Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-000172
CCI
CCI|CCI-000172
Title
Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
3.370 - The system must audit all uses of the chown syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.370 - The system must audit all uses of the chown syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.380 - The system must audit all uses of the fchown syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.380 - The system must audit all uses of the fchown syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.390 - The system must audit all uses of the lchown syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.390 - The system must audit all uses of the lchown syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.400 - The system must audit all uses of the fchownat syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.400 - The system must audit all uses of the fchownat syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.410 - The system must audit all uses of the chmod syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.410 - The system must audit all uses of the chmod syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.420 - The system must audit all uses of the fchmod syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.420 - The system must audit all uses of the fchmod syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.430 - The system must audit all uses of the fchmodat syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.430 - The system must audit all uses of the fchmodat syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.440 - The system must audit all uses of the setxattr syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.440 - The system must audit all uses of the setxattr syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.450 - The system must audit all uses of the fsetxattr syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.450 - The system must audit all uses of the fsetxattr syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.460 - The system must audit all uses of the lsetxattr syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.460 - The system must audit all uses of the lsetxattr syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.470 - The system must audit all uses of the removexattr syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.470 - The system must audit all uses of the removexattr syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.480 - The system must audit all uses of the fremovexattr syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.480 - The system must audit all uses of the fremovexattr syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.490 - The system must audit all uses of the lremovexattr syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.490 - The system must audit all uses of the lremovexattr syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.500 - The system must audit all uses of the creat syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.500 - The system must audit all uses of the creat syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.500 - The system must audit all uses of the creat syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.500 - The system must audit all uses of the creat syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.510 - The system must audit all uses of the open syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.510 - The system must audit all uses of the open syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.510 - The system must audit all uses of the open syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.510 - The system must audit all uses of the open syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.520 - The system must audit all uses of the openat syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.520 - The system must audit all uses of the openat syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.520 - The system must audit all uses of the openat syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.520 - The system must audit all uses of the openat syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.530 - The system must audit all uses of the open_by_handle_at syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.530 - The system must audit all uses of the open_by_handle_at syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.530 - The system must audit all uses of the open_by_handle_at syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.530 - The system must audit all uses of the open_by_handle_at syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.540 - The system must audit all uses of the truncate syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.540 - The system must audit all uses of the truncate syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.540 - The system must audit all uses of the truncate syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.540 - The system must audit all uses of the truncate syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.550 - The system must audit all uses of the ftruncate syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.550 - The system must audit all uses of the ftruncate syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.550 - The system must audit all uses of the ftruncate syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.550 - The system must audit all uses of the ftruncate syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
