Capacity
FAU_GEN.1.1.c
30
Rule
Severity: Medium
Record Events that Modify the System's Mandatory Access Controls
30
Rule
Severity: Medium
Record Events that Modify the System's Mandatory Access Controls in usr/share
30
Rule
Severity: Medium
Record Attempts to Alter Process and Session Initiation Information
29
Rule
Severity: Medium
Ensure auditd Collects System Administrator Actions
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chmod
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chown
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmod
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmodat
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchown
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchownat
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fremovexattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lchown
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lremovexattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - removexattr
29
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - setxattr
23
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rename
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - renameat
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rmdir
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlink
29
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlinkat
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - creat
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - ftruncate
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open
24
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open_by_handle_at
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - openat
23
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - truncate
22
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
23
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
22
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading - init_module
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/group
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/gshadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd
29
Rule
Severity: Medium
Configure auditd to use audispd's syslog plugin
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/passwd
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open syscall - /etc/shadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow
11
Rule
Severity: Medium
Record Events that Modify User/Group Information via openat syscall - /etc/shadow
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/group
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
20
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
12
Rule
Severity: Medium
Record Access Events to Audit Log Directory
27
Rule
Severity: Medium
Ensure Logs Sent To Remote Host
17
Rule
Severity: Medium
Record Any Attempts to Run chcon
14
Rule
Severity: Medium
Record Any Attempts to Run restorecon
14
Rule
Severity: Medium
Record Any Attempts to Run semanage
14
Rule
Severity: Medium
Record Any Attempts to Run setsebool
12
Rule
Severity: Medium
Record Any Attempts to Run seunshare
11
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
11
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
11
Rule
Severity: Medium
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
11
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open O_CREAT
11
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
11
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
11
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - openat O_CREAT
11
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
11
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - rename
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - renameat
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlink
14
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlinkat
20
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - faillock
23
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - lastlog
21
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - tallylog
14
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - at
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - mount
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - su
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
14
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - userhelper
12
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl
16
Rule
Severity: Medium
Configure audispd Plugin To Send Logs To Remote Server
14
Rule
Severity: Medium
Encrypt Audit Records Sent With audispd Plugin
10
Rule
Severity: Medium
Configure audit according to OSPP requirements
13
Rule
Severity: Medium
Ensure cron Is Logging To Rsyslog
7
Rule
Severity: Medium
Configure auditing of unsuccessful file accesses
7
Rule
Severity: Medium
Configure auditing of successful file accesses
7
Rule
Severity: Medium
Configure auditing of unsuccessful file creations
7
Rule
Severity: Medium
Configure auditing of successful file creations
7
Rule
Severity: Medium
Configure auditing of unsuccessful file deletions
7
Rule
Severity: Medium
Configure auditing of successful file deletions
7
Rule
Severity: Medium
Configure auditing of unsuccessful file modifications
7
Rule
Severity: Medium
Configure auditing of successful file modifications
7
Rule
Severity: Medium
Configure auditing of loading and unloading of kernel modules
7
Rule
Severity: Medium
Perform general configuration of Audit for OSPP
7
Rule
Severity: Medium
Configure auditing of unsuccessful ownership changes
7
Rule
Severity: Medium
Configure auditing of successful ownership changes
7
Rule
Severity: Medium
Configure auditing of unsuccessful permission changes
7
Rule
Severity: Medium
Configure auditing of successful permission changes
2
Rule
Severity: Medium
Configure auditing of unsuccessful file accesses (AArch64)
2
Rule
Severity: Medium
Configure auditing of unsuccessful file accesses (ppc64le)
2
Rule
Severity: Medium
Configure auditing of successful file accesses (AArch64)
2
Rule
Severity: Medium
Configure auditing of successful file accesses (ppc64le)
2
Rule
Severity: Medium
Configure auditing of unsuccessful file creations (AArch64)
2
Rule
Severity: Medium
Configure auditing of unsuccessful file creations (ppc64le)
2
Rule
Severity: Medium
Configure auditing of successful file creations (AArch64)
2
Rule
Severity: Medium
Configure auditing of successful file creations (ppc64le)
2
Rule
Severity: Medium
Configure auditing of unsuccessful file deletions (AArch64)
2
Rule
Severity: Medium
Configure auditing of unsuccessful file deletions (ppc64le)
2
Rule
Severity: Medium
Configure auditing of successful file deletions (AArch64)
2
Rule
Severity: Medium
Configure auditing of successful file deletions (ppc64le)
2
Rule
Severity: Medium
Configure auditing of unsuccessful file modifications (AARch64)
2
Rule
Severity: Medium
Configure auditing of unsuccessful file modifications (ppc64le)
2
Rule
Severity: Medium
Configure auditing of successful file modifications (AArch64)
2
Rule
Severity: Medium
Configure auditing of successful file modifications (ppc64le)
2
Rule
Severity: Medium
Configure auditing of loading and unloading of kernel modules (ppc64le)
2
Rule
Severity: Medium
Perform general configuration of Audit for OSPP (AArch64)
2
Rule
Severity: Medium
Perform general configuration of Audit for OSPP (ppc64le)
2
Rule
Severity: Medium
Configure auditing of unsuccessful ownership changes (AArch64)
2
Rule
Severity: Medium
Configure auditing of unsuccessful ownership changes (ppc64le)
2
Rule
Severity: Medium
Configure auditing of successful ownership changes (AArch64)
2
Rule
Severity: Medium
Configure auditing of successful ownership changes (ppc64le)
2
Rule
Severity: Medium
Configure auditing of unsuccessful permission changes (AArch64)
2
Rule
Severity: Medium
Configure auditing of unsuccessful permission changes (ppc64le)
2
Rule
Severity: Medium
Configure auditing of successful permission changes (AArch64)
2
Rule
Severity: Medium
Configure auditing of successful permission changes (ppc64le)
1
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules