Revision 1.11Oct 5, 2020
Functional Update
- 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0
- 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux = 0
- 1.6.1.2 Ensure the SELinux state is enforcing - 'Current mode'
- 1.6.1.2 Ensure the SELinux state is enforcing - 'Mode from config file'
- 1.6.1.2 Ensure the SELinux state is enforcing - 'SELINUX'
- 1.6.1.2 Ensure the SELinux state is enforcing - 'SELinux status'
- 1.6.1.3 Ensure SELinux policy is configured - 'Policy from config file'
- 1.6.1.3 Ensure SELinux policy is configured - 'SELINUXTYPE'
- 1.6.1.4 Ensure no unconfined daemons exist
- 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration
- 1.6.2.2 Ensure all AppArmor Profiles are enforcing - 'complian mode'
- 1.6.2.2 Ensure all AppArmor Profiles are enforcing - 'profiles loaded'
- 1.6.2.2 Ensure all AppArmor Profiles are enforcing - 'unconfined processes'
- 1.6.3 Ensure SELinux or AppArmor are installed
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat (64-bit)
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown (64-bit)
- 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl xattr (64-bit)
- 4.1.10 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit)
- 4.1.10 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown (64-bit)
- 4.1.10 Ensure discretionary access control permission modification events are collected - xattr (64-bit)
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit)
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (64-bit)
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (64-bit)
- 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (64-bit)
- 4.1.13 Ensure successful file system mounts are collected (64-bit)
- 4.1.13 Ensure successful file system mounts are collected - auditctl (64-bit)
- 4.1.14 Ensure file deletion events by users are collected (64-bit)
- 4.1.14 Ensure file deletion events by users are collected - auditctl (64-bit)
- 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module/delete_module (64-bit)
- 4.1.17 Ensure kernel module loading and unloading is collected - init_module/delete_module (64-bit)
- 4.1.4 Ensure events that modify date and time information are collected - adjtimex (64-bit)
- 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)
- 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit)
- 4.1.4 Ensure events that modify date and time information are collected - clock_settime (64-bit)
- 4.1.6 Ensure events that modify the system's network environment are collected - auditctl sethostname (64-bit)
- 4.1.6 Ensure events that modify the system's network environment are collected - sethostname (64-bit)
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor.d/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor.d/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux/
- 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux/
