Revision 1.7Oct 20, 2020

Functional Update

• 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES
• 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EACCES (64-bit)
• 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM
• 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (64-bit)
• 4.1.11 Ensure events that modify user/group information are collected - '/etc/group'
• 4.1.11 Ensure events that modify user/group information are collected - '/etc/gshadow'
• 4.1.11 Ensure events that modify user/group information are collected - '/etc/passwd'
• 4.1.11 Ensure events that modify user/group information are collected - '/etc/security/opasswd'
• 4.1.11 Ensure events that modify user/group information are collected - '/etc/shadow'
• 4.1.12 Ensure successful file system mounts are collected
• 4.1.12 Ensure successful file system mounts are collected - b64
• 4.1.14 Ensure file deletion events by users are collected - x64
• 4.1.14 Ensure file deletion events by users are collected - x86
• 4.1.15 Ensure kernel module loading and unloading is collected - insmod
• 4.1.15 Ensure kernel module loading and unloading is collected - modprobe
• 4.1.15 Ensure kernel module loading and unloading is collected - modules
• 4.1.15 Ensure kernel module loading and unloading is collected - rmmod
• 4.1.16 Ensure system administrator actions (sudolog) are collected - actions
• 4.1.17 Ensure the audit configuration is immutable
• 4.1.3 Ensure changes to system administration scope (sudoers) is collected - sudoers
• 4.1.3 Ensure changes to system administration scope (sudoers) is collected - sudoers.d
• 4.1.4 Ensure login and logout events are collected - /var/log/faillog
• 4.1.4 Ensure login and logout events are collected - /var/log/lastlog
• 4.1.5 Ensure session initiation information is collected - btmp
• 4.1.5 Ensure session initiation information is collected - utmp
• 4.1.5 Ensure session initiation information is collected - wtmp
• 4.1.6 Ensure events that modify date and time information are collected - /etc/localtime
• 4.1.6 Ensure events that modify date and time information are collected - adjtimex
• 4.1.6 Ensure events that modify date and time information are collected - adjtimex x64
• 4.1.6 Ensure events that modify date and time information are collected - clock_settime
• 4.1.6 Ensure events that modify date and time information are collected - clock_settime x64
• 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - *.rules /etc/selinux/
• 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - *.rules /usr/share/selinux/
• 4.1.8 Ensure events that modify the system's network environment are collected - /etc/hosts
• 4.1.8 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
• 4.1.8 Ensure events that modify the system's network environment are collected - issue
• 4.1.8 Ensure events that modify the system's network environment are collected - issue.net
• 4.1.8 Ensure events that modify the system's network environment are collected - sethostname (32-bit)
• 4.1.8 Ensure events that modify the system's network environment are collected - sethostname (64-bit)
• 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat
• 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit)
• 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown
• 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown (64-bit)
• 4.1.9 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr/removexattr
• 4.1.9 Ensure discretionary access control permission modification events are collected - xattr (64-bit)