Skip to content
ATO Pathways
  Log In

19

Logo
27

Rule

Severity: Medium
Install the Host Intrusion Prevention System (HIPS) Module
Logo
7

Rule

Severity: Medium
Install the Asset Configuration Compliance Module (ACCM)
Logo
7

Rule

Severity: Medium
Install the Policy Auditor (PA) Module
Logo
35

Rule

Severity: Medium
Enable auditd Service
Logo
33

Rule

Severity: Medium
Make the auditd Configuration Immutable
Logo
33

Rule

Severity: Medium
Record Events that Modify the System's Mandatory Access Controls
Logo
33

Rule

Severity: Medium
Ensure auditd Collects Information on Exporting to Media (successful)
Logo
33

Rule

Severity: Medium
Record Events that Modify the System's Network Environment
Logo
33

Rule

Severity: Medium
Record Attempts to Alter Process and Session Initiation Information
Logo
33

Rule

Severity: Medium
Ensure auditd Collects System Administrator Actions
Logo
29

Rule

Severity: Medium
Record Events that Modify User/Group Information
Logo
30

Rule

Severity: Medium
System Audit Logs Must Have Mode 0750 or Less Permissive
Logo
43

Rule

Severity: Medium
System Audit Logs Must Be Owned By Root
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chmod
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chown
Logo
33

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmod
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmodat
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchown
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchownat
Logo
33

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fremovexattr
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
Logo
33

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lchown
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lremovexattr
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - removexattr
Logo
32

Rule

Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - setxattr
Logo
23

Rule

Severity: Medium
Ensure auditd Collects File Deletion Events by User
Logo
32

Rule

Severity: Medium
Ensure auditd Collects File Deletion Events by User - rename
Logo
32

Rule

Severity: Medium
Ensure auditd Collects File Deletion Events by User - renameat
Logo
32

Rule

Severity: Medium
Ensure auditd Collects File Deletion Events by User - rmdir
Logo
32

Rule

Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlink
Logo
32

Rule

Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlinkat
Logo
25

Rule

Severity: Medium
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
Logo
26

Rule

Severity: Medium
Record Unsuccessful Access Attempts to Files - creat
Logo
26

Rule

Severity: Medium
Record Unsuccessful Access Attempts to Files - ftruncate
Logo
27

Rule

Severity: Medium
Record Unsuccessful Access Attempts to Files - open
Logo
26

Rule

Severity: Medium
Record Unsuccessful Access Attempts to Files - open_by_handle_at
Logo
26

Rule

Severity: Medium
Record Unsuccessful Access Attempts to Files - openat
Logo
26

Rule

Severity: Medium
Record Unsuccessful Access Attempts to Files - truncate
Logo
25

Rule

Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading
Logo
26

Rule

Severity: Medium
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
Logo
27

Rule

Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
Logo
25

Rule

Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading - init_module
Logo
32

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands
Logo
33

Rule

Severity: Medium
Record attempts to alter time through adjtimex
Logo
33

Rule

Severity: Medium
Record Attempts to Alter Time Through clock_settime
Logo
32

Rule

Severity: Medium
Record attempts to alter time through settimeofday
Logo
32

Rule

Severity: Medium
Record Attempts to Alter Time Through stime
Logo
32

Rule

Severity: Medium
Record Attempts to Alter the localtime File
Logo
21

Rule

Severity: Low
Enable Auditing for Processes Which Start Prior to the Audit Daemon
Logo
31

Rule

Severity: Medium
Configure auditd to use audispd's syslog plugin
Logo
63

Rule

Severity: Medium
Configure auditd Disk Error Action on Disk Error
Logo
64

Rule

Severity: Medium
Configure auditd Disk Full Action when Disk Space Is Full
Logo
30

Rule

Severity: Medium
Configure auditd mail_acct Action on Low Disk Space
Logo
32

Rule

Severity: Medium
Configure auditd admin_space_left Action on Low Disk Space
Logo
29

Rule

Severity: Medium
Configure auditd Max Log File Size
Logo
59

Rule

Severity: Medium
Configure auditd max_log_file_action Upon Reaching Maximum Log Size
Logo
28

Rule

Severity: Medium
Configure auditd Number of Logs Retained
Logo
33

Rule

Severity: Medium
Configure auditd space_left Action on Low Disk Space
Logo
25

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/group
Logo
24

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
Logo
25

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
Logo
25

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
Logo
25

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
Logo
19

Rule

Severity: Medium
System Audit Logs Must Have Mode 0640 or Less Permissive
Logo
13

Rule

Severity: Medium
Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
Logo
13

Rule

Severity: Medium
Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
Logo
13

Rule

Severity: Medium
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
Logo
13

Rule

Severity: Medium
Record Unsuccessful Creation Attempts to Files - open O_CREAT
Logo
13

Rule

Severity: Medium
Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
Logo
13

Rule

Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
Logo
13

Rule

Severity: Medium
Record Unsuccessful Creation Attempts to Files - openat O_CREAT
Logo
13

Rule

Severity: Medium
Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
Logo
13

Rule

Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
Logo
16

Rule

Severity: Medium
Record Unsuccessful Delete Attempts to Files - rename
Logo
15

Rule

Severity: Medium
Record Unsuccessful Delete Attempts to Files - renameat
Logo
15

Rule

Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlink
Logo
15

Rule

Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlinkat
Logo
19

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events
Logo
24

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events - faillock
Logo
27

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events - lastlog
Logo
23

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events - tallylog
Logo
15

Rule

Severity: Medium
Configure auditd admin_space_left on Low Disk Space
Logo
34

Rule

Severity: Medium
Configure auditd space_left on Low Disk Space
Logo
8

Rule

Severity: Medium
System Audit Directories Must Be Group Owned By Root
Logo
8

Rule

Severity: Medium
System Audit Directories Must Be Owned By Root
Logo
13

Rule

Severity: Medium
System Audit Logs Must Be Group Owned By Root
Logo
1

Rule

Severity: Medium
The Kubernetes Audit Logs Directory Must Have Mode 0700
Logo
1

Rule

Severity: Medium
The OAuth Audit Logs Directory Must Have Mode 0700
Logo
1

Rule

Severity: Medium
The OpenShift Audit Logs Directory Must Have Mode 0700
Logo
1

Rule

Severity: Medium
Kubernetes Audit Logs Must Be Owned By Root
Logo
1

Rule

Severity: Medium
OAuth Audit Logs Must Be Owned By Root
Logo
1

Rule

Severity: Medium
OpenShift Audit Logs Must Be Owned By Root
Logo
1

Rule

Severity: Medium
Kubernetes Audit Logs Must Have Mode 0600
Logo
1

Rule

Severity: Medium
OAuth Audit Logs Must Have Mode 0600
Logo
1

Rule

Severity: Medium
OpenShift Audit Logs Must Have Mode 0600
Logo
1

Rule

Severity: Medium
Enable Auditing for Processes Which Start Prior to the Audit Daemon

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules