Guide to the Secure Configuration of Debian 12
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Set number of records to cause an explicit flush to audit logs
To configure Audit daemon to issue an explicit flush to disk command after writing <xccdf-1.2:sub idref="xccdf_org.ssgproject.content_value_var_aud...Rule Medium Severity -
Resolve information before writing to audit logs
To configure Audit daemon to resolve all uid, gid, syscall, architecture, and socket address information before writing the events to disk, set <co...Rule Low Severity -
Appropriate Action Must be Setup When the Internal Audit Event Queue is Full
The audit system should have an action setup in the event the internal event queue becomes full. To setup an overflow action edit <code>/etc/audit/...Rule Medium Severity -
Write Audit Logs to the Disk
To configure Audit daemon to write Audit logs to the disk, set <code>write_logs</code> to <code>yes</code> in <code>/etc/audit/auditd.conf</code>. ...Rule Medium Severity -
Enable auditd Service
The <code>auditd</code> service is an essential userspace component of the Linux Auditing System, as it is responsible for writing audit records to...Rule Medium Severity -
Record Attempts to Alter Logon and Logout Events - tallylog
The audit system already collects login information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>augenr...Rule Medium Severity -
Configure auditd Rules for Comprehensive Auditing
The <code>auditd</code> program can perform comprehensive monitoring of system activity. This section describes recommended configuration settings ...Group -
Record Events that Modify the System's Mandatory Access Controls
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Ensure auditd Collects Information on Exporting to Media (successful)
At a minimum, the audit system should collect media exportation events for all users and root. If the <code>auditd</code> daemon is configured to u...Rule Medium Severity -
Record Attempts to Alter Process and Session Initiation Information
The audit system already collects process information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>auge...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.