CCI|CCI-000126

Title

Specify the organization-defined event types (subset of the event types defined in AU-2a) along with the frequency of (or situation requiring logging for each identified event type.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.1.1.2 Ensure auditd service is enabled and runningUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - chown 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - chown 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchown 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchown 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 4 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - lchown 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - lchown 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - faillockUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - lastlogUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged'UnixDISA STIG AIX 5.3 v1r2
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged'UnixDISA STIG AIX 6.1 v1r14
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'UnixDISA STIG AIX 5.3 v1r2
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'UnixDISA STIG AIX 6.1 v1r14
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_ACCT must not exist'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_ACCT must not exist'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_AUTH must not exist'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_AUTH must not exist'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_END must not exist'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_END must not exist'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_LOGIN must not exist'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_LOGIN must not exist'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog 'authpriv.*'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog 'authpriv.*'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog 'authpriv.*'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog 'authpriv.*'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog 'authpriv.*'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account.UnixDISA STIG AIX 5.3 v1r2
GEN001060 - The system must log successful and unsuccessful access to the root account.UnixDISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/config FILE_Open exists'UnixDISA STIG AIX 5.3 v1r2
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/config FILE_Open exists'UnixDISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/events FILE_Open exists'UnixDISA STIG AIX 5.3 v1r2
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/events FILE_Open exists'UnixDISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - 'User audit class assignments should be reviewed'UnixDISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - 'User audit class assignments should be reviewed'UnixDISA STIG AIX 5.3 v1r2
GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F exit=-EACCES'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F exit=-EACCES'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F exit=-EPERM'UnixDISA STIG for Oracle Linux 5 v2r1