SRG-OS-000477-GPOS-00222 Rules

SRG-OS-000477-GPOS-00222 Controls

STIG ID	Version	Title
ALMA-09-046000	V1R2	Successful/unsuccessful uses of the init command in AlmaLinux OS 9 must generate an audit record.
ALMA-09-046220	V1R2	AlmaLinux OS 9 must generate audit records for any use of the "poweroff" command.
ALMA-09-046330	V1R2	AlmaLinux OS 9 must generate audit records for any use of the "reboot" command.
ALMA-09-046440	V1R2	AlmaLinux must generate audit records for any use of the "shutdown" command.
ALMA-09-046550	V1R2	AlmaLinux OS 9 must enable Linux audit logging for the USBGuard daemon.
ALMA-09-046660	V1R2	AlmaLinux OS 9 must audit all uses of the delete_module, init_module and finit_module system calls.
ALMA-09-049080	V1R2	AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock.
OL09-00-000730	V1R1	OL 9 must be configured so that successful/unsuccessful uses of the init command generate an audit record.
OL09-00-000735	V1R1	OL 9 must be configured so that successful/unsuccessful uses of the poweroff command generate an audit record.
OL09-00-000740	V1R1	OL 9 must be configured so that successful/unsuccessful uses of the reboot command generate an audit record.
OL09-00-000745	V1R1	OL 9 must be configured so that successful/unsuccessful uses of the shutdown command generate an audit record.
RHEL-09-654185	V2R4	Successful/unsuccessful uses of the init command in RHEL 9 must generate an audit record.
RHEL-09-654190	V2R4	Successful/unsuccessful uses of the poweroff command in RHEL 9 must generate an audit record.
RHEL-09-654195	V2R4	Successful/unsuccessful uses of the reboot command in RHEL 9 must generate an audit record.
RHEL-09-654200	V2R4	Successful/unsuccessful uses of the shutdown command in RHEL 9 must generate an audit record.
UBTU-18-010387	V2R15	The Ubuntu operating system must generate records for successful/unsuccessful uses of init_module or finit_module syscalls.
UBTU-18-010388	V2R15	The Ubuntu operating system must generate records for successful/unsuccessful uses of delete_module syscall and when unloading dynamic kernel modules.
UBTU-18-010389	V2R15	The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use modprobe command.
UBTU-18-010391	V2R15	The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the kmod command.
UBTU-18-010392	V2R15	The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the fdisk command.
UBTU-20-010296	V2R1	The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use modprobe command.
UBTU-20-010297	V2R1	The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the kmod command.
UBTU-20-010298	V2R1	The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the fdisk command.
UBTU-22-654045	V2R4	Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful attempts to use the fdisk command.
UBTU-22-654055	V2R4	Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful attempts to use the kmod command.
UBTU-22-654060	V2R4	Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful attempts to use modprobe command.
UBTU-24-900730	V1R1	Ubuntu 24.04 LTS must generate audit records when successful/unsuccessful attempts to use modprobe command.
UBTU-24-900740	V1R1	Ubuntu 24.04 LTS must generate audit records when successful/unsuccessful attempts to use the kmod command.
UBTU-24-900750	V1R1	Ubuntu 24.04 LTS must generate audit records when successful/unsuccessful attempts to use the fdisk command.
WN10-AU-000120	V3R4	The system must be configured to audit System - IPSec Driver failures.
WN11-AU-000120	V2R3	The system must be configured to audit System - IPsec Driver failures.