Capacity
SRG-OS-000392-GPOS-00172
33
Rule
Severity: Medium
Ensure the audit Subsystem is Installed
35
Rule
Severity: Medium
Enable auditd Service
33
Rule
Severity: Medium
Ensure auditd Collects Information on Exporting to Media (successful)
33
Rule
Severity: Medium
Ensure auditd Collects System Administrator Actions
29
Rule
Severity: Medium
Record Events that Modify User/Group Information
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chmod
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - chown
33
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmod
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchmodat
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchown
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fchownat
33
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fremovexattr
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - fsetxattr
33
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lchown
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lremovexattr
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - lsetxattr
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - removexattr
32
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - setxattr
31
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - umount
33
Rule
Severity: Medium
Record Events that Modify the System's Discretionary Access Controls - umount2
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rename
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - renameat
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - rmdir
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlink
32
Rule
Severity: Medium
Ensure auditd Collects File Deletion Events by User - unlinkat
26
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - creat
26
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - ftruncate
27
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open
26
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - open_by_handle_at
26
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - openat
26
Rule
Severity: Medium
Record Unsuccessful Access Attempts to Files - truncate
26
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Unloading - delete_module
27
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module
25
Rule
Severity: Medium
Ensure auditd Collects Information on Kernel Module Loading - init_module
7
Rule
Severity: Medium
Ensure the audit-libs package as a part of audit Subsystem is Installed
21
Rule
Severity: Low
Enable Auditing for Processes Which Start Prior to the Audit Daemon
19
Rule
Severity: Low
Extend Audit Backlog Limit for the Audit Daemon
25
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/group
24
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/gshadow
25
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/security/opasswd
25
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/passwd
25
Rule
Severity: Medium
Record Events that Modify User/Group Information - /etc/shadow
20
Rule
Severity: Medium
Record Any Attempts to Run chcon
16
Rule
Severity: Medium
Record Any Attempts to Run restorecon
17
Rule
Severity: Medium
Record Any Attempts to Run semanage
16
Rule
Severity: Medium
Record Any Attempts to Run setfiles
17
Rule
Severity: Medium
Record Any Attempts to Run setsebool
13
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT
13
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE
13
Rule
Severity: Medium
Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly
13
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - open O_CREAT
13
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE
13
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly
13
Rule
Severity: Medium
Record Unsuccessful Creation Attempts to Files - openat O_CREAT
13
Rule
Severity: Medium
Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE
13
Rule
Severity: Medium
Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly
16
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - rename
15
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - renameat
15
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlink
15
Rule
Severity: Medium
Record Unsuccessful Delete Attempts to Files - unlinkat
24
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - faillock
27
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - lastlog
23
Rule
Severity: Medium
Record Attempts to Alter Logon and Logout Events - tallylog
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chage
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - chsh
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - crontab
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - insmod
19
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - kmod
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - modprobe
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - mount
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - newgrp
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - passwd
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postdrop
18
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - postqueue
12
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown
13
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - rmmod
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - su
23
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudo
19
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
19
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - umount
20
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
16
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - userhelper
11
Rule
Severity: Medium
Ensure auditd Collects System Administrator Actions - /etc/sudoers
10
Rule
Severity: Medium
Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/
18
Rule
Severity: Medium
Record Attempts to perform maintenance activities
17
Rule
Severity: Medium
Record Any Attempts to Run chacl
14
Rule
Severity: Medium
Record Any Attempts to Run setfacl
14
Rule
Severity: Medium
Record Any Attempts to Run ssh-agent
10
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix_update
17
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - usermod
2
Rule
Severity: Medium
Ensure the libaudit1 package as a part of audit Subsystem is Installed
3
Rule
Severity: Medium
Record Any Attempts to Run chmod
3
Rule
Severity: Medium
Record Any Attempts to Run rm
3
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules