Apr 6, 2020 Miscellaneous- Audit deprecated.
- Metadata updated.
|
Sep 9, 2019 Functional Update- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat x64
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown x64
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl lsetxattr setxattr fsetxattr removexattr
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr x64
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES x64
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM x64
- 4.1.13 Ensure successful file system mounts are collected - auditctl mount
- 4.1.13 Ensure successful file system mounts are collected - auditctl mount x64
- 4.1.14 Ensure file deletion events by users are collected - auditctl delete
- 4.1.14 Ensure file deletion events by users are collected - auditctl delete x64
- 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module
- 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex
- 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime
- 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime x64
- 4.1.4 Ensure events that modify date and time information are collected - auditctl settimeofday,adjtimex x64
- 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
- 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname'
- 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' x64
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor.d
Informational Update- 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
Added- 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/network'
Removed- 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/sysconfig/network'
|
May 21, 2019 Functional Update- 4.1.1.2 Ensure system is disabled when audit logs are full - space_left_action
|
