Detections
Analytics

Revision 1.2

Sep 9, 2019
Functional Update
  • 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat
  • 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat x64
  • 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown
  • 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown x64
  • 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl lsetxattr setxattr fsetxattr removexattr
  • 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr x64
  • 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES
  • 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES x64
  • 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM
  • 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM x64
  • 4.1.13 Ensure successful file system mounts are collected - auditctl mount
  • 4.1.13 Ensure successful file system mounts are collected - auditctl mount x64
  • 4.1.14 Ensure file deletion events by users are collected - auditctl delete
  • 4.1.14 Ensure file deletion events by users are collected - auditctl delete x64
  • 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module
  • 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex
  • 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime
  • 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime x64
  • 4.1.4 Ensure events that modify date and time information are collected - auditctl settimeofday,adjtimex x64
  • 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
  • 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname'
  • 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' x64
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor.d
Informational Update
  • 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
Added
  • 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/network'
Removed
  • 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/sysconfig/network'