Detections
Analytics

CIS Rocky Linux 9 Workstation L2 v1.0.0

Audit Details

Name: CIS Rocky Linux 9 Workstation L2 v1.0.0

Updated: 3/20/2024

Authority: CIS

Plugin: Unix

Revision: 1.12

Estimated Item Count: 200

File Details

Filename: CIS_Rocky_Linux_9_v1.0.0_L2_Workstation.audit

Size: 993 kB

MD5: 7c719bf8edbd0b3abecb5554972ee9ac
SHA256: 41affebd03699cadb2c47baad74e52da7f1b797f3d66f7f0dac1467462ef97a6

Audit Changelog

 
Revision 1.12

Mar 20, 2024

Functional Update
  • 4.1.4.4 Ensure the audit log directory is 0750 or more restrictive
Revision 1.11

Mar 18, 2024

Functional Update
  • 4.1.4.1 Ensure audit log files are mode 0640 or less permissive
  • 4.1.4.2 Ensure only authorized users own audit log files
  • 4.1.4.5 Ensure audit configuration files are 640 or more restrictive
  • 4.1.4.6 Ensure audit configuration files are owned by root
  • 4.1.4.7 Ensure audit configuration files belong to group root
Miscellaneous
  • Metadata updated.
  • Variables updated.
Added
  • 4.1.3.6 Ensure use of privileged commands are collected
Removed
  • 4.1.3.6 Ensure use of privileged commands are collected - /etc/audit/rules.d
  • 4.1.3.6 Ensure use of privileged commands are collected - auditctl
Revision 1.10

Dec 27, 2023

Functional Update
  • 4.1.3.19 Ensure kernel module loading unloading and modification is collected - kmod symlinks
  • 4.1.4.1 Ensure audit log files are mode 0640 or less permissive
  • 4.1.4.2 Ensure only authorized users own audit log files
  • 4.1.4.4 Ensure the audit log directory is 0750 or more restrictive
Revision 1.9

Nov 17, 2023

Functional Update
  • 5.2.13 Ensure SSH AllowTcpForwarding is disabled - sshd output
Revision 1.8

Sep 19, 2023

Functional Update
  • 4.1.4.3 Ensure only authorized groups are assigned ownership of audit log files - stat
Revision 1.7

Aug 29, 2023

Functional Update
  • 4.1.3.4 Ensure events that modify date and time information are collected - 'stime'
  • 4.1.3.4 Ensure events that modify date and time information are collected - auditctl stime
Revision 1.6

Aug 28, 2023

Functional Update
  • 4.1.3.10 Ensure successful file system mounts are collected - auditctl b64
Revision 1.5

Jul 5, 2023

Functional Update
  • 4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct
  • 4.1.2.3 Ensure system is disabled when audit logs are full - space_left_action
Revision 1.4

May 11, 2023

Functional Update
  • 4.1.4.10 Ensure audit tools belong to group root
  • 4.1.4.8 Ensure audit tools are 755 or more restrictive
  • 4.1.4.9 Ensure audit tools are owned by root
Revision 1.3

Apr 12, 2023

Miscellaneous
  • Metadata updated.
  • Platform check updated.