CIS Debian Family Server L2 v1.0.0

Audit Details

Name: CIS Debian Family Server L2 v1.0.0

Updated: 3/18/2024

Authority: CIS

Plugin: Unix

Revision: 1.13

Estimated Item Count: 134

File Details

Filename: CIS_Debian_Family_Linux_v1.0.0_L2_Server.audit

Size: 423 kB

MD5: 24bc6d5434c7a71063b762110493e99c

SHA256: 4a1533cc4617c5a0c46d399e10f1a65b6971330d8d3840bd9b84c9bdfef3a24a

Audit Changelog


Revision 1.13 Mar 18, 2024 Functional Update 4.1.11 Ensure use of privileged commands is collected Miscellaneous Metadata updated. Variables updated.
Revision 1.12 Oct 6, 2023 Functional Update 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux Miscellaneous Metadata updated.
Revision 1.11 Jul 5, 2023 Functional Update 3.5.2 Ensure SCTP is disabled - modprobe 3.5.3 Ensure RDS is disabled - modprobe 3.5.4 Ensure TIPC is disabled - modprobe 4.1.2.2 Ensure audit logs are not automatically deleted 4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct 4.1.2.3 Ensure system is disabled when audit logs are full - admin_space_left_action 4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action
Revision 1.10 Apr 12, 2023 Miscellaneous Metadata updated.
Revision 1.9 Mar 7, 2023 Miscellaneous Metadata updated. References updated.
Revision 1.8 Jan 4, 2023 Miscellaneous Metadata updated. Variables updated.
Revision 1.7 Dec 7, 2022 Miscellaneous Metadata updated.
Revision 1.6 Sep 30, 2022 Functional Update 4.1.12 Ensure successful file system mounts are collected - mounts 4.1.16 Ensure kernel module loading and unloading is collected - init_module 4.1.3 Ensure events that modify date and time information are collected - clock_settime 4.1.3 Ensure events that modify date and time information are collected - clock_settime x64
Revision 1.5 Sep 16, 2022 Functional Update 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES x64 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM x64 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES x64 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM x64 4.1.12 Ensure successful file system mounts are collected - auditctl mount 4.1.12 Ensure successful file system mounts are collected - auditctl mount x64 4.1.12 Ensure successful file system mounts are collected - mounts 4.1.12 Ensure successful file system mounts are collected - mounts x64 4.1.13 Ensure file deletion events by users are collected - auditctl delete 4.1.13 Ensure file deletion events by users are collected - auditctl delete x64 4.1.13 Ensure file deletion events by users are collected - delete 4.1.13 Ensure file deletion events by users are collected - delete x64 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl b32 actions 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl b64 actions 4.1.15 Ensure system administrator command executions (sudo) are collected - b32 actions 4.1.15 Ensure system administrator command executions (sudo) are collected - b64 actions 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat x64 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown x64 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl lsetxattr setxattr fsetxattr removexattr 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl setxattr x64 4.1.9 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat 4.1.9 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat x64 4.1.9 Ensure discretionary access control permission modification events are collected - chown fchown fchownat lchown 4.1.9 Ensure discretionary access control permission modification events are collected - chown fchown fchownat lchown x64 4.1.9 Ensure discretionary access control permission modification events are collected - lsetxattr setxattr fsetxattr removexattr 4.1.9 Ensure discretionary access control permission modification events are collected - lsetxattr setxattr fsetxattr removexattr x64 Miscellaneous Variables updated.
Revision 1.4 Jul 27, 2022 Functional Update 5.2.5 Ensure SSH X11 forwarding is disabled

Detections

Analytics

CIS Debian Family Server L2 v1.0.0

Audit Details

File Details

Audit Changelog

Revision 1.13

Functional Update

Miscellaneous

Revision 1.12

Functional Update

Miscellaneous

Revision 1.11

Functional Update

Revision 1.10

Miscellaneous

Revision 1.9

Miscellaneous

Revision 1.8

Miscellaneous

Revision 1.7

Miscellaneous

Revision 1.6

Functional Update

Revision 1.5

Functional Update

Miscellaneous

Revision 1.4

Functional Update

Detections

Analytics

CIS Debian Family Server L2 v1.0.0 Download File

Audit Details

File Details

Audit Changelog

Functional Update

Miscellaneous

Functional Update

Miscellaneous

Functional Update

Miscellaneous

Miscellaneous

Miscellaneous

Miscellaneous

Functional Update

Functional Update

Miscellaneous

Functional Update

CIS Debian Family Server L2 v1.0.0