Skip to content
ATO Pathways
  Log In

AC-6(9)

Logo
29

Rule

Severity: Medium
Enable auditd Service
Logo
30

Rule

Severity: Medium
Make the auditd Configuration Immutable
Logo
29

Rule

Severity: Medium
Ensure auditd Collects Information on Exporting to Media (successful)
Logo
30

Rule

Severity: Medium
Record Events that Modify the System's Network Environment
Logo
28

Rule

Severity: Medium
Ensure auditd Collects System Administrator Actions
Logo
29

Rule

Severity: Medium
Record Events that Modify User/Group Information
Logo
23

Rule

Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading
Logo
21

Rule

Severity: Medium
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
Logo
22

Rule

Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
Logo
21

Rule

Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading - init_module
Logo
29

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands
Logo
30

Rule

Severity: Medium
Record attempts to alter time through adjtimex
Logo
30

Rule

Severity: Medium
Record Attempts to Alter Time Through clock_settime
Logo
30

Rule

Severity: Medium
Record attempts to alter time through settimeofday
Logo
29

Rule

Severity: Medium
Record Attempts to Alter Time Through stime
Logo
29

Rule

Severity: Medium
Record Attempts to Alter the localtime File
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/group
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/group
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/gshadow
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/gshadow
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/passwd
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/passwd
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/shadow
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow
Logo
11

Rule

Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/shadow
Logo
15

Rule

Severity: Medium
Record Events When Privileged Executables Are Run
Logo
20

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/group
Logo
20

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
Logo
19

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
Logo
20

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
Logo
20

Rule

Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
Logo
12

Rule

Severity: Medium
Record Access Events to Audit Log Directory
Logo
15

Rule

Severity: Medium
Record Any Attempts to Run chcon
Logo
14

Rule

Severity: Medium
Record Any Attempts to Run restorecon
Logo
14

Rule

Severity: Medium
Record Any Attempts to Run semanage
Logo
13

Rule

Severity: Medium
Record Any Attempts to Run setfiles
Logo
14

Rule

Severity: Medium
Record Any Attempts to Run setsebool
Logo
12

Rule

Severity: Medium
Record Any Attempts to Run seunshare
Logo
18

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events
Logo
20

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events - faillock
Logo
23

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events - lastlog
Logo
21

Rule

Severity: Medium
Record Attempts to Alter Logon and Logout Events - tallylog
Logo
14

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - at
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chage
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chsh
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - crontab
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd
Logo
16

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - mount
Logo
13

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
Logo
13

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
Logo
16

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postdrop
Logo
16

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postqueue
Logo
11

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - su
Logo
18

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
Logo
15

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - umount
Logo
17

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
Logo
14

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - userhelper
Logo
12

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl
Logo
1

Rule

Severity: Medium
Record Access Events to Kubernetes Audit Log Directory
Logo
1

Rule

Severity: Medium
Record Access Events to OAuth Audit Log Directory
Logo
1

Rule

Severity: Medium
Record Access Events to OpenShift Audit Log Directory
Logo
1

Rule

Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules