UBTU-18-010201 - The Ubuntu operating system must generate audit records for the use and modification of the tallylog file.
UBTU-18-010202 - The Ubuntu operating system must generate audit records for the use and modification of faillog file.
UBTU-18-010203 - The Ubuntu operating system must generate audit records for the use and modification of the lastlog file.
UBTU-18-010237 - The Ubuntu operating system must generate audit records for privileged activities or other system-level access.
UBTU-18-010238 - The Ubuntu operating system must generate audit records for the /var/log/wtmp file.
UBTU-18-010239 - The Ubuntu operating system must generate audit records for the /var/run/wtmp file.
UBTU-18-010240 - The Ubuntu operating system must generate audit records for the /var/log/btmp file.
UBTU-18-010244 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
UBTU-18-010245 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
UBTU-18-010246 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
UBTU-18-010247 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
UBTU-18-010248 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
UBTU-18-010315 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command - audit.rules
UBTU-18-010316 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command - audit.rules
UBTU-18-010317 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command - audit.rules
UBTU-18-010318 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command - audit.rules
UBTU-18-010319 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command - audit.rules
UBTU-18-010320 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command - audit.rules
UBTU-18-010321 - The Ubuntu operating system must generate audit records for any usage of the setxattr system call - root b32
UBTU-18-010321 - The Ubuntu operating system must generate audit records for any usage of the setxattr system call - root b64
UBTU-18-010321 - The Ubuntu operating system must generate audit records for any usage of the setxattr system call - user b32
UBTU-18-010321 - The Ubuntu operating system must generate audit records for any usage of the setxattr system call - user b64
UBTU-18-010322 - The Ubuntu operating system must generate audit records for any usage of the lsetxattr system call - root b32
UBTU-18-010322 - The Ubuntu operating system must generate audit records for any usage of the lsetxattr system call - root b64
UBTU-18-010322 - The Ubuntu operating system must generate audit records for any usage of the lsetxattr system call - user b32
UBTU-18-010322 - The Ubuntu operating system must generate audit records for any usage of the lsetxattr system call - user b64
UBTU-18-010323 - The Ubuntu operating system must generate audit records for any usage of the fsetxattr system call - root b32
UBTU-18-010323 - The Ubuntu operating system must generate audit records for any usage of the fsetxattr system call - root b64
UBTU-18-010323 - The Ubuntu operating system must generate audit records for any usage of the fsetxattr system call - user b32
UBTU-18-010323 - The Ubuntu operating system must generate audit records for any usage of the fsetxattr system call - user b64
UBTU-18-010324 - The Ubuntu operating system must generate audit records for any usage of the removexattr system call - root b32
UBTU-18-010324 - The Ubuntu operating system must generate audit records for any usage of the removexattr system call - root b64
UBTU-18-010324 - The Ubuntu operating system must generate audit records for any usage of the removexattr system call - user b32
UBTU-18-010324 - The Ubuntu operating system must generate audit records for any usage of the removexattr system call - user b64
UBTU-18-010325 - The Ubuntu operating system must generate audit records for any usage of the lremovexattr system call - root b32
UBTU-18-010325 - The Ubuntu operating system must generate audit records for any usage of the lremovexattr system call - root b64
UBTU-18-010325 - The Ubuntu operating system must generate audit records for any usage of the lremovexattr system call - user b32
UBTU-18-010325 - The Ubuntu operating system must generate audit records for any usage of the lremovexattr system call - user b64
UBTU-18-010326 - The Ubuntu operating system must generate audit records for any usage of the fremovexattr system call - root b32
UBTU-18-010326 - The Ubuntu operating system must generate audit records for any usage of the fremovexattr system call - root b64
UBTU-18-010326 - The Ubuntu operating system must generate audit records for any usage of the fremovexattr system call - user b32
UBTU-18-010326 - The Ubuntu operating system must generate audit records for any usage of the fremovexattr system call - user b64
UBTU-18-010327 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown system call - b32
UBTU-18-010327 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown system call - b64
UBTU-18-010328 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchown system call - b32
UBTU-18-010328 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchown system call - b64
UBTU-18-010329 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchownat system call - b32
UBTU-18-010329 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchownat system call - b64
UBTU-18-010330 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the lchown system call - b32
UBTU-18-010330 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the lchown system call - b64
UBTU-18-010331 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod system call - b32
UBTU-18-010331 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod system call - b64
UBTU-18-010332 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchmod system call - b32
UBTU-18-010332 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchmod system call - b64
UBTU-18-010333 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchmodat system call - b32
UBTU-18-010333 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the fchmodat system call - b64
UBTU-18-010334 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open system call - EACCES b32
UBTU-18-010334 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open system call - EACCES b64
UBTU-18-010334 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open system call - EPERM b32
UBTU-18-010334 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open system call - EPERM b64
UBTU-18-010338 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the openat system call - EACCES b32
UBTU-18-010338 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the openat system call - EACCES b64
UBTU-18-010338 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the openat system call - EPERM b32
UBTU-18-010338 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the openat system call - EPERM b64
UBTU-18-010339 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open_by_handle_at system call - EACCES b32
UBTU-18-010339 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open_by_handle_at system call - EACCES b64
UBTU-18-010339 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open_by_handle_at system call - EPERM b32
UBTU-18-010339 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the open_by_handle_at system call - EPERM b64
UBTU-18-010340 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.
UBTU-18-010341 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.
UBTU-18-010342 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.
UBTU-18-010343 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.
UBTU-18-010344 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.
UBTU-18-010345 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
UBTU-18-010346 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.
UBTU-18-010347 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.
UBTU-18-010348 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the passwd command.
UBTU-18-010349 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.
UBTU-18-010350 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.
UBTU-18-010351 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.
UBTU-18-010352 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the usermod command.
UBTU-18-010353 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the crontab command.
UBTU-18-010354 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
UBTU-18-010355 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the init_module syscall - b32
UBTU-18-010355 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the init_module syscall - b64
UBTU-18-010356 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the finit_module syscall - b32
UBTU-18-010356 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the finit_module syscall - b64
UBTU-18-010357 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the delete_module syscall - b32
UBTU-18-010357 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the delete_module syscall - b64
UBTU-18-010358 - The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions - egid b32
UBTU-18-010358 - The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions - egid b64
UBTU-18-010358 - The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions - euid b32
UBTU-18-010358 - The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions - euid b64
UBTU-18-010366 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use setxattr system call - b32
UBTU-18-010366 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use setxattr system call - b64
UBTU-18-010367 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use lsetxattr system call - b32
UBTU-18-010367 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use lsetxattr system call - b64
UBTU-18-010368 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use fsetxattr system call - b32
UBTU-18-010368 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use fsetxattr system call - b64
UBTU-18-010369 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the removexattr system call - b32
UBTU-18-010369 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the removexattr system call - b64
UBTU-18-010370 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the lremovexattr system call - b32
UBTU-18-010370 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the lremovexattr system call - b64
UBTU-18-010375 - The Ubuntu operating system must generate audit records when successful/unsuccessful use of unlink system call - b32
UBTU-18-010375 - The Ubuntu operating system must generate audit records when successful/unsuccessful use of unlink system call - b64
UBTU-18-010376 - The Ubuntu operating system must generate audit records when successful/unsuccessful use of unlinkat system call - b32
UBTU-18-010376 - The Ubuntu operating system must generate audit records when successful/unsuccessful use of unlinkat system call - b64
UBTU-18-010377 - The Ubuntu operating system must generate audit records when successful/unsuccessful use of rename system call - b32
UBTU-18-010377 - The Ubuntu operating system must generate audit records when successful/unsuccessful use of rename system call - b64
UBTU-18-010378 - The Ubuntu operating system must generate audit records when successful/unsuccessful use of renameat system call - b32
UBTU-18-010378 - The Ubuntu operating system must generate audit records when successful/unsuccessful use of renameat system call - b64
UBTU-18-010379 - The Ubuntu operating system must generate audit records when loading dynamic kernel modules - b32
UBTU-18-010379 - The Ubuntu operating system must generate audit records when loading dynamic kernel modules - b64
UBTU-18-010380 - The Ubuntu operating system must generate audit records when unloading dynamic kernel modules - b32
UBTU-18-010380 - The Ubuntu operating system must generate audit records when unloading dynamic kernel modules - b64
UBTU-18-010382 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the truncate system call - EACCES b32
UBTU-18-010382 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the truncate system call - EACCES b64
UBTU-18-010382 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the truncate system call - EPERM b32
UBTU-18-010382 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the truncate system call - EPERM b64
UBTU-18-010383 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the ftruncate system call - EACCES b32
UBTU-18-010383 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the ftruncate system call - EACCES b64
UBTU-18-010383 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the ftruncate system call - EPERM b32
UBTU-18-010383 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the ftruncate system call - EPERM b64
UBTU-18-010384 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the creat system call - EACCES b32
UBTU-18-010384 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the creat system call - EACCES b64
UBTU-18-010384 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the creat system call - EPERM b32
UBTU-18-010384 - The Ubuntu operating system must generate audit records when successful/unsuccessful uses of the creat system call - EPERM b64
UBTU-18-010387 - The Ubuntu operating system must generate records for successful/unsuccessful uses of init_module or finit_module syscalls - b32
UBTU-18-010387 - The Ubuntu operating system must generate records for successful/unsuccessful uses of init_module or finit_module syscalls - b64
UBTU-18-010388 - The Ubuntu operating system must generate records for successful/unsuccessful uses of delete_module syscall - b32
UBTU-18-010388 - The Ubuntu operating system must generate records for successful/unsuccessful uses of delete_module syscall - b64
UBTU-18-010389 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use modprobe command.
UBTU-18-010391 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the kmod command.
UBTU-18-010392 - The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the fdisk command.
UBTU-18-010410 - The Ubuntu operating system must monitor remote access methods - daemon.notice
UBTU-18-010411 - The Ubuntu operating system must implement DoD-approved encryption to protect the confidentiality of remote access sessions.
UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - audispd
UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - auditctl
UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - auditd
UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - augenrules
UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - aureport
UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - ausearch
UBTU-18-010506 - The Ubuntu operating system must use cryptographic mechanisms to protect the integrity of audit tools - autrace
Informational Update
UBTU-18-010410 - The Ubuntu operating system must monitor remote access methods - daemon.notice