CCI|CCI-000318

Title

The organization audits and reviews activities associated with configuration-controlled changes to the system.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

Name	Plugin	Audit Name
1.4.4 Ensure boot loader does not allow removable media	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - device_t	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.6.1.10 Ensure system device files are labeled - unlabeled_t	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
2.2.21 Ensure the TFTP server has not been installed - TFTP server package installed if not required for operational support.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.30 Ensure SSH does not permit GSSAPI - GSSAPI authentication unless needed.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.3.31 Ensure SSH does not permit Kerberos authentication	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.5.9 Ensure local interactive user accounts umask is 077	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
GEN002260 - The system must be checked for extraneous device files at least weekly	Unix	DISA STIG HP-UX 11.31 v1r19
GEN002260 - The system must be checked for extraneous device files at least weekly.	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN002260 - The system must be checked for extraneous device files at least weekly.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002260 - The system must be checked for extraneous device files at least weekly.	Unix	DISA STIG AIX 5.3 v1r2
GEN002260 - The system must be checked for extraneous device files at least weekly.	Unix	DISA STIG AIX 6.1 v1r13
GEN002260 - The system must be checked for extraneous device files at least weekly.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002260 - The system must be checked for extraneous device files at least weekly.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN002260 - The system must be checked for extraneous device files at least weekly.	Unix	DISA STIG AIX 6.1 v1r14
GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002400 - The system must be checked weekly for unauthorized setuid files and unauthorized modification to authorized setuid files.	Unix	DISA STIG AIX 6.1 v1r13
GEN002400 - The system must be checked weekly for unauthorized setuid files and unauthorized modification to authorized setuid files.	Unix	DISA STIG AIX 6.1 v1r14
GEN002400 - The system must be checked weekly for unauthorized setuid files as well as unauthorized modification to authorized setuid files	Unix	DISA STIG HP-UX 11.31 v1r19
GEN002400 - The system must be checked weekly for unauthorized setuid files as well as unauthorized modification to authorized setuid files.	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN002400 - The system must be checked weekly for unauthorized setuid files as well as unauthorized modification to authorized setuid files.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002400 - The system must be checked weekly for unauthorized setuid files as well as unauthorized modification to setuid files.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN002400 - The system must be checked weekly for unauthorized setuid files as well as unauthorized modification to setuid files.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002400 - The system must be checked weekly for unauthorized setuid files, and unauthorized modification to authorized setuid files.	Unix	DISA STIG AIX 5.3 v1r2
GEN002440 - The owner, group-owner, mode, ACL and location of files with the 'sgid' bit set must be documented.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN002460 - The system must be checked weekly for unauthorized setgid files and unauthorized modification to authorized setgid files.	Unix	DISA STIG AIX 6.1 v1r13
GEN002460 - The system must be checked weekly for unauthorized setgid files and unauthorized modification to authorized setgid files.	Unix	DISA STIG AIX 6.1 v1r14
GEN002460 - The system must be checked weekly for unauthorized setgid files as well as unauthorized modification to authorized setgid files	Unix	DISA STIG HP-UX 11.31 v1r19
GEN002460 - The system must be checked weekly for unauthorized setgid files as well as unauthorized modification to authorized setgid files.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN002460 - The system must be checked weekly for unauthorized setgid files as well as unauthorized modification to authorized setgid files.	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN002460 - The system must be checked weekly for unauthorized setgid files, and unauthorized modification to authorized setgid files.	Unix	DISA STIG AIX 5.3 v1r2
GEN002460 - The system must be checked weekly for unauthorized sgid files as well as unauthorized modification to authorized setgid files.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002460 - The system must be checked weekly for unauthorized sgid files as well as unauthorized modification to authorized setgid files.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - device_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r12
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - device_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r4
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - device_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r7
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - device_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r8
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - device_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r5
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - device_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r9
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - device_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r10
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - unlabeled_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r5
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - unlabeled_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r8
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - unlabeled_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r10
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - unlabeled_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r7
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - unlabeled_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r9
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - unlabeled_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r12
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification - unlabeled_t	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r4
RHEL-07-020900 - The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r14
RHEL-07-021040 - The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts.	Unix	DISA Red Hat Enterprise Linux 7 STIG v3r10

Detections

Analytics

CCI|CCI-000318

Title

Reference Item Details

Audit Items