Skip to content

Australian Cyber Security Centre (ACSC) ISM Official

Rules and Groups employed by this XCCDF Profile

  • Record Any Attempts to Run setsebool

    At a minimum, the audit system should collect any execution attempt of the <code>setsebool</code> command for all users and root. If the <code>audi...
    Rule Medium Severity
  • Record Any Attempts to Run seunshare

    At a minimum, the audit system should collect any execution attempt of the <code>seunshare</code> command for all users and root. If the <code>audi...
    Rule Medium Severity
  • Record Unauthorized Access Attempts Events to Files (unsuccessful)

    At a minimum, the audit system should collect unauthorized file accesses for all users and root. Note that the "-F arch=b32" lines should be presen...
    Group
  • Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)

    At a minimum the audit system should collect unauthorized file accesses for all users and root. If the <code>auditd</code> daemon is configured to ...
    Rule Medium Severity
  • Record Information on Kernel Modules Loading and Unloading

    To capture kernel module loading and unloading events, use following lines, setting ARCH to either b32 for 32-bit system, or having two lines for b...
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules