Capacity
CCI-001495
Protect audit tools from unauthorized deletion.
20
Rule
Severity: High
Verify and Correct File Permissions with RPM
29
Rule
Severity: Medium
Verify that System Executable Have Root Ownership
29
Rule
Severity: Medium
Verify that System Executable Directories Have Restrictive Permissions
6
Rule
Severity: Medium
Audit Tools Must Be Group-owned by Root
6
Rule
Severity: Medium
Audit Tools Must Be Owned by Root
2
Rule
Severity: Medium
Verify Permissions of Local Logs of audit Tools
2
Rule
Severity: Medium
Verify that system commands directories are group owned by root
2
Rule
Severity: Medium
The ALG must protect audit tools from unauthorized deletion.
2
Rule
Severity: Medium
The application server must protect log tools from unauthorized deletion.
2
Rule
Severity: Medium
The application must protect audit tools from unauthorized deletion.
2
Rule
Severity: Medium
The Central Log Server must protect audit tools from unauthorized deletion.
1
Rule
Severity: Medium
The HYCU server must protect audit tools from unauthorized access, modification, and deletion.
1
Rule
Severity: Medium
The DataPower Gateway must protect audit tools from unauthorized deletion.
1
Rule
Severity: Medium
DB2 must protect its audit features from unauthorized removal.
1
Rule
Severity: Medium
The IBM Aspera Console feature audit tools must be protected from unauthorized modification or deletion.
1
Rule
Severity: Medium
The WebSphere Application Server wsadmin file must be protected from unauthorized deletion.
1
Rule
Severity: Medium
The IBM z/VM AUDT and Journal Mini Disks must be restricted to the appropriate system administrators.
2
Rule
Severity: Medium
The Mainframe Product must protect audit tools from unauthorized deletion.
2
Rule
Severity: Medium
The audit information produced by Azure SQL Database must be protected from unauthorized deletion.
1
Rule
Severity: Medium
SQL Server and the operating system must protect SQL Server audit features from unauthorized removal.
2
Rule
Severity: Medium
The network device must protect audit tools from unauthorized deletion.
1
Rule
Severity: Medium
Nutanix AOS audit tools must be group-owned by root.
1
Rule
Severity: Medium
Oracle WebLogic must protect audit tools from unauthorized deletion.
2
Rule
Severity: High
The Riverbed NetProfiler must be configured to authenticate each administrator prior to authorizing privileges based on roles.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must protect audit tools from unauthorized deletion.
4
Rule
Severity: Medium
Splunk Enterprise installation directories must be secured.
1
Rule
Severity: Medium
The Tanium Server must protect audit tools from unauthorized access, modification, or deletion.
4
Rule
Severity: Medium
The Tanium application must prohibit user installation, modification, or deletion of software without explicit privileged status.
1
Rule
Severity: Medium
The Tanium application must prohibit user installation of software without explicit privileged status.
2
Rule
Severity: Medium
$CATALINA_HOME/bin folder permissions must be set to 750.
1
Rule
Severity: Medium
The macOS system must enable System Integrity Protection.
3
Rule
Severity: High
The macOS system must enable System Integrity Protection.
2
Rule
Severity: Medium
The macOS system must configure audit log files to not contain access control lists.
2
Rule
Severity: Medium
The macOS system must configure audit log folders to not contain access control lists.
3
Rule
Severity: Medium
The macOS system must enable security auditing.
3
Rule
Severity: Medium
The macOS system must configure audit log files to be owned by root.
3
Rule
Severity: Medium
The macOS system must configure audit log folders to be owned by root.
2
Rule
Severity: Medium
The macOS system must configure audit log files group to wheel.
2
Rule
Severity: Medium
The macOS system must configure audit log folders group to wheel.
3
Rule
Severity: Medium
The macOS system must configure audit log files to mode 440 or less permissive.
3
Rule
Severity: Medium
The macOS system must configure audit log folders to mode 700 or less permissive.
3
Rule
Severity: Medium
The macOS system must be configured to audit all deletions of object attributes.
3
Rule
Severity: Medium
The macOS system must be configured to audit all changes of object attributes.
3
Rule
Severity: Medium
The macOS system must configure audit_control group to wheel.
3
Rule
Severity: Medium
The macOS system must configure audit_control owner to root.
2
Rule
Severity: Medium
The macOS system must configure audit_control to mode 440 or less permissive.
2
Rule
Severity: Medium
The macOS system must configure audit_control to not contain access control lists.
3
Rule
Severity: High
The macOS system must ensure System Integrity Protection is enabled.
1
Rule
Severity: Medium
The Ubuntu operating system must configure audit tools with a mode of 0755 or less permissive.
2
Rule
Severity: Medium
The Ubuntu operating system must have directories that contain system commands set to a mode of 0755 or less permissive.
2
Rule
Severity: Medium
The Ubuntu operating system must have directories that contain system commands owned by root.
2
Rule
Severity: Medium
The Ubuntu operating system must have directories that contain system commands group-owned by root.
4
Rule
Severity: Medium
PostgreSQL must protect its audit features from unauthorized removal.
2
Rule
Severity: Medium
The container platform must protect audit tools from unauthorized deletion.
3
Rule
Severity: Medium
The EDB Postgres Advanced Server must protect its audit features from unauthorized removal.
2
Rule
Severity: Medium
The DBMS must protect its audit features from unauthorized removal.
6
Rule
Severity: Medium
The operating system must protect audit tools from unauthorized deletion.
2
Rule
Severity: Medium
AIX audit tools must be owned by root.
2
Rule
Severity: Medium
AIX audit tools must be group-owned by audit.
2
Rule
Severity: Medium
AIX audit tools must be set to 4550 or less permissive.
4
Rule
Severity: Medium
IBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.
2
Rule
Severity: Medium
IBM z/OS SMF collection files (i.e., SYS1.MANx) access must be limited to appropriate users and/or batch jobs that perform SMF dump processing.
2
Rule
Severity: High
The ICS must be configured to prevent nonprivileged users from executing privileged functions.
2
Rule
Severity: Medium
MarkLogic Server must protect its audit features from unauthorized removal.
2
Rule
Severity: Medium
MariaDB must protect its audit features from unauthorized removal.
3
Rule
Severity: Medium
MongoDB must protect its audit features from unauthorized access.
2
Rule
Severity: Medium
Event Viewer must be protected from unauthorized modification and deletion.
2
Rule
Severity: Medium
Windows Server 2019 Event Viewer must be protected from unauthorized modification and deletion.
2
Rule
Severity: Medium
Windows Server 2022 Event Viewer must be protected from unauthorized modification and deletion.
1
Rule
Severity: Medium
The DBMS must protect audit tools from unauthorized deletion.
2
Rule
Severity: Medium
The system must protect audit tools from unauthorized deletion.
2
Rule
Severity: Medium
OL 8 audit tools must be owned by root.
2
Rule
Severity: Medium
OL 8 audit tools must be group-owned by root.
2
Rule
Severity: Medium
The MySQL Database Server 8.0 must protect its audit features from unauthorized removal.
2
Rule
Severity: Medium
Automation Controller's log files must be accessible by explicitly defined privilege.
2
Rule
Severity: Medium
Redis Enterprise DBMS must protect its audit features from unauthorized removal.
2
Rule
Severity: Medium
OpenShift must protect audit tools from unauthorized access.
4
Rule
Severity: Medium
The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access.
2
Rule
Severity: Medium
RHEL 9 must use cryptographic mechanisms to protect the integrity of audit tools.
2
Rule
Severity: Medium
The VMM must protect audit tools from unauthorized deletion.
3
Rule
Severity: Medium
The ESXi host must implement Secure Boot enforcement.
1
Rule
Severity: Medium
The Photon operating system must protect audit tools from unauthorized modification and deletion.
1
Rule
Severity: Medium
VMware Postgres configuration files must not be accessible by unauthorized users.
3
Rule
Severity: Medium
The Photon operating system must protect audit tools from unauthorized access.
3
Rule
Severity: Medium
The vCenter PostgreSQL service configuration files must not be accessible by unauthorized users.
1
Rule
Severity: Medium
The BIG-IP Core implementation must be configured to protect audit tools from unauthorized deletion.
1
Rule
Severity: Medium
The macOS system must configure audit log files to not contain access control lists (ACLs).
1
Rule
Severity: Medium
The macOS system must configure the audit log folder to not contain access control lists (ACLs).
1
Rule
Severity: Medium
The macOS system must configure the audit log files group to wheel.
1
Rule
Severity: Medium
The macOS system must configure the audit log folders group to wheel.
1
Rule
Severity: Medium
The macOS system must be configured to audit all failed read actions on the system.
1
Rule
Severity: Medium
The macOS system must be configured to audit all failed write actions on the system.
1
Rule
Severity: Medium
The macOS system must configure audit_control owner to mode 440 or less permissive.
1
Rule
Severity: Medium
The macOS system must configure audit_control to not contain access control lists (ACLs).
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must have directories that contain system commands set to a mode of "755" or less permissive.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must have directories that contain system commands owned by "root".
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must have directories that contain system commands group-owned by "root".
1
Rule
Severity: Medium
SLEM 5 audit tools must have the proper permissions configured to protect against unauthorized access.
1
Rule
Severity: Medium
TOSS audit tools must be owned by "root".
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules