| 4.1.1.2 Ensure auditd service is enabled and running | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_ACCT must not exist' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_AUTH must not exist' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_END must not exist' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog 'authpriv.*' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F exit=-EACCES' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F exit=-EPERM' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F success=0' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002720-2 - The audit system must be configured to audit failed attempts to access files and programs - '-S open -F exit=-EPERM' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002720-3 - The audit system must be configured to audit failed attempts to access files and programs - '-S openat -F exit=-EPERM' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002720-3 - The audit system must be configured to audit failed attempts to access files and programs - '-S openat -F success=0' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002720-3 - The audit system must be configured to audit failed attempts to access files and programs - '-S openat -F success=0' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002720-4 - The audit system must be configured to audit failed attempts to access files and programs - '-S truncate -F success=0' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002720-4 - The audit system must be configured to audit failed attempts to access files and programs - '-S truncate -F success=0' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002720-5 - The audit system must be configured to audit failed attempts to access files and programs - '-S ftruncate -F exit=-EPERM' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002740 - The audit system must be configured to audit files and programs deleted by the user - '/etc/audit/audit.rules unlink' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002740-2 - The audit system must be configured to audit file deletions - 'rmdir' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820 - The audit system must be configured to audit all discretionary access control permission modifications - 'chmod' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820 - The audit system must be configured to audit all discretionary access control permission modifications - 'chmod' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002820-3 - The audit system must be configured to audit all discretionary access control permission modifications - 'fchmodat' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002820-4 - The audit system must be configured to audit all discretionary access control permission modifications - 'chown' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002820-4 - The audit system must be configured to audit all discretionary access control permission modifications - 'chown32' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820-5 - The audit system must be configured to audit all discretionary access control permission modifications - 'fchown' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820-5 - The audit system must be configured to audit all discretionary access control permission modifications - 'fchown32' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820-7 - The audit system must be configured to audit all discretionary access control permission modifications - 'lchown32' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820-8 - The audit system must be configured to audit all discretionary access control permission modifications - 'setxattr' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002820-11 - The audit system must be configured to audit all discretionary access control permission modifications - 'removexattr' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002820-12 - The audit system must be configured to audit all discretionary access control permission modifications - 'lremovexattr' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820-13 - The audit system must be configured to audit all discretionary access control permission modifications - 'fremovexattr' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002820-13 - The audit system must be configured to audit all discretionary access control permission modifications - 'fremovexattr' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002825 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - 'init_module' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002825-3 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - '/sbin/insmod' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002825-3 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/insmod - '/sbin/insmod' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN002825-4 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - '/sbin/modprobe' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002825-5 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules - '/sbin/rmmod' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003611 - The system must log martian packets - 'net.ipv4.conf.all.log_martians' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003611 - The system must log martian packets - 'net.ipv4.conf.default.log_martians' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003611 - The system must log martian packets - 'net.ipv4.conf.default.log_martians' | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN003660 - The system must log informational authentication data - authpriv.* | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN003660 - The system must log informational authentication data - authpriv.debug | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN003660 - The system must log informational authentication data - authpriv.info | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN006600 - The systems access control program must log each system access attempt - *.debug | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN006600 - The systems access control program must log each system access attempt - *.info | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN006600 - The systems access control program must log each system access attempt - authpriv.* | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN006600 - The systems access control program must log each system access attempt - authpriv.debug | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| GEN006600 - The systems access control program must log each system access attempt - authpriv.info | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
