| 4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers.d | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.10 Ensure use of privileged commands is collected | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.15 Ensure all uses of the passwd command are audited. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.16 Ensure auditing of the unix_chkpwd command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.17 Ensure audit of the gpasswd command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.18 Ensure audit all uses of chage | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.19 Ensure audit all uses of the chsh command. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.23 Ensure audit ssh-keysign command. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.24 Ensure audit of crontab command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.36 Ensure audit of the userhelper command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.38 Ensure audit of the su command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.40 Ensure audit all uses of the newgrp command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL07-00-030740 - The Oracle Linux operating system must audit all uses of the mount command and syscall - /etc/audit/audit.rules. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL07-00-030740 - The Oracle Linux operating system must audit all uses of the mount command and syscall. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-020240 - OL 8 duplicate User IDs (UIDs) must not exist for interactive users. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| OL08-00-030200 - The OL 8 audit system must be configured to audit any use of the 'setxattr', 'fsetxattr', 'lsetxattr', 'removexattr', 'fremovexattr', and 'lremovexattr' system calls. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030260 - OL 8 must generate audit records for any uses of the 'chcon' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030280 - OL 8 must generate audit records for any use of the 'ssh-agent' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030300 - OL 8 must generate audit records for any use of the 'mount' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030302 - OL 8 must generate audit records for any use of the 'mount' syscall. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030316 - OL 8 must generate audit records for any use of the 'setsebool' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030340 - OL 8 must generate audit records for any use of the 'pam_timestamp_check' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030350 - OL 8 must generate audit records for any use of the 'newgrp' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030370 - OL 8 must generate audit records for any use of the 'gpasswd' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030410 - OL 8 must generate audit records for any use of the 'chsh' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030490 - OL 8 must generate audit records for any use of the 'chmod', 'fchmod', and 'fchmodat' system calls. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030550 - OL 8 must generate audit records for any use of the 'sudo' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030570 - OL 8 must generate audit records for any use of the 'chacl' command. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030630 - The Red Hat Enterprise Linux operating system must audit all uses of the passwd command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030640 - The Red Hat Enterprise Linux operating system must audit all uses of the unix_chkpwd command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030650 - The Red Hat Enterprise Linux operating system must audit all uses of the gpasswd command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030660 - The Red Hat Enterprise Linux operating system must audit all uses of the chage command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030670 - The Red Hat Enterprise Linux operating system must audit all uses of the userhelper command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030740 - The Red Hat Enterprise Linux operating system must audit all uses of the mount command and syscall. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030750 - The Red Hat Enterprise Linux operating system must audit all uses of the umount command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030760 - The Red Hat Enterprise Linux operating system must audit all uses of the postdrop command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030770 - The Red Hat Enterprise Linux operating system must audit all uses of the postqueue command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030780 - The Red Hat Enterprise Linux operating system must audit all uses of the ssh-keysign command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030800 - The Red Hat Enterprise Linux operating system must audit all uses of the crontab command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-411030 - RHEL 9 duplicate User IDs (UIDs) must not exist for interactive users. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-654015 - RHEL 9 must audit all uses of the chmod, fchmod, and fchmodat system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654020 - RHEL 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654025 - RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654040 - RHEL 9 must audit all uses of the setfacl command. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654085 - RHEL 9 must audit all uses of the chage command. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654155 - RHEL 9 must audit all uses of the sudoedit command. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654160 - RHEL 9 must audit all uses of the unix_chkpwd command. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654175 - RHEL 9 must audit all uses of the usermod command. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020390 - Successful/unsuccessful uses of the umount command must generate an audit record. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
