CCI|CCI-000135

Title

Generate audit records containing the organization-defined additional information that is to be included in the audit records.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoersUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers.dUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.10 Ensure use of privileged commands is collectedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.15 Ensure all uses of the passwd command are audited.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.16 Ensure auditing of the unix_chkpwd commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.17 Ensure audit of the gpasswd commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.18 Ensure audit all uses of chageUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.19 Ensure audit all uses of the chsh command.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.20 Ensure audit the umount commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.21 Ensure audit of postdrop commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.22 Ensure audit of postqueue command.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.23 Ensure audit ssh-keysign command.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.24 Ensure audit of crontab commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.36 Ensure audit of the userhelper commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.37 Ensure audit of the mount command and syscallUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.37 Ensure audit of the mount command and syscall - 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.37 Ensure audit of the mount command and syscall - 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.38 Ensure audit of the su commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.40 Ensure audit all uses of the newgrp commandUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands.UnixDISA STIG AIX 7.x v3r1
ALMA-09-004970 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005080 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005190 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005300 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005410 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-005960 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-006070 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047100 - The audit package must be installed on AlmaLinux OS 9.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047540 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-047980 - AlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048090 - AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048200 - AlmaLinux OS 9 must generate audit records for any use of the "chacl" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048310 - AlmaLinux OS 9 must generate audit records for any use of the "chage" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048420 - AlmaLinux OS 9 must generate audit records for any use of the "chcon" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048530 - AlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048640 - AlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048750 - AlmaLinux OS 9 must generate audit records for any use of the "chsh" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048860 - AlmaLinux OS 9 must generate audit records for any use of the "crontab" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-048970 - AlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049190 - AlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049300 - AlmaLinux OS 9 must audit all uses of the kmod command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049410 - AlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049520 - AlmaLinux OS 9 must generate audit records for any use of the "passwd" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049630 - AlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049740 - AlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049850 - AlmaLinux OS 9 must generate audit records for any use of the "su" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-049960 - AlmaLinux OS 9 must generate audit records for any use of the "sudo" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050070 - AlmaLinux OS 9 must generate audit records for any use of the "semanage" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050180 - AlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1
ALMA-09-050290 - AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r1