| 4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers.d | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.10 Ensure use of privileged commands is collected | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.13 Ensure login and logout events are collected - faillock | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.13 Ensure login and logout events are collected - lastlog | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.19 Ensure audit all uses of the chsh command. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.38 Ensure audit of the su command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.40 Ensure audit all uses of the newgrp command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-047650 - AlmaLinux OS 9 must generate audit records for any use of the "mount" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-047760 - AlmaLinux OS 9 must generate audit records for any use of the "umount" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-047870 - Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record. | DISA CloudLinux AlmaLinux OS 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-14-001044 The macOS system must configure the system to audit all authorization and authentication events. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| APPL-15-001002 - The macOS system must be configured to audit all login and logout events. | DISA Apple macOS 15 (Sequoia) STIG v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL07-00-030610 - The Oracle Linux operating system must generate audit records for all unsuccessful account access events. | DISA Oracle Linux 7 STIG v3r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL07-00-030740 - The Oracle Linux operating system must audit all uses of the mount command and syscall. | DISA Oracle Linux 7 STIG v3r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030510 - The Red Hat Enterprise Linux operating system must audit all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030570 - The Red Hat Enterprise Linux operating system must audit all uses of the setsebool command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030740 - The Red Hat Enterprise Linux operating system must audit all uses of the mount command and syscall. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030750 - The Red Hat Enterprise Linux operating system must audit all uses of the umount command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030760 - The Red Hat Enterprise Linux operating system must audit all uses of the postdrop command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030770 - The Red Hat Enterprise Linux operating system must audit all uses of the postqueue command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030910 - The Red Hat Enterprise Linux operating system must audit all uses of the unlink, unlinkat, rename, renameat, and rmdir syscalls. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654205 - Successful/unsuccessful uses of the umount system call in RHEL 9 must generate an audit record. | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020411 - The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls. | DISA SLES 12 STIG v3r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030060 - The SUSE operating system must generate audit records for all uses of the ssh-keysign command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030080 - The SUSE operating system must generate audit records for all uses of the gpasswd command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030100 - The SUSE operating system must generate audit records for a uses of the chsh command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030130 - The SUSE operating system must generate audit records for all uses of the crontab command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030140 - The SUSE operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030190 - The SUSE operating system must generate audit records for all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030250 - The SUSE operating system must generate audit records for all uses of the chown, fchown, fchownat, and lchown system calls. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030290 - The SUSE operating system must generate audit records for all uses of the chmod, fchmod, and fchmodat system calls. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030340 - The SUSE operating system must generate audit records for all uses of the chfn command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030350 - The SUSE operating system must generate audit records for all uses of the mount system call. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030370 - The SUSE operating system must generate audit records for all uses of the ssh-agent command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030380 - The SUSE operating system must generate audit records for all uses of the insmod command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030390 - The SUSE operating system must generate audit records for all uses of the rmmod command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030400 - The SUSE operating system must generate audit records for all uses of the modprobe command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030420 - The SUSE operating system must generate audit records for all uses of the chmod command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030440 - The SUSE operating system must generate audit records for all uses of the chacl command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030450 - The SUSE operating system must generate audit records for all uses of the chcon command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030460 - The SUSE operating system must generate audit records for all uses of the rm command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030470 - The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030480 - The SUSE operating system must generate audit records for all modifications to the lastlog file. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030490 - The SUSE operating system must generate audit records for all uses of the passmass command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030500 - The SUSE operating system must generate audit records for all uses of the usermod command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030510 - The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030520 - The SUSE operating system must generate audit records for all uses of the delete_module system call. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030530 - The SUSE operating system must generate audit records for all uses of the init_module and finit_module system calls. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030560 - The SUSE operating system must generate audit records for all uses of the sudo command. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
