured to protect log information from any type of unauthorized read access.
2
Rule
Severity: Medium
The Mainframe Product must protect audit information from any type of unauthorized read access.
2
Rule
Severity: Medium
The audit information produced by Azure SQL Database must be protected from unauthorized read access.
1
Rule
Severity: Medium
Exchange must have Audit data protected against unauthorized read access.
2
Rule
Severity: Medium
Exchange Audit data must be protected against unauthorized access (read access).
4
Rule
Severity: Medium
Exchange must protect audit data against unauthorized read access.
1
Rule
Severity: Medium
The audit information produced by SQL Server must be protected from unauthorized read access.
1
Rule
Severity: Medium
Nutanix AOS must protect log information from any type of unauthorized access.
1
Rule
Severity: Medium
Nutanix AOS must protect audit information from unauthorized access.
1
Rule
Severity: Medium
OHS log files must only be accessible by privileged users.
1
Rule
Severity: Low
Oracle WebLogic must protect audit information from any type of unauthorized read access.
2
Rule
Severity: Medium
Users requiring access to Prisma Cloud Compute's Credential Store must be assigned and accessed by the appropriate role holders.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must protect audit information from any type of unauthorized read access.
4
Rule
Severity: Medium
Splunk Enterprise installation directories must be secured.
2
Rule
Severity: Medium
The UEM server must protect audit information from any type of unauthorized read access.
1
Rule
Severity: Medium
Each NSX-T Edge Node configured to host a Tier-1 Gateway Firewall must be configured to use the TLS or LI-TLS protocols to configure and secure traffic log records.
1
Rule
Severity: Medium
The NSX-T Tier-0 Gateway Firewall must be configured to use the TLS or LI-TLS protocols to configure and secure communications with the central audit server.
2
Rule
Severity: Low
The VPN Gateway must protect log information from unauthorized read access if all or some of this data is stored locally.
2
Rule
Severity: Medium
$CATALINA_BASE/logs folder permissions must be set to 750.
2
Rule
Severity: Medium
Files in the $CATALINA_BASE/logs/ folder must have their permissions set to 640.
1
Rule
Severity: Medium
The macOS system must be configured so that log files must not contain access control lists (ACLs).
1
Rule
Severity: Medium
The macOS system must be configured so that log folders must not contain access control lists (ACLs).
4
Rule
Severity: Medium
The macOS system must be configured with audit log files owned by root.
4
Rule
Severity: Medium
The macOS system must be configured with audit log folders owned by root.
4
Rule
Severity: Medium
The macOS system must be configured with audit log files group-owned by wheel.
4
Rule
Severity: Medium
The macOS system must be configured with audit log folders group-owned by wheel.
4
Rule
Severity: Medium
The macOS system must be configured with audit log files set to mode 440 or less permissive.
4
Rule
Severity: Medium
The macOS system must be configured with audit log folders set to mode 700 or less permissive.
3
Rule
Severity: Medium
The macOS system must be configured so that log files do not contain access control lists (ACLs).
3
Rule
Severity: Medium
The macOS system must be configured so that log folders do not contain access control lists (ACLs).
2
Rule
Severity: Medium
The macOS system must configure audit log files to not contain access control lists.
2
Rule
Severity: Medium
The macOS system must configure audit log folders to not contain access control lists.
3
Rule
Severity: Medium
The macOS system must configure audit log files to be owned by root.
3
Rule
Severity: Medium
The macOS system must configure audit log folders to be owned by root.
2
Rule
Severity: Medium
The macOS system must configure audit log files group to wheel.
2
Rule
Severity: Medium
The macOS system must configure audit log folders group to wheel.
3
Rule
Severity: Medium
The macOS system must configure audit log files to mode 440 or less permissive.
3
Rule
Severity: Medium
The macOS system must configure audit log folders to mode 700 or less permissive.
3
Rule
Severity: Medium
The macOS system must be configured to audit all deletions of object attributes.
3
Rule
Severity: Medium
The macOS system must be configured to audit all changes of object attributes.
3
Rule
Severity: Medium
The macOS system must be configured to audit all failed read actions on the system.
3
Rule
Severity: Medium
The macOS system must be configured to audit all failed write actions on the system.
3
Rule
Severity: Medium
The macOS system must configure audit_control group to wheel.
3
Rule
Severity: Medium
The macOS system must configure audit_control owner to root.
2
Rule
Severity: Medium
The macOS system must configure audit_control to mode 440 or less permissive.
2
Rule
Severity: Medium
The macOS system must configure audit_control to not contain access control lists.
3
Rule
Severity: High
The macOS system must ensure System Integrity Protection is enabled.
1
Rule
Severity: Medium
The Ubuntu operating system must be configured so that audit log files cannot be read or write-accessible by unauthorized users.
1
Rule
Severity: Medium
The Ubuntu operating system must permit only authorized accounts ownership of the audit log files.
1
Rule
Severity: Medium
The Ubuntu operating system must permit only authorized groups to own the audit log files.
2
Rule
Severity: Medium
The Ubuntu operating system must be configured so that audit log files are not read or write-accessible by unauthorized users.
2
Rule
Severity: Medium
The Ubuntu operating system must be configured to permit only authorized users ownership of the audit log files.
2
Rule
Severity: Medium
The Ubuntu operating system must permit only authorized groups ownership of the audit log files.
4
Rule
Severity: Medium
The audit information produced by PostgreSQL must be protected from unauthorized read access.
2
Rule
Severity: Medium
The audit information produced by the DBMS must be protected from unauthorized read access.
2
Rule
Severity: Medium
The container platform must protect audit information from any type of unauthorized read access.
3
Rule
Severity: Medium
The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access.
2
Rule
Severity: Medium
The operating system must protect audit information from unauthorized read access.
2
Rule
Severity: Medium
Audit logs on the AIX system must be owned by root.
2
Rule
Severity: Medium
Audit logs on the AIX system must be group-owned by system.
2
Rule
Severity: Medium
Audit logs on the AIX system must be set to 660 or less permissive.
4
Rule
Severity: Medium
IBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.
2
Rule
Severity: Medium
IBM z/OS SMF collection files (i.e., SYS1.MANx) access must be limited to appropriate users and/or batch jobs that perform SMF dump processing.
2
Rule
Severity: Medium
The audit information produced by MarkLogic Server must be protected from unauthorized read access.
2
Rule
Severity: Medium
The audit information produced by MariaDB must be protected from unauthorized read access.
1
Rule
Severity: Medium
The audit information produced by MongoDB must be protected from unauthorized read access.
2
Rule
Severity: Medium
The audit information produced by MongoDB must be protected from unauthorized access.
2
Rule
Severity: Medium
Exchange audit data must be protected against unauthorized access (read access).
2
Rule
Severity: Medium
The audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.
2
Rule
Severity: Medium
Windows 10 permissions for the Application event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows 10 permissions for the Security event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows 10 permissions for the System event log must prevent access by non-privileged accounts.
4
Rule
Severity: Medium
The Manage auditing and security log user right must only be assigned to the Administrators group.
2
Rule
Severity: Medium
Windows 11 permissions for the Application event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows 11 permissions for the Security event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows 11 permissions for the System event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
The "Manage auditing and security log" user right must only be assigned to the Administrators group.
2
Rule
Severity: Medium
Permissions for the Application event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Permissions for the Security event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Permissions for the System event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows Server 2019 permissions for the Application event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows Server 2019 permissions for the Security event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows Server 2019 permissions for the System event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group.
2
Rule
Severity: Medium
Windows Server 2022 permissions for the Application event log must prevent access by nonprivileged accounts.
2
Rule
Severity: Medium
Windows Server 2022 permissions for the Security event log must prevent access by nonprivileged accounts.
2
Rule
Severity: Medium
Windows Server 2022 permissions for the System event log must prevent access by nonprivileged accounts.
2
Rule
Severity: Medium
Windows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group.
1
Rule
Severity: Medium
The DBMS must protect audit information from any type of unauthorized access.
2
Rule
Severity: Medium
The system must protect audit information from any type of unauthorized access.
2
Rule
Severity: Medium
The Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion.
2
Rule
Severity: Medium
OL 8 audit logs must have a mode of "0600" or less permissive to prevent unauthorized read access.
2
Rule
Severity: Medium
OL 8 audit logs must be owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
OL 8 audit logs must be group-owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
The OL 8 audit log directory must be owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
The OL 8 audit log directory must be group-owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
The OL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.
2
Rule
Severity: Medium
The OL 8 audit system must protect auditing rules from unauthorized change.
2
Rule
Severity: Medium
The OL 8 audit system must protect logon UIDs from unauthorized change.
2
Rule
Severity: Medium
The audit information produced by the MySQL Database Server 8.0 must be protected from unauthorized read access.
2
Rule
Severity: Medium
Automation Controller's log files must be accessible by explicitly defined privilege.
2
Rule
Severity: Medium
The audit information produced by Redis Enterprise DBMS must be protected from unauthorized read access.
2
Rule
Severity: Medium
OpenShift must protect audit logs from any type of unauthorized access.
2
Rule
Severity: Medium
OpenShift must protect system journal file from any type of unauthorized access by setting file permissions.
2
Rule
Severity: Medium
OpenShift must protect system journal file from any type of unauthorized access by setting owner permissions.
2
Rule
Severity: Medium
OpenShift must protect log directory from any type of unauthorized access by setting file permissions.
2
Rule
Severity: Medium
OpenShift must protect log directory from any type of unauthorized access by setting owner permissions.
2
Rule
Severity: Medium
OpenShift must protect pod log files from any type of unauthorized access by setting owner permissions.
2
Rule
Severity: Medium
RHEL 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 8 audit logs must be owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 8 audit log directory must be owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 8 audit system must protect auditing rules from unauthorized change.
2
Rule
Severity: Medium
RHEL 8 audit system must protect logon UIDs from unauthorized change.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion.
4
Rule
Severity: Medium
The SUSE operating system must protect audit rules from unauthorized modification.
2
Rule
Severity: Medium
RHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 9 audit log directory must be owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.
2
Rule
Severity: Medium
RHEL 9 audit system must protect logon UIDs from unauthorized change.
2
Rule
Severity: Medium
RHEL 9 audit system must protect auditing rules from unauthorized change.
4
Rule
Severity: Medium
The operating system must protect audit information from unauthorized access.
2
Rule
Severity: Medium
The VMM must protect audit information from unauthorized read access.
1
Rule
Severity: Medium
VAMI log files must only be accessible by privileged users.
1
Rule
Severity: Medium
Performance Charts log files must only be modifiable by privileged users.
1
Rule
Severity: Medium
Lookup Service log files must only be accessible by privileged users.
1
Rule
Severity: Medium
The Photon operating system audit log must have correct permissions.
3
Rule
Severity: Medium
The vCenter ESX Agent Manager service logs folder permissions must be set correctly.
1
Rule
Severity: Medium
The VMware Postgres database must protect log files from unauthorized access and modification.
3
Rule
Severity: Medium
The vCenter Lookup service logs folder permissions must be set correctly.
1
Rule
Severity: Medium
vSphere UI log files must only be accessible by privileged users.
3
Rule
Severity: Medium
The vCenter Perfcharts service logs folder permissions must be set correctly.
3
Rule
Severity: Medium
The Photon operating system must protect audit logs from unauthorized access.
3
Rule
Severity: Medium
The vCenter PostgreSQL service must be configured to protect log files from unauthorized access.
3
Rule
Severity: Medium
The vCenter STS service logs folder permissions must be set correctly.
3
Rule
Severity: Medium
The vCenter UI service must protect logs from unauthorized access.
3
Rule
Severity: Medium
The vCenter VAMI service log files must only be accessible by privileged users.
2
Rule
Severity: Medium
Web server log files must only be accessible by privileged users.
1
Rule
Severity: Medium
The BIG-IP appliance must be configured to protect audit information from any type of unauthorized read access.
1
Rule
Severity: Medium
The BIG-IP Core implementation must be configured to protect audit information from unauthorized read access.
1
Rule
Severity: Medium
The macOS system must configure audit log files to not contain access control lists (ACLs).
1
Rule
Severity: Medium
The macOS system must configure the audit log folder to not contain access control lists (ACLs).
1
Rule
Severity: Medium
The macOS system must configure the audit log files group to wheel.
1
Rule
Severity: Medium
The macOS system must configure the audit log folders group to wheel.
1
Rule
Severity: Medium
The macOS system must configure audit_control owner to mode 440 or less permissive.
1
Rule
Severity: Medium
The macOS system must configure audit_control to not contain access control lists (ACLs).
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must be configured so that audit log files are not read- or write-accessible by unauthorized users.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must be configured to permit only authorized users ownership of the audit log files.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must permit only authorized groups ownership of the audit log files.
1
Rule
Severity: Medium
The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized read access.
1
Rule
Severity: Medium
SLEM 5 must protect audit rules from unauthorized modification.
1
Rule
Severity: Medium
TOSS audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit logs must be owned by user root to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit logs must be owned by group root to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit log directory must be owned by user root to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit log directory must be owned by group root to prevent unauthorized read access.
1
Rule
Severity: Medium
The TOSS audit system must protect auditing rules from unauthorized change.
1
Rule
Severity: Medium
The TOSS audit system must protect logon UIDs from unauthorized change.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules