DISA STIG for Red Hat Enterprise Linux CoreOS
Rules and Groups employed by this XCCDF Profile
-
Record Attempts to Alter Process and Session Initiation Information
The audit system already collects process information for all users and root. If the <code>auditd</code> daemon is configured to use the <code>auge...Rule Medium Severity -
Ensure auditd Collects System Administrator Actions
At a minimum, the audit system should collect administrator actions for all users and root. If the <code>auditd</code> daemon is configured to use ...Rule Medium Severity -
Record Events that Modify User/Group Information
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Record Events that Modify User/Group Information - /etc/group
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Record Events that Modify User/Group Information - /etc/gshadow
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Record Events that Modify User/Group Information - /etc/security/opasswd
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Record Events that Modify User/Group Information - /etc/passwd
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
Record Events that Modify User/Group Information - /etc/shadow
If the <code>auditd</code> daemon is configured to use the <code>augenrules</code> program to read audit rules during daemon startup (the default),...Rule Medium Severity -
System Audit Logs Must Be Owned By Root
All audit logs must be owned by root user and group. By default, the path for audit log is <pre>/var/log/audit/</pre>. To properly set the owner o...Rule Medium Severity -
System Audit Logs Must Have Mode 0640 or Less Permissive
Determine where the audit logs are stored with the following command: <pre>$ sudo grep -iw log_file /etc/audit/auditd.conf log_file = /var/log/aud...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.