Configure Periodic Execution of AIDE
Install the Host Intrusion Prevention System (HIPS) Module
Build and Test AIDE Database
Configure Notification of Post-AIDE Scan Details
Install Virus Scanning Software
Install Intrusion Detection Software
Install McAfee Virus Scanning Software
Virus Scanning Software Definitions Are Updated
Install the Asset Configuration Compliance Module (ACCM)
Install the Policy Auditor (PA) Module
Set Account Expiration Following Inactivity
Ensure that System Accounts Do Not Run a Shell Upon Login
Make the auditd Configuration Immutable
Record Events that Modify the System's Mandatory Access Controls
Ensure auditd Collects Information on Exporting to Media (successful)
Record Events that Modify the System's Network Environment
Record Attempts to Alter Process and Session Initiation Information
Ensure auditd Collects System Administrator Actions
Record Events that Modify User/Group Information
System Audit Logs Must Have Mode 0750 or Less Permissive
System Audit Logs Must Be Owned By Root
Record Events that Modify the System's Discretionary Access Controls - chmod
Record Events that Modify the System's Discretionary Access Controls - chown
Record Events that Modify the System's Discretionary Access Controls - fchmod
Record Events that Modify the System's Discretionary Access Controls - fchmodat
Record Events that Modify the System's Discretionary Access Controls - fchown
Record Events that Modify the System's Discretionary Access Controls - fchownat
Record Events that Modify the System's Discretionary Access Controls - fremovexattr
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
Record Events that Modify the System's Discretionary Access Controls - lchown
Record Events that Modify the System's Discretionary Access Controls - lremovexattr
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
Record Events that Modify the System's Discretionary Access Controls - removexattr
Record Events that Modify the System's Discretionary Access Controls - setxattr
Ensure auditd Collects File Deletion Events by User
Assign Expiration Date to Emergency Accounts
Ensure auditd Collects File Deletion Events by User - rename
Assign Expiration Date to Temporary Accounts
Ensure auditd Collects File Deletion Events by User - renameat
Ensure auditd Collects File Deletion Events by User - rmdir
Ensure auditd Collects File Deletion Events by User - unlink
Ensure auditd Collects File Deletion Events by User - unlinkat
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
Record Unsuccessful Access Attempts to Files - creat
Record Unsuccessful Access Attempts to Files - ftruncate
Record Unsuccessful Access Attempts to Files - open
Record Unsuccessful Access Attempts to Files - open_by_handle_at
Record Unsuccessful Access Attempts to Files - openat
Record Unsuccessful Access Attempts to Files - truncate
Ensure auditd Collects Information on Kernel Module Loading and Unloading
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
Ensure auditd Collects Information on Kernel Module Loading - init_module
Ensure auditd Collects Information on the Use of Privileged Commands
Record attempts to alter time through adjtimex
Record Attempts to Alter Time Through clock_settime
Record attempts to alter time through settimeofday
Record Attempts to Alter Time Through stime
Record Attempts to Alter the localtime File
Enable Auditing for Processes Which Start Prior to the Audit Daemon
Configure auditd to use audispd's syslog plugin
Configure auditd Disk Error Action on Disk Error
Configure auditd Disk Full Action when Disk Space Is Full
Configure auditd mail_acct Action on Low Disk Space
Configure auditd admin_space_left Action on Low Disk Space
Configure auditd Max Log File Size
Configure auditd max_log_file_action Upon Reaching Maximum Log Size
Configure auditd Number of Logs Retained
Configure auditd space_left Action on Low Disk Space
Record Events that Modify User/Group Information - /etc/group
Record Events that Modify User/Group Information - /etc/gshadow
Record Events that Modify User/Group Information - /etc/security/opasswd
Record Events that Modify User/Group Information - /etc/passwd
Record Events that Modify User/Group Information - /etc/shadow
System Audit Logs Must Have Mode 0640 or Less Permissive
Disable Kernel Parameter for IPv6 Forwarding
Disable Accepting ICMP Redirects for All IPv4 Interfaces
Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces
Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces
Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces
Record Any Attempts to Run chcon
Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces
Record Any Attempts to Run restorecon
Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces
Record Any Attempts to Run semanage
Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default
Record Any Attempts to Run setsebool
Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default
Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default
Configure Kernel Parameter for Accepting Secure Redirects By Default
Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces
Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces
Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces
Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces
Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default
Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces
Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
Record Unsuccessful Creation Attempts to Files - open O_CREAT
Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
Record Unsuccessful Creation Attempts to Files - openat O_CREAT
Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
Record Unsuccessful Delete Attempts to Files - rename
Record Unsuccessful Delete Attempts to Files - renameat
Disable Core Dumps for All Users
Record Unsuccessful Delete Attempts to Files - unlink
Record Unsuccessful Delete Attempts to Files - unlinkat
Record Attempts to Alter Logon and Logout Events
Record Attempts to Alter Logon and Logout Events - faillock
Record Attempts to Alter Logon and Logout Events - lastlog
Record Attempts to Alter Logon and Logout Events - tallylog
Ensure auditd Collects Information on the Use of Privileged Commands - chage
Ensure auditd Collects Information on the Use of Privileged Commands - chsh
Ensure auditd Collects Information on the Use of Privileged Commands - crontab
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
Ensure auditd Collects Information on the Use of Privileged Commands - postdrop
Ensure auditd Collects Information on the Use of Privileged Commands - postqueue
Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown
Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
Ensure auditd Collects Information on the Use of Privileged Commands - su
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
Ensure auditd Collects Information on the Use of Privileged Commands - umount
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
Ensure auditd Collects Information on the Use of Privileged Commands - userhelper
Configure auditd admin_space_left on Low Disk Space
Configure auditd flush priority
Configure auditd space_left on Low Disk Space
Set SSH Client Alive Count Max to zero
Set SSH Client Alive Count Max
Set SSH Client Alive Interval
Ensure No Device Files are Unlabeled by SELinux
Install the psacct package
Enable Process Accounting (psacct)
Configure SMTP Greeting Banner
Configure Logind to terminate idle sessions after certain time of inactivity
System Audit Directories Must Be Group Owned By Root
System Audit Directories Must Be Owned By Root
System Audit Logs Must Be Group Owned By Root
The Kubernetes Audit Logs Directory Must Have Mode 0700
The OAuth Audit Logs Directory Must Have Mode 0700
The OpenShift Audit Logs Directory Must Have Mode 0700
Kubernetes Audit Logs Must Be Owned By Root
OAuth Audit Logs Must Be Owned By Root
OpenShift Audit Logs Must Be Owned By Root
Kubernetes Audit Logs Must Have Mode 0600
OAuth Audit Logs Must Have Mode 0600
OpenShift Audit Logs Must Have Mode 0600
Enable Auditing for Processes Which Start Prior to the Audit Daemon
Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd
Configure Systemd Timer Execution of AIDE