DRAFT - DISA STIG for Oracle Linux 9
Rules and Groups employed by this XCCDF Profile
-
Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - umount
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - unix_update
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - userhelper
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Ensure auditd Collects Information on the Use of Privileged Commands - usermod
At a minimum, the audit system should collect the execution of privileged commands for all users and root. If the <code>auditd</code> daemon is con...Rule Medium Severity -
Configure auditd Data Retention
The audit system writes data to <code>/var/log/audit/audit.log</code>. By default, <code>auditd</code> rotates 5 logs by size (6MB), retaining a ma...Group -
Configure a Sufficiently Large Partition for Audit Logs
The Oracle Linux 9 operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit recor...Rule Medium Severity -
Configure auditd Disk Error Action on Disk Error
The <code>auditd</code> service can be configured to take an action when there is a disk error. Edit the file <code>/etc/audit/auditd.conf</code>. ...Rule Medium Severity -
Configure auditd Disk Full Action when Disk Space Is Full
The <code>auditd</code> service can be configured to take an action when disk space is running low but prior to running out of space completely. Ed...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.