CCI|CCI-000126

Title

Specify the organization-defined event types (subset of the event types defined in AU-2a) along with the frequency of (or situation requiring logging for each identified event type.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
4.1.1.2 Ensure auditd service is enabled and running	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - chown 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - chown 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchown 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchown 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 4 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - lchown 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - lchown 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - faillock	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - lastlog	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged'	Unix	DISA STIG AIX 5.3 v1r2
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged'	Unix	DISA STIG AIX 6.1 v1r14
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'	Unix	DISA STIG AIX 5.3 v1r2
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'	Unix	DISA STIG AIX 6.1 v1r14
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_ACCT must not exist'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_ACCT must not exist'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_AUTH must not exist'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_AUTH must not exist'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_END must not exist'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_END must not exist'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_LOGIN must not exist'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_LOGIN must not exist'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog 'authpriv.*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog 'authpriv.*'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog.conf	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog 'authpriv.*'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog 'authpriv.*'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog 'authpriv.*'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog.conf	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account.	Unix	DISA STIG AIX 6.1 v1r14
GEN001060 - The system must log successful and unsuccessful access to the root account.	Unix	DISA STIG AIX 5.3 v1r2
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/config FILE_Open exists'	Unix	DISA STIG AIX 5.3 v1r2
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/config FILE_Open exists'	Unix	DISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/events FILE_Open exists'	Unix	DISA STIG AIX 5.3 v1r2
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/events FILE_Open exists'	Unix	DISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - 'User audit class assignments should be reviewed'	Unix	DISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - 'User audit class assignments should be reviewed'	Unix	DISA STIG AIX 5.3 v1r2
GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F exit=-EACCES'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F exit=-EACCES'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F exit=-EPERM'	Unix	DISA STIG for Oracle Linux 5 v2r1

Detections

Analytics

CCI|CCI-000126

Title

Reference Item Details

Audit Items