Detections
Analytics

CIS CentOS 7 v3.1.2 Server L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS CentOS 7 v3.1.2 Server L2

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.13

Estimated Item Count: 122

File Details

Filename: CIS_CentOS_7_v3.1.2_Server_L2.audit

Size: 344 kB

MD5: d147a7dc1e42f1077fb902a5b3776160
SHA256: 55093bbe9d326dd05099437fa39f67f6654bee792cbc677c2adb9f4cec355499

Audit Changelog

 
Revision 1.13

Jun 17, 2024

Miscellaneous
  • Metadata updated.
Revision 1.12

Apr 12, 2024

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.11

Oct 6, 2023

Functional Update
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl (64 bit)
Miscellaneous
  • Metadata updated.
Revision 1.10

Jul 5, 2023

Functional Update
  • 4.1.2.2 Ensure audit logs are not automatically deleted
  • 4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root'
  • 4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt'
  • 4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email'
Revision 1.9

Apr 12, 2023

Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Revision 1.8

Apr 10, 2023

Functional Update
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl (64 bit)
  • 4.1.8 Ensure session initiation information is collected - btmp
  • 4.1.8 Ensure session initiation information is collected - wtmp
Revision 1.7

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.6

Jan 4, 2023

Miscellaneous
  • Metadata updated.
  • Variables updated.
Revision 1.5

Dec 7, 2022

Miscellaneous
  • Metadata updated.
Revision 1.4

Oct 4, 2022

Functional Update
  • 4.1.15 Ensure system administrator command executions (sudo) are collected
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl
Added
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - (64 bit)
  • 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl (64 bit)
  • 4.1.7 Ensure login and logout events are collected - /var/run/faillock
  • 4.1.7 Ensure login and logout events are collected - auditctl /var/run/faillock
Removed
  • 4.1.5 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network-scripts
  • 4.1.5 Ensure events that modify the system's network environment are collected - auditctl network-scripts
  • 4.1.7 Ensure login and logout events are collected - /var/log/faillog
  • 4.1.7 Ensure login and logout events are collected - /var/log/tallylog
  • 4.1.7 Ensure login and logout events are collected - /var/run/faillock/
  • 4.1.7 Ensure login and logout events are collected - auditctl /var/log/faillog
  • 4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylog
  • 4.1.7 Ensure login and logout events are collected - auditctl /var/run/faillock/