SRG-OS-000062-GPOS-00031 Controls

STIG ID Version Title Product
RHEL-08-030130 V1R3 RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
RHEL-08-030140 V1R3 RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
RHEL-08-030150 V1R3 RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
RHEL-08-030160 V1R3 RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
RHEL-08-030170 V1R3 RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
RHEL-08-030171 V1R3 RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.
RHEL-08-030172 V1R3 RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/.
RHEL-08-030180 V1R3 The RHEL 8 audit package must be installed.
RHEL-08-030190 V1R3 Successful/unsuccessful uses of the su command in RHEL 8 must generate an audit record.
RHEL-08-030200 V1R3 The RHEL 8 audit system must be configured to audit any usage of the lremovexattr system call.
RHEL-08-030210 V1R3 The RHEL 8 audit system must be configured to audit any usage of the removexattr system call.
RHEL-08-030220 V1R3 The RHEL 8 audit system must be configured to audit any usage of the lsetxattr system call.
RHEL-08-030230 V1R3 The RHEL 8 audit system must be configured to audit any usage of the fsetxattr system call.
RHEL-08-030240 V1R3 The RHEL 8 audit system must be configured to audit any usage of the fremovexattr system call.
RHEL-08-030250 V1R3 Successful/unsuccessful uses of the chage command in RHEL 8 must generate an audit record.
RHEL-08-030260 V1R3 Successful/unsuccessful uses of the chcon command in RHEL 8 must generate an audit record.
RHEL-08-030270 V1R3 The RHEL 8 audit system must be configured to audit any usage of the setxattr system call.
RHEL-08-030280 V1R3 Successful/unsuccessful uses of the ssh-agent in RHEL 8 must generate an audit record.
RHEL-08-030290 V1R3 Successful/unsuccessful uses of the passwd command in RHEL 8 must generate an audit record.
RHEL-08-030300 V1R3 Successful/unsuccessful uses of the mount command in RHEL 8 must generate an audit record.
RHEL-08-030301 V1R3 Successful/unsuccessful uses of the umount command in RHEL 8 must generate an audit record.
RHEL-08-030302 V1R3 Successful/unsuccessful uses of the mount syscall in RHEL 8 must generate an audit record.
RHEL-08-030310 V1R3 Successful/unsuccessful uses of the unix_update in RHEL 8 must generate an audit record.
RHEL-08-030311 V1R3 Successful/unsuccessful uses of postdrop in RHEL 8 must generate an audit record.
RHEL-08-030312 V1R3 Successful/unsuccessful uses of postqueue in RHEL 8 must generate an audit record.
RHEL-08-030313 V1R3 Successful/unsuccessful uses of semanage in RHEL 8 must generate an audit record.
RHEL-08-030314 V1R3 Successful/unsuccessful uses of setfiles in RHEL 8 must generate an audit record.
RHEL-08-030315 V1R3 Successful/unsuccessful uses of userhelper in RHEL 8 must generate an audit record.
RHEL-08-030316 V1R3 Successful/unsuccessful uses of setsebool in RHEL 8 must generate an audit record.
RHEL-08-030317 V1R3 Successful/unsuccessful uses of unix_chkpwd in RHEL 8 must generate an audit record.
RHEL-08-030320 V1R3 Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record.
RHEL-08-030330 V1R3 Successful/unsuccessful uses of the setfacl command in RHEL 8 must generate an audit record.
RHEL-08-030340 V1R3 Successful/unsuccessful uses of the pam_timestamp_check command in RHEL 8 must generate an audit record.
RHEL-08-030350 V1R3 Successful/unsuccessful uses of the newgrp command in RHEL 8 must generate an audit record.
RHEL-08-030360 V1R3 Successful/unsuccessful uses of the init_module command in RHEL 8 must generate an audit record.
RHEL-08-030361 V1R3 Successful/unsuccessful uses of the rename command in RHEL 8 must generate an audit record.
RHEL-08-030362 V1R3 Successful/unsuccessful uses of the renameat command in RHEL 8 must generate an audit record.
RHEL-08-030363 V1R3 Successful/unsuccessful uses of the rmdir command in RHEL 8 must generate an audit record.
RHEL-08-030364 V1R3 Successful/unsuccessful uses of the unlink command in RHEL 8 must generate an audit record.
RHEL-08-030365 V1R3 Successful/unsuccessful uses of the unlinkat command in RHEL 8 must generate an audit record.
RHEL-08-030370 V1R3 Successful/unsuccessful uses of the gpasswd command in RHEL 8 must generate an audit record.
RHEL-08-030380 V1R3 Successful/unsuccessful uses of the finit_module command in RHEL 8 must generate an audit record.
RHEL-08-030390 V1R3 Successful/unsuccessful uses of the delete_module command in RHEL 8 must generate an audit record.
RHEL-08-030400 V1R3 Successful/unsuccessful uses of the crontab command in RHEL 8 must generate an audit record.
RHEL-08-030410 V1R3 Successful/unsuccessful uses of the chsh command in RHEL 8 must generate an audit record.
RHEL-08-030420 V1R3 Successful/unsuccessful uses of the truncate command in RHEL 8 must generate an audit record.
RHEL-08-030430 V1R3 Successful/unsuccessful uses of the openat system call in RHEL 8 must generate an audit record.
RHEL-08-030440 V1R3 Successful/unsuccessful uses of the open system call in RHEL 8 must generate an audit record.
RHEL-08-030450 V1R3 Successful/unsuccessful uses of the open_by_handle_at system call in RHEL 8 must generate an audit record.
RHEL-08-030460 V1R3 Successful/unsuccessful uses of the ftruncate command in RHEL 8 must generate an audit record.
RHEL-08-030470 V1R3 Successful/unsuccessful uses of the creat system call in RHEL 8 must generate an audit record.
RHEL-08-030480 V1R3 Successful/unsuccessful uses of the chown command in RHEL 8 must generate an audit record.
RHEL-08-030490 V1R3 Successful/unsuccessful uses of the chmod command in RHEL 8 must generate an audit record.
RHEL-08-030500 V1R3 Successful/unsuccessful uses of the lchown system call in RHEL 8 must generate an audit record.
RHEL-08-030510 V1R3 Successful/unsuccessful uses of the fchownat system call in RHEL 8 must generate an audit record.
RHEL-08-030520 V1R3 Successful/unsuccessful uses of the fchown system call in RHEL 8 must generate an audit record.
RHEL-08-030530 V1R3 Successful/unsuccessful uses of the fchmodat system call in RHEL 8 must generate an audit record.
RHEL-08-030540 V1R3 Successful/unsuccessful uses of the fchmod system call in RHEL 8 must generate an audit record.
RHEL-08-030550 V1R3 Successful/unsuccessful uses of the sudo command in RHEL 8 must generate an audit record.
RHEL-08-030560 V1R3 Successful/unsuccessful uses of the usermod command in RHEL 8 must generate an audit record.
RHEL-08-030570 V1R3 Successful/unsuccessful uses of the chacl command in RHEL 8 must generate an audit record.
RHEL-08-030580 V1R3 Successful/unsuccessful uses of the kmod command in RHEL 8 must generate an audit record.
RHEL-08-030590 V1R3 Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record.
RHEL-08-030600 V1R3 Successful/unsuccessful modifications to the lastlog file in RHEL 8 must generate an audit record.
RHEL-08-030601 V1R3 RHEL 8 must enable auditing of processes that start prior to the audit daemon.
RHEL-08-030603 V1R3 RHEL 8 must enable Linux audit logging for the USBGuard daemon.
RHEL-08-030181 V1R3 RHEL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
WN11-SO-000030 V2R2 Audit policy using subcategories must be enabled.
WN10-SO-000030 V3R2 Audit policy using subcategories must be enabled.
WN19-SO-000050 V3R2 Windows Server 2019 must force audit policy subcategory settings to override audit policy category settings.
WN16-SO-000050 V2R7 Audit policy using subcategories must be enabled.
WN22-SO-000050 V1R4 Windows Server 2022 must force audit policy subcategory settings to override audit policy category settings.
RHEL-09-291025 V1R3 RHEL 9 must enable Linux audit logging for the USBGuard daemon.
RHEL-09-653010 V1R3 RHEL 9 audit package must be installed.
RHEL-09-653015 V1R3 RHEL 9 audit service must be enabled.
RHEL-09-653075 V1R3 RHEL 9 audit system must audit local events.
OL08-00-030313 V1R3 OL 8 must generate audit records for any use of the "semanage" command.
OL08-00-030314 V1R3 OL 8 must generate audit records for any use of the "setfiles" command.
OL08-00-030315 V1R3 OL 8 must generate audit records for any use of the "userhelper" command.