Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Configure auditd max_log_file_action Upon Reaching Maximum Log Size
The default action to take when the logs reach their maximum size is to rotate the log files, discarding the oldest one. To configure the action taken by <code>auditd</code>, add or correct the lin...Rule Medium Severity -
Configure auditd Number of Logs Retained
Determine how many log files <code>auditd</code> should retain when it rotates logs. Edit the file <code>/etc/audit/auditd.conf</code>. Add or modify the following line, substituting <i>NUMLOGS</i>...Rule Medium Severity -
Configure auditd space_left on Low Disk Space
The <code>auditd</code> service can be configured to take an action when disk space is running low but prior to running out of space completely. Edit the file <code>/etc/audit/auditd.conf</code>. A...Rule Medium Severity -
Configure auditing of successful ownership changes
Ensure that successful attempts to change an ownership of files or directories are audited. The following rules configure audit as described above: <pre>## Successful ownership change -a always,ex...Rule Medium Severity -
Configure auditing of unsuccessful file accesses
Ensure that unsuccessful attempts to access a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file access (any other opens) This has to go last. -a a...Rule Medium Severity -
Configure auditing of successful file accesses
Ensure that successful attempts to access a file are audited. The following rules configure audit as described above: <pre>## Successful file access (any other opens) This has to go last. ## These...Rule Medium Severity -
Configure auditing of unsuccessful file creations
Ensure that unsuccessful attempts to create a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file creation (open with O_CREAT) -a always,exit -F arc...Rule Medium Severity -
Configure auditing of successful file creations
Ensure that successful attempts to create a file are audited. The following rules configure audit as described above: <pre>## Successful file creation (open with O_CREAT) -a always,exit -F arch=b3...Rule Medium Severity -
Configure auditing of unsuccessful file deletions
Ensure that unsuccessful attempts to delete a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file delete -a always,exit -F arch=b32 -S unlink,unlink...Rule Medium Severity -
Configure auditing of successful file deletions
Ensure that successful attempts to delete a file are audited. The following rules configure audit as described above: <pre>## Successful file delete -a always,exit -F arch=b32 -S unlink,unlinkat,r...Rule Medium Severity -
Configure auditing of unsuccessful file modifications
Ensure that unsuccessful attempts to modify a file are audited. The following rules configure audit as described above: <pre>## Unsuccessful file modifications (open for write or truncate) -a alwa...Rule Medium Severity -
Configure auditing of successful file modifications
Ensure that successful attempts to modify a file are audited. The following rules configure audit as described above: <pre>## Successful file modifications (open for write or truncate) -a always,e...Rule Medium Severity -
Configure auditing of unsuccessful ownership changes
Ensure that unsuccessful attempts to change an ownership of files or directories are audited. The following rules configure audit as described above: <pre>## Unsuccessful ownership change -a alway...Rule Medium Severity -
Configure auditing of unsuccessful permission changes
Ensure that unsuccessful attempts to change file or directory permissions are audited. The following rules configure audit as described above: <pre>## Unsuccessful permission change -a always,exit...Rule Medium Severity -
Configure auditing of successful permission changes
Ensure that successful attempts to modify permissions of files or directories are audited. The following rules configure audit as described above: <pre>## Successful permission change -a always,ex...Rule Medium Severity -
Enable auditd Service
The <code>auditd</code> service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to disk. The <code>auditd</code> service can be ena...Rule Medium Severity -
Configure auditd Rules for Comprehensive Auditing
The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings for comprehensive auditing, but a full description...Group -
Record Events that Modify User/Group Information via open syscall - /etc/group
The audit system should collect write events to /etc/group file for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rule...Rule Medium Severity -
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group
The audit system should collect write events to /etc/group file for all group and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rule...Rule Medium Severity -
Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow
The audit system should collect write events to /etc/gshadow file for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit ru...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.