| 3.2.4 Ensure suspicious packets are logged - 'net.ipv4.conf.default.log_martians' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - 'sysctl net.ipv4.conf.default.log_martians' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - '/etc/localtime' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'adjtimex - 64bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'adjtimex' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'adjtimex' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'auditctl adjtimex (64-bit)' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'auditctl clock_settime' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'clock_settime - 64bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - 'auditctl shadow' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl hosts' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl networks' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl sethostname/setdomainname (64-bit)' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl sethostname/setdomainname' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - '/usr/share/selinux/' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - 'auditctl /etc/apparmor.d/' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr' (64-bit) | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'auditctl EPERM' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'EPERM' (64-bit) | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/modprobe' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl modprobe' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl modprobe' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 Ensure logging is configured - '*.crit /var/log/warn' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 Ensure logging is configured - '*.emerg :omusrmsg:*' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 Ensure logging is configured - 'local0,local1.* -/var/log/localmessages' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 Ensure logging is configured - 'local0,local1.* -/var/log/localmessages' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 Ensure logging is configured - 'local2,local3.* -/var/log/localmessages' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 Ensure logging is configured - 'local4,local5.* -/var/log/localmessages' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 Ensure logging is configured - 'local6,local7.* -/var/log/localmessages' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.2 Ensure logging is configured - 'mail.info -/var/log/mail.info' | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Debug Level Daemon Logging - Check if permissions for /var/log/connlog are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure that system activity is audited | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3 Ensure SSH LogLevel is set to INFO | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 3.4 L2 Windows Audit v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - b32 chown fchown | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify date and time information are collected - audit.rules b64 clock_settime | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify date and time information are collected - auditctl b64 adjtimex | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify user/group information are collected - /etc/gshadow | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure events that modify user/group information are collected - /etc/shadow | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure kernel module loading and unloading is collected - insmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure successful file system mounts are collected - auditctl b64 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure suspicious packets are logged - /etc/sysctl ipv4 default log_martians | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure suspicious packets are logged - sysctl ipv4 all log_martians | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - b32 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Logs containing auditing information should be secured at the directory level. | TNS IBM HTTP Server Best Practice Middleware | Unix | AUDIT AND ACCOUNTABILITY |
