800-53|AU-12a.

Title

AUDIT GENERATION

Description

Provides audit record generation capability for the auditable events defined in AU-2 a. at [Assignment: organization-defined information system components];

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.3 Set 'Disable 'Configuring History' to 'Enabled'WindowsCIS IE 11 v1.0.0
3.3 Set 'Disable Configuring History' to 'Enabled'WindowsCIS IE 10 v1.1.0
3.125 - Audit policy using subcategories is enabled.WindowsDISA Windows Vista STIG v6r41
8.1.2 Install and Enable auditd ServiceUnixCIS Debian Linux 7 L2 v1.0.0
8.1.2 Install and Enable auditd ServiceUnixCIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events.UnixDISA STIG AIX 7.x v3r1
ALMA-09-004970 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005080 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005190 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005300 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005410 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005960 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-006070 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-045670 - AlmaLinux OS 9 audit system must audit local events.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047100 - The audit package must be installed on AlmaLinux OS 9.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047540 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047650 - AlmaLinux OS 9 must generate audit records for any use of the "mount" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047760 - AlmaLinux OS 9 must generate audit records for any use of the "umount" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047870 - Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047980 - AlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048090 - AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048200 - AlmaLinux OS 9 must generate audit records for any use of the "chacl" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048310 - AlmaLinux OS 9 must generate audit records for any use of the "chage" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048420 - AlmaLinux OS 9 must generate audit records for any use of the "chcon" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048530 - AlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048640 - AlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048750 - AlmaLinux OS 9 must generate audit records for any use of the "chsh" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048860 - AlmaLinux OS 9 must generate audit records for any use of the "crontab" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048970 - AlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049190 - AlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049300 - AlmaLinux OS 9 must audit all uses of the kmod command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049410 - AlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049520 - AlmaLinux OS 9 must generate audit records for any use of the "passwd" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049630 - AlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049740 - AlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049850 - AlmaLinux OS 9 must generate audit records for any use of the "su" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049960 - AlmaLinux OS 9 must generate audit records for any use of the "sudo" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050070 - AlmaLinux OS 9 must generate audit records for any use of the "semanage" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050180 - AlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050290 - AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050400 - AlmaLinux OS 9 must generate audit records for any use of the "setsebool" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050510 - AlmaLinux OS 9 must generate audit records for any use of the "ssh-agent" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050620 - AlmaLinux OS 9 must generate audit records for any use of the "ssh-keysign" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050730 - AlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050840 - AlmaLinux OS 9 must generate audit records for any use of the "pam_timestamp_check" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050950 - AlmaLinux OS 9 must generate audit records for any use of the "unix_chkpwd" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-051060 - AlmaLinux OS 9 must generate audit records for any use of the "unix_update" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-051170 - AlmaLinux OS 9 must generate audit records for any use of the "userhelper" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-051280 - AlmaLinux OS 9 must generate audit records for any use of the "usermod" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-051390 - AlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1