| ALMA-09-045670 |
V1R1 |
AlmaLinux OS 9 audit system must audit local events. |
|
| OL08-00-030313 |
V2R3 |
OL 8 must generate audit records for any use of the "semanage" command. |
|
| OL08-00-030314 |
V2R3 |
OL 8 must generate audit records for any use of the "setfiles" command. |
|
| OL08-00-030315 |
V2R3 |
OL 8 must generate audit records for any use of the "userhelper" command. |
|
| RHEL-08-030130 |
V2R2 |
RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. |
|
| RHEL-08-030140 |
V2R2 |
RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. |
|
| RHEL-08-030150 |
V2R2 |
RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. |
|
| RHEL-08-030160 |
V2R2 |
RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. |
|
| RHEL-08-030170 |
V2R2 |
RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. |
|
| RHEL-08-030171 |
V2R2 |
RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. |
|
| RHEL-08-030172 |
V2R2 |
RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/. |
|
| RHEL-08-030180 |
V2R2 |
The RHEL 8 audit package must be installed. |
|
| RHEL-08-030190 |
V2R2 |
Successful/unsuccessful uses of the su command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030200 |
V2R2 |
The RHEL 8 audit system must be configured to audit any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. |
|
| RHEL-08-030250 |
V2R2 |
Successful/unsuccessful uses of the chage command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030260 |
V2R2 |
Successful/unsuccessful uses of the chcon command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030280 |
V2R2 |
Successful/unsuccessful uses of the ssh-agent in RHEL 8 must generate an audit record. |
|
| RHEL-08-030290 |
V2R2 |
Successful/unsuccessful uses of the passwd command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030300 |
V2R2 |
Successful/unsuccessful uses of the mount command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030301 |
V2R2 |
Successful/unsuccessful uses of the umount command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030302 |
V2R2 |
Successful/unsuccessful uses of the mount syscall in RHEL 8 must generate an audit record. |
|
| RHEL-08-030310 |
V2R2 |
Successful/unsuccessful uses of the unix_update in RHEL 8 must generate an audit record. |
|
| RHEL-08-030311 |
V2R2 |
Successful/unsuccessful uses of postdrop in RHEL 8 must generate an audit record. |
|
| RHEL-08-030312 |
V2R2 |
Successful/unsuccessful uses of postqueue in RHEL 8 must generate an audit record. |
|
| RHEL-08-030313 |
V2R2 |
Successful/unsuccessful uses of semanage in RHEL 8 must generate an audit record. |
|
| RHEL-08-030314 |
V2R2 |
Successful/unsuccessful uses of setfiles in RHEL 8 must generate an audit record. |
|
| RHEL-08-030315 |
V2R2 |
Successful/unsuccessful uses of userhelper in RHEL 8 must generate an audit record. |
|
| RHEL-08-030316 |
V2R2 |
Successful/unsuccessful uses of setsebool in RHEL 8 must generate an audit record. |
|
| RHEL-08-030317 |
V2R2 |
Successful/unsuccessful uses of unix_chkpwd in RHEL 8 must generate an audit record. |
|
| RHEL-08-030320 |
V2R2 |
Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record. |
|
| RHEL-08-030330 |
V2R2 |
Successful/unsuccessful uses of the setfacl command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030340 |
V2R2 |
Successful/unsuccessful uses of the pam_timestamp_check command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030350 |
V2R2 |
Successful/unsuccessful uses of the newgrp command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030360 |
V2R2 |
Successful/unsuccessful uses of the init_module and finit_module system calls in RHEL 8 must generate an audit record. |
|
| RHEL-08-030361 |
V2R2 |
Successful/unsuccessful uses of the rename, unlink, rmdir, renameat, and unlinkat system calls in RHEL 8 must generate an audit record. |
|
| RHEL-08-030370 |
V2R2 |
Successful/unsuccessful uses of the gpasswd command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030390 |
V2R2 |
Successful/unsuccessful uses of the delete_module command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030400 |
V2R2 |
Successful/unsuccessful uses of the crontab command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030410 |
V2R2 |
Successful/unsuccessful uses of the chsh command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030420 |
V2R2 |
Successful/unsuccessful uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls in RHEL 8 must generate an audit record. |
|
| RHEL-08-030480 |
V2R2 |
Successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls in RHEL 8 must generate an audit record. |
|
| RHEL-08-030490 |
V2R2 |
Successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls in RHEL 8 must generate an audit record. |
|
| RHEL-08-030550 |
V2R2 |
Successful/unsuccessful uses of the sudo command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030560 |
V2R2 |
Successful/unsuccessful uses of the usermod command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030570 |
V2R2 |
Successful/unsuccessful uses of the chacl command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030580 |
V2R2 |
Successful/unsuccessful uses of the kmod command in RHEL 8 must generate an audit record. |
|
| RHEL-08-030590 |
V2R2 |
Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record. |
|
| RHEL-08-030600 |
V2R2 |
Successful/unsuccessful modifications to the lastlog file in RHEL 8 must generate an audit record. |
|
| RHEL-08-030601 |
V2R2 |
RHEL 8 must enable auditing of processes that start prior to the audit daemon. |
|
| RHEL-08-030603 |
V2R2 |
RHEL 8 must enable Linux audit logging for the USBGuard daemon. |
|
| RHEL-08-030181 |
V2R2 |
RHEL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events. |
|
| RHEL-09-291025 |
V2R3 |
RHEL 9 must enable Linux audit logging for the USBGuard daemon. |
|
| RHEL-09-653010 |
V2R3 |
RHEL 9 audit package must be installed. |
|
| RHEL-09-653015 |
V2R3 |
RHEL 9 audit service must be enabled. |
|
| RHEL-09-653075 |
V2R3 |
RHEL 9 audit system must audit local events. |
|
| WN10-SO-000030 |
V3R3 |
Audit policy using subcategories must be enabled. |
|
| WN11-SO-000030 |
V2R2 |
Audit policy using subcategories must be enabled. |
|
| WN16-SO-000050 |
V2R9 |
Audit policy using subcategories must be enabled. |
|
| WN19-SO-000050 |
V3R3 |
Windows Server 2019 must force audit policy subcategory settings to override audit policy category settings. |
|
| WN22-SO-000050 |
V2R3 |
Windows Server 2022 must force audit policy subcategory settings to override audit policy category settings. |
|