| 1.10.1 Ensure 'logging' is enabled | CIS Cisco Firewall ASA 8 L1 v4.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - sysctl.conf ipv4 all log_martians | CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl b32 clock_settime | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl b64 adjtimex | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl b64 clock_settime | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - b64 adjtimex | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'adjtimex' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'clock_settime - 64bit' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - b64 sethostname | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - '/etc/gshadow' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - '/etc/passwd' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - '/etc/issue.net' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - '/etc/apparmor.d/' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - '/etc/apparmor/' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylog | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylog | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure session initiation information is collected - /var/log/btmp | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure session initiation information is collected - /var/log/btmp | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 chmod | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 xattr | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 xattr | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EPERM | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EACCES | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - auditctl b32 delete | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - auditctl b32 delete | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - auditctl b64 delete | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - b32 delete | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - b64 delete | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.d | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.d | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module, delete_module | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - init_module, delete_module | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - modprobe | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure system administrator actions (sudolog) are collected | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure system administrator actions (sudolog) are collected | CIS Ubuntu Linux 16.04 LTS Server L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl | CIS Ubuntu Linux 16.04 LTS Server L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl | CIS Ubuntu Linux 16.04 LTS Workstation L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/rmmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.1 Ensure journald is configured to send logs to rsyslog | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Capture syslog AUTH Messages - Check if auth.info is set to var/log/authlog | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Capture syslog AUTH Messages - Check if authlog in /etc/logadm.conf is appropiately set | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Enable cron Logging - Check if CRONLOG is set to yes in /etc/default/cron. | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'naflags:lo,ad,ex' is set in /etc/security/audit_control. | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'root:lo,ad:no' is set in /etc/security/audit_user. | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
