Revision 1.4Nov 25, 2025
Informational Update
- 1.1.11 Ensure separate partition exists for /var/tmp
- 1.1.15 Ensure separate partition exists for /var/log
- 1.1.16 Ensure separate partition exists for /var/log/audit
- 1.1.17 Ensure separate partition exists for /home
- 4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
- 4.1.2.1 Ensure audit log storage size is configured
- 4.1.3.1 Ensure events that modify date and time information are collected
- 4.1.3.10 Ensure use of privileged commands is collected
- 4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected
- 4.1.3.12 Ensure discretionary access control permission modification events are collected
- 4.1.3.13 Ensure login and logout events are collected
- 4.1.3.14 Ensure events that modify user/group information are collected
- 4.1.3.2 Ensure system administrator command executions (sudo) are collected
- 4.1.3.3 Ensure session initiation information is collected
- 4.1.3.4 Ensure events that modify the system's Mandatory Access Controls are collected
- 4.1.3.41 Ensure the audit configuration is immutable
- 4.1.3.5 Ensure events that modify the system's network environment are collected
- 4.1.3.6 Ensure successful file system mounts are collected
- 4.1.3.7 Ensure kernel module loading and unloading is collected
- 4.1.3.8 Ensure changes to system administration scope (sudoers) is collected
- 4.1.3.9 Ensure file deletion events by users are collected
- 5.3.8 Ensure SSH X11 forwarding is disabled
- 6.1.1 Audit system file permissions
Miscellaneous
- Metadata updated.
- Platform check updated.
- References updated.
Added
- CIS_Amazon_Linux_2_STIG_v2.0.0_L2_Server.audit from CIS Amazon Linux 2 STIG v2.0.0
Removed
- CIS_Amazon_Linux_2_STIG_v2.0.0_L2_Server.audit from CIS Amazon Linux 2 STIG Benchmark v2.0.0
