Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-002884
CCI
CCI|CCI-002884
Title
Log organization-defined audit events for nonlocal maintenance and diagnostic sessions.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
3.500 - The system must audit all uses of the creat syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.500 - The system must audit all uses of the creat syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.500 - The system must audit all uses of the creat syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.500 - The system must audit all uses of the creat syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.510 - The system must audit all uses of the open syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.510 - The system must audit all uses of the open syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.510 - The system must audit all uses of the open syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.510 - The system must audit all uses of the open syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.520 - The system must audit all uses of the openat syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.520 - The system must audit all uses of the openat syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.520 - The system must audit all uses of the openat syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.520 - The system must audit all uses of the openat syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.530 - The system must audit all uses of the open_by_handle_at syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.530 - The system must audit all uses of the open_by_handle_at syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.530 - The system must audit all uses of the open_by_handle_at syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.530 - The system must audit all uses of the open_by_handle_at syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.540 - The system must audit all uses of the truncate syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.540 - The system must audit all uses of the truncate syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.540 - The system must audit all uses of the truncate syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.540 - The system must audit all uses of the truncate syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.550 - The system must audit all uses of the ftruncate syscall - EACCES 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.550 - The system must audit all uses of the ftruncate syscall - EACCES 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.550 - The system must audit all uses of the ftruncate syscall - EPERM 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.550 - The system must audit all uses of the ftruncate syscall - EPERM 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.590 - The system must audit all uses of the setfiles command.
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.740 - The system must audit all uses of the mount command and syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.740 - The system must audit all uses of the mount command and syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.740 - The system must audit all uses of the mount command and syscall.
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.880 - The system must audit all uses of the rename syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.880 - The system must audit all uses of the rename syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.890 - The system must audit all uses of the renameat syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.890 - The system must audit all uses of the renameat syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.900 - The system must audit all uses of the rmdir syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.900 - The system must audit all uses of the rmdir syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.910 - The system must audit all uses of the unlink syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.910 - The system must audit all uses of the unlink syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.920 - The system must audit all uses of the unlinkat syscall - 32 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
3.920 - The system must audit all uses of the unlinkat syscall - 64 bit
Unix
Tenable Fedora Linux Best Practices v2.0.0
4.1.3.10 Ensure use of privileged commands is collected
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EACCES 32 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EACCES 64 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EPERM 32 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - creat EPERM 64 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - ftruncate EACCES 32 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - ftruncate EACCES 64 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - ftruncate EPERM 32 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - ftruncate EPERM 64 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - open EACCES 32 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - open EACCES 64 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - open EPERM 32 bit
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
