Detections
Analytics

Revision 1.7

Oct 20, 2020
Functional Update
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit)
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (64-bit)
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/group'
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/gshadow'
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/passwd'
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/security/opasswd'
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/shadow'
  • 4.1.12 Ensure successful file system mounts are collected
  • 4.1.12 Ensure successful file system mounts are collected - b64
  • 4.1.14 Ensure file deletion events by users are collected - x64
  • 4.1.14 Ensure file deletion events by users are collected - x86
  • 4.1.15 Ensure kernel module loading and unloading is collected - insmod
  • 4.1.15 Ensure kernel module loading and unloading is collected - modprobe
  • 4.1.15 Ensure kernel module loading and unloading is collected - modules
  • 4.1.15 Ensure kernel module loading and unloading is collected - rmmod
  • 4.1.16 Ensure system administrator actions (sudolog) are collected - actions
  • 4.1.17 Ensure the audit configuration is immutable
  • 4.1.3 Ensure changes to system administration scope (sudoers) is collected - sudoers
  • 4.1.3 Ensure changes to system administration scope (sudoers) is collected - sudoers.d
  • 4.1.4 Ensure login and logout events are collected - /var/log/faillog
  • 4.1.4 Ensure login and logout events are collected - /var/log/lastlog
  • 4.1.5 Ensure session initiation information is collected - btmp
  • 4.1.5 Ensure session initiation information is collected - utmp
  • 4.1.5 Ensure session initiation information is collected - wtmp
  • 4.1.6 Ensure events that modify date and time information are collected - /etc/localtime
  • 4.1.6 Ensure events that modify date and time information are collected - adjtimex
  • 4.1.6 Ensure events that modify date and time information are collected - adjtimex x64
  • 4.1.6 Ensure events that modify date and time information are collected - clock_settime
  • 4.1.6 Ensure events that modify date and time information are collected - clock_settime x64
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - *.rules /etc/selinux/
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - *.rules /usr/share/selinux/
  • 4.1.8 Ensure events that modify the system's network environment are collected - /etc/hosts
  • 4.1.8 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
  • 4.1.8 Ensure events that modify the system's network environment are collected - issue
  • 4.1.8 Ensure events that modify the system's network environment are collected - issue.net
  • 4.1.8 Ensure events that modify the system's network environment are collected - sethostname (32-bit)
  • 4.1.8 Ensure events that modify the system's network environment are collected - sethostname (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr/removexattr
  • 4.1.9 Ensure discretionary access control permission modification events are collected - xattr (64-bit)
Informational Update
  • 1.1.1.2 Ensure mounting of vFAT filesystems is limited - lsmod
Added
  • 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration
Removed
  • 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux = 0