Detections
Analytics

Revision 1.4

Oct 5, 2020
Functional Update
  • 1.6.3 Ensure SELinux or AppArmor are installed
  • 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat x64
  • 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown x64
  • 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr x64
  • 4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat x64
  • 4.1.10 Ensure discretionary access control permission modification events are collected - chown fchown fchownat lchown x64
  • 4.1.10 Ensure discretionary access control permission modification events are collected - lsetxattr setxattr fsetxattr removexattr x64
  • 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCES x64
  • 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM x64
  • 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES x64
  • 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM x64
  • 4.1.13 Ensure successful file system mounts are collected - auditctl mount x64
  • 4.1.13 Ensure successful file system mounts are collected - mounts x64
  • 4.1.14 Ensure file deletion events by users are collected - auditctl delete x64
  • 4.1.14 Ensure file deletion events by users are collected - delete x64
  • 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime x64
  • 4.1.4 Ensure events that modify date and time information are collected - auditctl settimeofday,adjtimex x64
  • 4.1.4 Ensure events that modify date and time information are collected - clock_settime x64
  • 4.1.4 Ensure events that modify date and time information are collected - settimeofday,adjtimex x64
  • 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' x64
  • 4.1.6 Ensure events that modify the system's network environment are collected - sethostname setdomainname x64
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor.d
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux/
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor.d
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux
  • 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux
Miscellaneous
  • Platform check updated.