Detections
Analytics

CIS Red Hat EL9 Workstation L2 v1.0.0

Audit Details

Name: CIS Red Hat EL9 Workstation L2 v1.0.0

Updated: 3/20/2024

Authority: CIS

Plugin: Unix

Revision: 1.11

Estimated Item Count: 200

File Details

Filename: CIS_Red_Hat_EL9_v1.0.0_L2_Workstation.audit

Size: 993 kB

MD5: 5a443f6103d557d44be57bb7de8c7dff
SHA256: 7efb5ac60e609d5c3ca371b3c0d062c147366578528c5f351f48861d71bd57e3

Audit Changelog

 
Revision 1.11

Mar 20, 2024

Functional Update
  • 4.1.4.4 Ensure the audit log directory is 0750 or more restrictive
Revision 1.10

Mar 18, 2024

Functional Update
  • 4.1.4.1 Ensure audit log files are mode 0640 or less permissive
  • 4.1.4.2 Ensure only authorized users own audit log files
  • 4.1.4.5 Ensure audit configuration files are 640 or more restrictive
  • 4.1.4.6 Ensure audit configuration files are owned by root
  • 4.1.4.7 Ensure audit configuration files belong to group root
Miscellaneous
  • Metadata updated.
  • Variables updated.
Added
  • 4.1.3.6 Ensure use of privileged commands are collected
Removed
  • 4.1.3.6 Ensure use of privileged commands are collected - /etc/audit/rules.d
  • 4.1.3.6 Ensure use of privileged commands are collected - auditctl
Revision 1.9

Dec 27, 2023

Functional Update
  • 4.1.3.19 Ensure kernel module loading unloading and modification is collected - kmod symlinks
  • 4.1.4.1 Ensure audit log files are mode 0640 or less permissive
  • 4.1.4.2 Ensure only authorized users own audit log files
  • 4.1.4.4 Ensure the audit log directory is 0750 or more restrictive
Revision 1.8

Nov 17, 2023

Functional Update
  • 5.2.13 Ensure SSH AllowTcpForwarding is disabled - sshd output
Revision 1.7

Sep 19, 2023

Functional Update
  • 4.1.4.3 Ensure only authorized groups are assigned ownership of audit log files - stat
Miscellaneous
  • Metadata updated.
Revision 1.6

Aug 29, 2023

Functional Update
  • 4.1.3.4 Ensure events that modify date and time information are collected - 'stime'
  • 4.1.3.4 Ensure events that modify date and time information are collected - auditctl stime
Revision 1.5

Aug 28, 2023

Functional Update
  • 4.1.3.10 Ensure successful file system mounts are collected - auditctl b64
Revision 1.4

Jul 5, 2023

Functional Update
  • 4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct
  • 4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action
Revision 1.3

May 11, 2023

Functional Update
  • 4.1.4.10 Ensure audit tools belong to group root
  • 4.1.4.8 Ensure audit tools are 755 or more restrictive
  • 4.1.4.9 Ensure audit tools are owned by root
Revision 1.2

Mar 20, 2023

Functional Update
  • 4.1.4.3 Ensure only authorized groups are assigned ownership of audit log files - stat
  • 4.1.4.4 Ensure the audit log directory is 0750 or more restrictive
  • 4.1.4.5 Ensure audit configuration files are 640 or more restrictive