Capacity
CCI-000164
Protect audit information from unauthorized deletion.
30
Rule
Severity: Medium
Make the auditd Configuration Immutable
29
Rule
Severity: Medium
System Audit Logs Must Have Mode 0750 or Less Permissive
40
Rule
Severity: Medium
System Audit Logs Must Be Owned By Root
17
Rule
Severity: Medium
System Audit Logs Must Have Mode 0640 or Less Permissive
9
Rule
Severity: Medium
Configure immutable Audit login UIDs
6
Rule
Severity: Medium
System Audit Directories Must Be Group Owned By Root
6
Rule
Severity: Medium
System Audit Directories Must Be Owned By Root
11
Rule
Severity: Medium
System Audit Logs Must Be Group Owned By Root
1
Rule
Severity: Medium
Kubernetes Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OAuth Audit Logs Must Be Owned By Root
1
Rule
Severity: Medium
OpenShift Audit Logs Must Be Owned By Root
2
Rule
Severity: Medium
Verify that Local Logs of the audit Daemon are not World-Readable
2
Rule
Severity: Medium
The log information from the Apache web server must be protected from unauthorized deletion and modification.
2
Rule
Severity: Medium
The ALG must protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The application server must protect log information from unauthorized deletion.
2
Rule
Severity: High
The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
2
Rule
Severity: Medium
The application must protect audit information from unauthorized deletion.
1
Rule
Severity: Medium
The CA API Gateway must protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized deletion.
2
Rule
Severity: Medium
The Central Log Server must protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The firewall must protect the traffic log from unauthorized deletion of local log files and log records.
1
Rule
Severity: Medium
The FortiGate device must protect audit information from unauthorized deletion.
1
Rule
Severity: High
The FortiGate firewall must protect the traffic log from unauthorized deletion of local log files and log records.
1
Rule
Severity: Medium
The HP FlexFabric Switch must protect audit information from unauthorized deletion.
1
Rule
Severity: Medium
The HYCU server must protect audit information from unauthorized deletion.
1
Rule
Severity: Medium
The audit information produced by DB2 must be protected from unauthorized deletion.
1
Rule
Severity: Medium
The IBM Aspera Console must protect audit information from unauthorized read access.
1
Rule
Severity: Medium
IBM Aspera Faspex must protect audit information from unauthorized modification.
1
Rule
Severity: Medium
IBM Aspera Shares must protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The WebSphere Liberty Server must protect log information from unauthorized access or changes.
1
Rule
Severity: Medium
The WebSphere Application Server must protect log information from unauthorized deletion.
1
Rule
Severity: Medium
CA VM:Secure product AUDIT file must be restricted to authorized personnel.
2
Rule
Severity: Medium
File permissions must be configured to protect log information from unauthorized deletion.
2
Rule
Severity: Medium
The Juniper router must be configured to protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The Mainframe Product must protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The audit information produced by Azure SQL Database must be protected from unauthorized deletion.
1
Rule
Severity: Medium
Exchange must have audit data protected against unauthorized deletion.
4
Rule
Severity: Medium
Exchange must protect audit data against unauthorized deletion.
4
Rule
Severity: Medium
Exchange audit data must be protected against unauthorized access for deletion.
1
Rule
Severity: Medium
The audit information produced by SQL Server must be protected from unauthorized deletion.
2
Rule
Severity: Medium
The network device must protect audit information from unauthorized deletion.
1
Rule
Severity: Medium
Nutanix AOS must protect log information from any type of unauthorized access.
1
Rule
Severity: Medium
Nutanix AOS must protect audit information from unauthorized access.
1
Rule
Severity: Medium
The log information from OHS must be protected from unauthorized deletion.
2
Rule
Severity: High
The Riverbed NetProfiler must be configured to authenticate each administrator prior to authorizing privileges based on roles.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must protect audit information from unauthorized deletion.
4
Rule
Severity: Medium
Splunk Enterprise installation directories must be secured.
2
Rule
Severity: Medium
The UEM server must protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The VPN Gateway must protect audit information from unauthorized deletion when stored locally.
2
Rule
Severity: Medium
The log information from the Apache web server must be protected from unauthorized modification or deletion.
2
Rule
Severity: Medium
Jar files in the $CATALINA_HOME/bin/ folder must have their permissions set to 640.
4
Rule
Severity: Medium
The macOS system must be configured with audit log folders set to mode 700 or less permissive.
2
Rule
Severity: Medium
The macOS system must configure audit log files to not contain access control lists.
2
Rule
Severity: Medium
The macOS system must configure audit log folders to not contain access control lists.
3
Rule
Severity: Medium
The macOS system must configure audit log files to be owned by root.
3
Rule
Severity: Medium
The macOS system must configure audit log folders to be owned by root.
2
Rule
Severity: Medium
The macOS system must configure audit log files group to wheel.
2
Rule
Severity: Medium
The macOS system must configure audit log folders group to wheel.
3
Rule
Severity: Medium
The macOS system must configure audit log files to mode 440 or less permissive.
3
Rule
Severity: Medium
The macOS system must configure audit log folders to mode 700 or less permissive.
3
Rule
Severity: Medium
The macOS system must be configured to audit all deletions of object attributes.
3
Rule
Severity: Medium
The macOS system must be configured to audit all changes of object attributes.
3
Rule
Severity: Medium
The macOS system must configure audit_control group to wheel.
3
Rule
Severity: Medium
The macOS system must configure audit_control owner to root.
2
Rule
Severity: Medium
The macOS system must configure audit_control to mode 440 or less permissive.
2
Rule
Severity: Medium
The macOS system must configure audit_control to not contain access control lists.
3
Rule
Severity: High
The macOS system must ensure System Integrity Protection is enabled.
3
Rule
Severity: Medium
The Ubuntu operating system must be configured so that the audit log directory is not write-accessible by unauthorized users.
1
Rule
Severity: Medium
The Ubuntu operating system must allow only authorized accounts to own the audit log directory.
1
Rule
Severity: Medium
The Ubuntu operating system must ensure only authorized groups can own the audit log directory and its underlying files.
4
Rule
Severity: Medium
The audit information produced by PostgreSQL must be protected from unauthorized deletion.
4
Rule
Severity: Medium
The Cisco router must be configured to protect audit information from unauthorized deletion.
4
Rule
Severity: Medium
The Cisco switch must be configured to protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The audit information produced by the DBMS must be protected from unauthorized deletion.
2
Rule
Severity: Medium
The container platform must protect audit information from unauthorized deletion.
3
Rule
Severity: Medium
The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion.
2
Rule
Severity: Medium
The operating system must protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
Audit logs on the AIX system must be owned by root.
2
Rule
Severity: Medium
Audit logs on the AIX system must be group-owned by system.
2
Rule
Severity: Medium
Audit logs on the AIX system must be set to 660 or less permissive.
4
Rule
Severity: Medium
IBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.
2
Rule
Severity: Medium
IBM z/OS SMF collection files (i.e., SYS1.MANx) access must be limited to appropriate users and/or batch jobs that perform SMF dump processing.
2
Rule
Severity: High
The ICS must be configured to prevent nonprivileged users from executing privileged functions.
2
Rule
Severity: Medium
The Juniper EX switch must be configured to protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The audit information produced by MarkLogic Server must be protected from unauthorized deletion.
2
Rule
Severity: Medium
The audit information produced by MariaDB must be protected from unauthorized deletion.
1
Rule
Severity: Medium
The audit information produced by MongoDB must be protected from unauthorized read access.
2
Rule
Severity: Medium
CAS and policy configuration files must be backed up.
2
Rule
Severity: Medium
The audit information produced by MongoDB must be protected from unauthorized access.
2
Rule
Severity: Medium
The log information from the IIS 10.0 web server must be protected from unauthorized modification or deletion.
2
Rule
Severity: Medium
The audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.
2
Rule
Severity: Medium
Windows 10 permissions for the Application event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows 10 permissions for the Security event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows 10 permissions for the System event log must prevent access by non-privileged accounts.
4
Rule
Severity: Medium
The Manage auditing and security log user right must only be assigned to the Administrators group.
2
Rule
Severity: Medium
Permissions for the Application event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Permissions for the Security event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Permissions for the System event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows Server 2019 permissions for the Application event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows Server 2019 permissions for the Security event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows Server 2019 permissions for the System event log must prevent access by non-privileged accounts.
2
Rule
Severity: Medium
Windows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group.
2
Rule
Severity: Medium
Windows Server 2022 permissions for the Application event log must prevent access by nonprivileged accounts.
2
Rule
Severity: Medium
Windows Server 2022 permissions for the Security event log must prevent access by nonprivileged accounts.
2
Rule
Severity: Medium
Windows Server 2022 permissions for the System event log must prevent access by nonprivileged accounts.
2
Rule
Severity: Medium
Windows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group.
1
Rule
Severity: Medium
The DBMS must protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The system must protect audit information from unauthorized deletion.
2
Rule
Severity: Medium
The Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion.
2
Rule
Severity: Medium
OL 8 audit logs must have a mode of "0600" or less permissive to prevent unauthorized read access.
2
Rule
Severity: Medium
OL 8 audit logs must be owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
OL 8 audit logs must be group-owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
The OL 8 audit log directory must be owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
The OL 8 audit log directory must be group-owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
The OL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.
2
Rule
Severity: Medium
The OL 8 audit system must protect auditing rules from unauthorized change.
2
Rule
Severity: Medium
The OL 8 audit system must protect logon UIDs from unauthorized change.
2
Rule
Severity: Medium
The audit information produced by the MySQL Database Server 8.0 must be protected from unauthorized deletion.
2
Rule
Severity: Medium
Automation Controller's log files must be accessible by explicitly defined privilege.
2
Rule
Severity: Medium
The audit information produced by Redis Enterprise DBMS must be protected from unauthorized deletion.
2
Rule
Severity: Medium
OpenShift must protect audit information from unauthorized modification.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion.
4
Rule
Severity: Medium
The SUSE operating system must protect audit rules from unauthorized modification.
2
Rule
Severity: Medium
RHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 9 audit log directory must be owned by root to prevent unauthorized read access.
2
Rule
Severity: Medium
RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.
2
Rule
Severity: Medium
RHEL 9 audit system must protect logon UIDs from unauthorized change.
2
Rule
Severity: Medium
RHEL 9 audit system must protect auditing rules from unauthorized change.
2
Rule
Severity: Medium
The VMM must protect audit information from unauthorized deletion.
1
Rule
Severity: Medium
Remote logging for ESXi hosts must be configured.
1
Rule
Severity: Medium
VAMI log files must only be accessible by privileged users.
1
Rule
Severity: Medium
Performance Charts log files must only be modifiable by privileged users.
1
Rule
Severity: Medium
ESX Agent Manager log files must only be modifiable by privileged users.
1
Rule
Severity: Medium
Lookup Service log files must only be accessible by privileged users.
1
Rule
Severity: Medium
The Photon operating system audit log must be group-owned by root.
3
Rule
Severity: Medium
The vCenter ESX Agent Manager service logs folder permissions must be set correctly.
1
Rule
Severity: Medium
The VMware Postgres database must protect log files from unauthorized access and modification.
1
Rule
Severity: Medium
Security Token Service log files must only be modifiable by privileged users.
3
Rule
Severity: Medium
The vCenter Lookup service logs folder permissions must be set correctly.
1
Rule
Severity: Medium
vSphere UI log files must only be accessible by privileged users.
3
Rule
Severity: Medium
The vCenter Perfcharts service logs folder permissions must be set correctly.
3
Rule
Severity: Medium
The Photon operating system must protect audit logs from unauthorized access.
3
Rule
Severity: Medium
The vCenter PostgreSQL service must be configured to protect log files from unauthorized access.
3
Rule
Severity: Medium
The vCenter STS service logs folder permissions must be set correctly.
3
Rule
Severity: Medium
The vCenter UI service must protect logs from unauthorized access.
3
Rule
Severity: Medium
The vCenter VAMI service log files must only be accessible by privileged users.
2
Rule
Severity: Medium
The log information from the web server must be protected from unauthorized deletion.
1
Rule
Severity: Medium
The BIG-IP appliance must be configured to protect audit information from unauthorized deletion.
1
Rule
Severity: Medium
The BIG-IP Core implementation must be configured to protect audit information from unauthorized deletion.
1
Rule
Severity: Medium
The macOS system must configure audit log files to not contain access control lists (ACLs).
1
Rule
Severity: Medium
The macOS system must configure the audit log folder to not contain access control lists (ACLs).
1
Rule
Severity: Medium
The macOS system must configure the audit log files group to wheel.
1
Rule
Severity: Medium
The macOS system must configure the audit log folders group to wheel.
1
Rule
Severity: Medium
The macOS system must be configured to audit all failed read actions on the system.
1
Rule
Severity: Medium
The macOS system must be configured to audit all failed write actions on the system.
1
Rule
Severity: Medium
The macOS system must configure audit_control owner to mode 440 or less permissive.
1
Rule
Severity: Medium
The macOS system must configure audit_control to not contain access control lists (ACLs).
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must be configured to permit only authorized users ownership of the audit log files.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must permit only authorized groups ownership of the audit log files.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must be configured so that the audit log directory is not write-accessible by unauthorized users.
1
Rule
Severity: Medium
The Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized deletion.
1
Rule
Severity: Medium
SLEM 5 must protect audit rules from unauthorized modification.
1
Rule
Severity: Medium
TOSS audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit logs must be owned by user root to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit logs must be owned by group root to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit log directory must be owned by user root to prevent unauthorized read access.
1
Rule
Severity: Medium
TOSS audit log directory must be owned by group root to prevent unauthorized read access.
1
Rule
Severity: Medium
The TOSS audit system must protect auditing rules from unauthorized change.
1
Rule
Severity: Medium
The TOSS audit system must protect logon UIDs from unauthorized change.
1
Rule
Severity: High
The NSX Manager must assign users/accounts to organization-defined roles configured with approved authorizations.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules