| APPL-14-000030 |
V1R2 |
The macOS system must configure audit log files to not contain access control lists. |
|
| APPL-14-000031 |
V1R2 |
The macOS system must configure audit log folders to not contain access control lists. |
|
| APPL-14-001012 |
V1R2 |
The macOS system must configure audit log files to be owned by root. |
|
| APPL-14-001013 |
V1R2 |
The macOS system must configure audit log folders to be owned by root. |
|
| APPL-14-001014 |
V1R2 |
The macOS system must configure audit log files group to wheel. |
|
| APPL-14-001015 |
V1R2 |
The macOS system must configure audit log folders group to wheel. |
|
| APPL-14-001016 |
V1R2 |
The macOS system must configure audit log files to mode 440 or less permissive. |
|
| APPL-14-001017 |
V1R2 |
The macOS system must configure audit log folders to mode 700 or less permissive. |
|
| APPL-14-001020 |
V1R2 |
The macOS system must be configured to audit all deletions of object attributes. |
|
| APPL-14-001021 |
V1R2 |
The macOS system must be configured to audit all changes of object attributes. |
|
| APPL-14-001110 |
V1R2 |
The macOS system must configure audit_control group to wheel. |
|
| APPL-14-001120 |
V1R2 |
The macOS system must configure audit_control owner to root. |
|
| APPL-14-001130 |
V1R2 |
The macOS system must configure audit_control to mode 440 or less permissive. |
|
| APPL-14-001140 |
V1R2 |
The macOS system must configure audit_control to not contain access control lists. |
|
| SLES-12-020120 |
V2R11 |
The SUSE operating system must protect audit rules from unauthorized modification. |
|
| RHEL-08-030070 |
V1R3 |
RHEL 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access. |
|
| RHEL-08-030080 |
V1R3 |
RHEL 8 audit logs must be owned by root to prevent unauthorized read access. |
|
| RHEL-08-030090 |
V1R3 |
RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access. |
|
| RHEL-08-030100 |
V1R3 |
RHEL 8 audit log directory must be owned by root to prevent unauthorized read access. |
|
| RHEL-08-030110 |
V1R3 |
RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access. |
|
| RHEL-08-030120 |
V1R3 |
RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access. |
|
| RHEL-08-030121 |
V1R3 |
RHEL 8 audit system must protect auditing rules from unauthorized change. |
|
| RHEL-08-030122 |
V1R3 |
RHEL 8 audit system must protect logon UIDs from unauthorized change. |
|
| UBTU-20-010122 |
V1R12 |
The Ubuntu operating system must be configured so that audit log files are not read or write-accessible by unauthorized users. |
|
| UBTU-20-010123 |
V1R12 |
The Ubuntu operating system must be configured to permit only authorized users ownership of the audit log files. |
|
| UBTU-20-010124 |
V1R12 |
The Ubuntu operating system must permit only authorized groups ownership of the audit log files. |
|
| SLES-15-030600 |
V1R12 |
The SUSE operating system must protect audit rules from unauthorized modification. |
|
| WN11-AU-000515 |
V2R2 |
Windows 11 permissions for the Application event log must prevent access by non-privileged accounts. |
|
| WN11-AU-000520 |
V2R2 |
Windows 11 permissions for the Security event log must prevent access by non-privileged accounts. |
|
| WN11-AU-000525 |
V2R2 |
Windows 11 permissions for the System event log must prevent access by non-privileged accounts. |
|
| WN11-UR-000130 |
V2R2 |
The "Manage auditing and security log" user right must only be assigned to the Administrators group. |
|
| WN10-AU-000515 |
V3R2 |
Windows 10 permissions for the Application event log must prevent access by non-privileged accounts. |
|
| WN10-AU-000520 |
V3R2 |
Windows 10 permissions for the Security event log must prevent access by non-privileged accounts. |
|
| WN10-AU-000525 |
V3R2 |
Windows 10 permissions for the System event log must prevent access by non-privileged accounts. |
|
| WN10-UR-000130 |
V3R2 |
The Manage auditing and security log user right must only be assigned to the Administrators group. |
|
| WN19-AU-000030 |
V3R2 |
Windows Server 2019 permissions for the Application event log must prevent access by non-privileged accounts. |
|
| WN19-AU-000040 |
V3R2 |
Windows Server 2019 permissions for the Security event log must prevent access by non-privileged accounts. |
|
| WN19-AU-000050 |
V3R2 |
Windows Server 2019 permissions for the System event log must prevent access by non-privileged accounts. |
|
| WN19-UR-000170 |
V3R2 |
Windows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group. |
|
| UBTU-22-653045 |
V2R2 |
Ubuntu 22.04 LTS must be configured so that audit log files are not read- or write-accessible by unauthorized users. |
|
| UBTU-22-653050 |
V2R2 |
Ubuntu 22.04 LTS must be configured to permit only authorized users ownership of the audit log files. |
|
| UBTU-22-653055 |
V2R2 |
Ubuntu 22.04 LTS must permit only authorized groups ownership of the audit log files. |
|
| WN16-AU-000030 |
V2R7 |
Permissions for the Application event log must prevent access by non-privileged accounts. |
|
| WN16-AU-000040 |
V2R7 |
Permissions for the Security event log must prevent access by non-privileged accounts. |
|
| WN16-AU-000050 |
V2R7 |
Permissions for the System event log must prevent access by non-privileged accounts. |
|
| WN16-UR-000260 |
V2R7 |
The Manage auditing and security log user right must only be assigned to the Administrators group. |
|
| WN22-AU-000030 |
V1R4 |
Windows Server 2022 permissions for the Application event log must prevent access by nonprivileged accounts. |
|
| WN22-AU-000040 |
V1R4 |
Windows Server 2022 permissions for the Security event log must prevent access by nonprivileged accounts. |
|
| WN22-AU-000050 |
V1R4 |
Windows Server 2022 permissions for the System event log must prevent access by nonprivileged accounts. |
|
| WN22-UR-000170 |
V1R4 |
Windows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group. |
|
| RHEL-07-910055 |
V3R6 |
The Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion. |
|
| RHEL-09-653080 |
V1R3 |
RHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access. |
|
| RHEL-09-653085 |
V1R3 |
RHEL 9 audit log directory must be owned by root to prevent unauthorized read access. |
|
| RHEL-09-653090 |
V1R3 |
RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log. |
|
| RHEL-09-654275 |
V1R3 |
RHEL 9 audit system must protect auditing rules from unauthorized change. |
|
| OL08-00-030070 |
V1R3 |
OL 8 audit logs must have a mode of "0600" or less permissive to prevent unauthorized read access. |
|
| OL08-00-030080 |
V1R3 |
OL 8 audit logs must be owned by root to prevent unauthorized read access. |
|
| OL08-00-030090 |
V1R3 |
OL 8 audit logs must be group-owned by root to prevent unauthorized read access. |
|
| OL08-00-030100 |
V1R3 |
The OL 8 audit log directory must be owned by root to prevent unauthorized read access. |
|
| OL08-00-030110 |
V1R3 |
The OL 8 audit log directory must be group-owned by root to prevent unauthorized read access. |
|
| OL08-00-030120 |
V1R3 |
The OL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access. |
|
| OL08-00-030121 |
V1R3 |
The OL 8 audit system must protect auditing rules from unauthorized change. |
|
| OL08-00-030122 |
V1R3 |
The OL 8 audit system must protect logon UIDs from unauthorized change. |
|
| OL07-00-910055 |
V2R11 |
The Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion. |
|