II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000047-GPOS-00023
Group -
AlmaLinux OS 9 must take appropriate action when a critical audit processing failure occurs.
It is critical that when the operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware e...Rule Medium Severity -
SRG-OS-000047-GPOS-00023
Group -
AlmaLinux OS 9 audit system must make full use of the audit storage space.
max_log_file (size in megabytes) multiplied by num_logs must make full use of the auditd storage volume (separate to the root partition). If max_log_file_action is set to ROTATE or KEEP_LOGS then ...Rule Medium Severity -
SRG-OS-000047-GPOS-00023
Group -
AlmaLinux OS 9 audit system must take appropriate action when the audit files have reached maximum size.
It is critical that when the operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware e...Rule Medium Severity -
SRG-OS-000047-GPOS-00023
Group -
AlmaLinux OS 9 audit system must retain an optimal number of audit records.
max_log_file (size in megabytes) multiplied by num_logs must make full use of the auditd storage volume (separate to the root partition). If max_log_file_action is set to ROTATE or KEEP_LOGS then ...Rule Medium Severity -
SRG-OS-000051-GPOS-00024
Group -
AlmaLinux OS 9 must periodically flush audit records to disk to prevent the loss of audit records.
If option "freq" is not set to a value that requires audit records being written to disk after a threshold number is reached, then audit records may be lost.Rule Medium Severity -
SRG-OS-000042-GPOS-00021
Group -
The auditd service must be enabled on AlmaLinux OS 9.
Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events ...Rule Medium Severity -
SRG-OS-000355-GPOS-00143
Group -
The chronyd service must be enabled.
Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when condu...Rule Medium Severity -
SRG-OS-000355-GPOS-00143
Group -
AlmaLinux OS 9 must have the chrony package installed.
Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when condu...Rule Medium Severity -
SRG-OS-000356-GPOS-00144
Group -
AlmaLinux OS 9 must securely compare internal information system clocks at least every 24 hours.
Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when condu...Rule Medium Severity -
SRG-OS-000057-GPOS-00027
Group -
AlmaLinux OS 9 audit log directory must be owned by root to prevent unauthorized read access.
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit recor...Rule Medium Severity -
SRG-OS-000057-GPOS-00027
Group -
AlmaLinux OS 9 audit log directory must have 0700 permissions to prevent unauthorized read access.
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit recor...Rule Medium Severity -
SRG-OS-000057-GPOS-00027
Group -
AlmaLinux OS 9 audit logs must be owned by the root group to prevent unauthorized read access.
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit recor...Rule Medium Severity -
SRG-OS-000057-GPOS-00027
Group -
AlmaLinux OS 9 audit logs must be owned by root to prevent unauthorized read access.
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit recor...Rule Medium Severity -
SRG-OS-000057-GPOS-00027
Group -
AlmaLinux OS 9 audit logs must have 0600 permissions to prevent unauthorized read access.
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit recor...Rule Medium Severity -
SRG-OS-000256-GPOS-00097
Group -
AlmaLinux OS 9 audit tools must be group-owned by root.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operatio...Rule Medium Severity -
SRG-OS-000256-GPOS-00097
Group -
AlmaLinux OS 9 audit tools must be owned by root.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operatio...Rule Medium Severity -
SRG-OS-000256-GPOS-00097
Group -
AlmaLinux OS 9 audit tools must have a mode of 0755 or less permissive.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operatio...Rule Medium Severity -
SRG-OS-000058-GPOS-00028
Group -
AlmaLinux OS 9 audit system must protect logon UIDs from unauthorized change.
If modification of login user identifiers (UIDs) is not prevented, they can be changed by nonprivileged users and make auditing complicated or impossible.Rule Medium Severity -
SRG-OS-000278-GPOS-00108
Group -
AlmaLinux OS 9 must use cryptographic mechanisms to protect the integrity of audit tools.
Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit recor...Rule Medium Severity -
SRG-OS-000058-GPOS-00028
Group -
AlmaLinux OS 9 audit system must protect auditing rules from unauthorized change.
Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality. Audit information includes all information (e.g., audit recor...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.