CCI|CCI-000130

Title

Ensure that audit records containing information that establishes what type of event occurred.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

Name	Plugin	Audit Name
4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers.d	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.10 Ensure use of privileged commands is collected	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.19 Ensure audit all uses of the chsh command.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.38 Ensure audit of the su command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.40 Ensure audit all uses of the newgrp command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002001 - AIX must produce audit records containing information to establish what the date, time, and type of events that occurred.	Unix	DISA STIG AIX 7.x v3r1
ALMA-09-004970 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005080 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005190 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005300 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005410 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005960 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-006070 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047100 - The audit package must be installed on AlmaLinux OS 9.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047540 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047650 - AlmaLinux OS 9 must generate audit records for any use of the "mount" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047760 - AlmaLinux OS 9 must generate audit records for any use of the "umount" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047870 - Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047980 - AlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048090 - AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048200 - AlmaLinux OS 9 must generate audit records for any use of the "chacl" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048310 - AlmaLinux OS 9 must generate audit records for any use of the "chage" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048420 - AlmaLinux OS 9 must generate audit records for any use of the "chcon" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048530 - AlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048640 - AlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048750 - AlmaLinux OS 9 must generate audit records for any use of the "chsh" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048860 - AlmaLinux OS 9 must generate audit records for any use of the "crontab" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048970 - AlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049190 - AlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049300 - AlmaLinux OS 9 must audit all uses of the kmod command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049410 - AlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049520 - AlmaLinux OS 9 must generate audit records for any use of the "passwd" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049630 - AlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049740 - AlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049850 - AlmaLinux OS 9 must generate audit records for any use of the "su" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049960 - AlmaLinux OS 9 must generate audit records for any use of the "sudo" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050070 - AlmaLinux OS 9 must generate audit records for any use of the "semanage" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050180 - AlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050290 - AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050400 - AlmaLinux OS 9 must generate audit records for any use of the "setsebool" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050510 - AlmaLinux OS 9 must generate audit records for any use of the "ssh-agent" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050620 - AlmaLinux OS 9 must generate audit records for any use of the "ssh-keysign" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050730 - AlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050840 - AlmaLinux OS 9 must generate audit records for any use of the "pam_timestamp_check" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050950 - AlmaLinux OS 9 must generate audit records for any use of the "unix_chkpwd" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-051060 - AlmaLinux OS 9 must generate audit records for any use of the "unix_update" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-051170 - AlmaLinux OS 9 must generate audit records for any use of the "userhelper" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-051280 - AlmaLinux OS 9 must generate audit records for any use of the "usermod" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-051390 - AlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r1

Detections

Analytics

CCI|CCI-000130

Title

Reference Item Details

Audit Items