Capacity
AU-2(d)
34
Rule
Severity: Medium
Enable auditd Service
33
Rule
Severity: Medium
Record Events that Modify the System's Mandatory Access Controls
32
Rule
Severity: Medium
Record Events that Modify the System's Mandatory Access Controls in usr/share
33
Rule
Severity: Medium
Ensure auditd Collects Information on Exporting to Media (successful)
33
Rule
Severity: Medium
Record Events that Modify the System's Network Environment
33
Rule
Severity: Medium
Record Attempts to Alter Process and Session Initiation Information
32
Rule
Severity: Medium
Ensure auditd Collects System Administrator Actions
29
Rule
Severity: Medium
Record Events that Modify User/Group Information
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chmod
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chown
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmod
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmodat
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchown
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchownat
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fremovexattr
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lchown
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lremovexattr
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - removexattr
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - setxattr
23
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rename
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - renameat
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rmdir
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlink
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlinkat
25
Rule
Severity: Medium
Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
25
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - creat
25
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - ftruncate
26
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open
25
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open_by_handle_at
25
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - openat
26
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - truncate
25
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading
25
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
26
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
24
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading - init_module
32
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands
33
Rule
Severity: Medium
Record attempts to alter time through adjtimex
33
Rule
Severity: Medium
Record Attempts to Alter Time Through clock_settime
32
Rule
Severity: Medium
Record attempts to alter time through settimeofday
32
Rule
Severity: Medium
Record Attempts to Alter Time Through stime
32
Rule
Severity: Medium
Record Attempts to Alter the localtime File
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/shadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/shadow
25
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/group
24
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
24
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
25
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
25
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
15
Rule
Severity: Medium
Record Access Events to Audit Log Directory
18
Rule
Severity: Medium
Record Any Attempts to Run chcon
16
Rule
Severity: Medium
Record Any Attempts to Run restorecon
17
Rule
Severity: Medium
Record Any Attempts to Run semanage
16
Rule
Severity: Medium
Record Any Attempts to Run setfiles
17
Rule
Severity: Medium
Record Any Attempts to Run setsebool
14
Rule
Severity: Medium
Record Any Attempts to Run seunshare
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - chmod
11
Rule
Severity: Medium
Record Unsuccessful Ownership Changes to Files - chown
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - fchmod
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - fchmodat
11
Rule
Severity: Medium
Record Unsuccessful Ownership Changes to Files - fchown
11
Rule
Severity: Medium
Record Unsuccessful Ownership Changes to Files - fchownat
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - fremovexattr
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - fsetxattr
11
Rule
Severity: Medium
Record Unsuccessful Ownership Changes to Files - lchown
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - lremovexattr
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - lsetxattr
13
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
13
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
13
Rule
Severity: Medium
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
13
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open O_CREAT
13
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
13
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
13
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - openat O_CREAT
13
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
13
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - removexattr
15
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - rename
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - renameat
11
Rule
Severity: Medium
Record Unsuccessful Permission Changes to Files - setxattr
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlink
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlinkat
19
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events
24
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - faillock
27
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - lastlog
23
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - tallylog
14
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - at
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chage
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chsh
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - crontab
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - mount
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postdrop
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postqueue
12
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - su
23
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
19
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - umount
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - userhelper
12
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl
1
Rule
Severity: Medium
Record Access Events to Kubernetes Audit Log Directory
1
Rule
Severity: Medium
Record Access Events to OAuth Audit Log Directory
1
Rule
Severity: Medium
Record Access Events to OpenShift Audit Log Directory
3
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules