CIS Red Hat EL8 Workstation L2 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Red Hat EL8 Workstation L2 v1.0.0

Updated: 7/2/2021

Authority: CIS

Plugin: Unix

Revision: 1.9

Estimated Item Count: 126

Audit Changelog

 
Revision 1.9

Jul 2, 2021

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.8

Jun 17, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.7

Oct 20, 2020

Functional Update
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit)
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM
  • 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (64-bit)
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/group'
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/gshadow'
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/passwd'
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/security/opasswd'
  • 4.1.11 Ensure events that modify user/group information are collected - '/etc/shadow'
  • 4.1.12 Ensure successful file system mounts are collected
  • 4.1.12 Ensure successful file system mounts are collected - b64
  • 4.1.14 Ensure file deletion events by users are collected - x64
  • 4.1.14 Ensure file deletion events by users are collected - x86
  • 4.1.15 Ensure kernel module loading and unloading is collected - insmod
  • 4.1.15 Ensure kernel module loading and unloading is collected - modprobe
  • 4.1.15 Ensure kernel module loading and unloading is collected - modules
  • 4.1.15 Ensure kernel module loading and unloading is collected - rmmod
  • 4.1.16 Ensure system administrator actions (sudolog) are collected - actions
  • 4.1.17 Ensure the audit configuration is immutable
  • 4.1.3 Ensure changes to system administration scope (sudoers) is collected - sudoers
  • 4.1.3 Ensure changes to system administration scope (sudoers) is collected - sudoers.d
  • 4.1.4 Ensure login and logout events are collected - /var/log/faillog
  • 4.1.4 Ensure login and logout events are collected - /var/log/lastlog
  • 4.1.5 Ensure session initiation information is collected - btmp
  • 4.1.5 Ensure session initiation information is collected - utmp
  • 4.1.5 Ensure session initiation information is collected - wtmp
  • 4.1.6 Ensure events that modify date and time information are collected - /etc/localtime
  • 4.1.6 Ensure events that modify date and time information are collected - adjtimex
  • 4.1.6 Ensure events that modify date and time information are collected - adjtimex x64
  • 4.1.6 Ensure events that modify date and time information are collected - clock_settime
  • 4.1.6 Ensure events that modify date and time information are collected - clock_settime x64
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - *.rules /etc/selinux/
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - *.rules /usr/share/selinux/
  • 4.1.8 Ensure events that modify the system's network environment are collected - /etc/hosts
  • 4.1.8 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
  • 4.1.8 Ensure events that modify the system's network environment are collected - issue
  • 4.1.8 Ensure events that modify the system's network environment are collected - issue.net
  • 4.1.8 Ensure events that modify the system's network environment are collected - sethostname (32-bit)
  • 4.1.8 Ensure events that modify the system's network environment are collected - sethostname (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr/removexattr
  • 4.1.9 Ensure discretionary access control permission modification events are collected - xattr (64-bit)
Revision 1.6

Oct 5, 2020

Functional Update
  • 1.1.1.2 Ensure mounting of vFAT filesystems is limited - lsmod
  • 1.1.1.2 Ensure mounting of vFAT filesystems is limited - modprobe
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - *.rules /etc/selinux/
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - *.rules /usr/share/selinux/
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux/
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux/
Miscellaneous
  • Platform check updated.
Revision 1.5

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.4

Jul 14, 2020

Miscellaneous
  • Metadata updated.
Revision 1.3

Jun 29, 2020

Functional Update
  • 4.1.13 Ensure use of privileged commands is collected
Informational Update
  • 4.1.13 Ensure use of privileged commands is collected
Miscellaneous
  • References updated.
Added
  • 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration
Removed
  • 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0
  • 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux = 0
Revision 1.2

Apr 17, 2020

Miscellaneous
  • References updated.
Revision 1.1

Feb 25, 2020

Miscellaneous
  • Metadata updated.