Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
CIS SUSE Linux Enterprise 12 v3.1.0 L2 Server
Changelog
Revision 1.6
Changelog
Revision 1.6
Sep 19, 2023
Functional Update
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EACCES
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EPERM
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EACCES
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EPERM
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b32 EACCES
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERM
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES
4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b64 EPERM
4.1.12 Ensure successful file system mounts are collected - auditctl b64 mount
4.1.12 Ensure successful file system mounts are collected - b64 mount
4.1.13 Ensure file deletion events by users are collected - auditctl b32 delete
4.1.13 Ensure file deletion events by users are collected - auditctl b64 delete
4.1.13 Ensure file deletion events by users are collected - b32 delete
4.1.13 Ensure file deletion events by users are collected - b64 delete
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.d
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.d
4.1.16 Ensure kernel module loading and unloading is collected - auditctl insmod
4.1.16 Ensure kernel module loading and unloading is collected - auditctl modprobe
4.1.16 Ensure kernel module loading and unloading is collected - auditctl rmmod
4.1.16 Ensure kernel module loading and unloading is collected - insmod
4.1.16 Ensure kernel module loading and unloading is collected - modprobe
4.1.16 Ensure kernel module loading and unloading is collected - rmmod
4.1.2.1 Ensure audit log storage size is configured
4.1.2.2 Ensure audit logs are not automatically deleted
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 /etc/localtime
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 adjtimex
4.1.3 Ensure events that modify date and time information are collected - auditctl b32 clock_settime
4.1.3 Ensure events that modify date and time information are collected - auditctl b64 adjtimex
4.1.3 Ensure events that modify date and time information are collected - auditctl b64 clock_settime
4.1.3 Ensure events that modify date and time information are collected - b32 /etc/localtime
4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex
4.1.3 Ensure events that modify date and time information are collected - b32 clock_settime
4.1.3 Ensure events that modify date and time information are collected - b64 adjtimex
4.1.3 Ensure events that modify date and time information are collected - b64 clock_settime
4.1.4 Ensure events that modify user/group information are collected - /etc/group
4.1.4 Ensure events that modify user/group information are collected - /etc/passwd
4.1.4 Ensure events that modify user/group information are collected - /etc/security/opasswd
4.1.4 Ensure events that modify user/group information are collected - /etc/shadow
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/group
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/passwd
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd
4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/shadow
4.1.5 Ensure events that modify the system's network environment are collected - /etc/hosts
4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue
4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue.net
4.1.5 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts
4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue
4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net
4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network
4.1.5 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname
4.1.5 Ensure events that modify the system's network environment are collected - auditctl b64 sethostname
4.1.5 Ensure events that modify the system's network environment are collected - b32 sethostname
4.1.5 Ensure events that modify the system's network environment are collected - b64 sethostname
4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux
4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux
4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux
4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux
4.1.7 Ensure login and logout events are collected - /var/log/faillog
4.1.7 Ensure login and logout events are collected - /var/log/lastlog
4.1.7 Ensure login and logout events are collected - /var/log/tallylog
4.1.7 Ensure login and logout events are collected - auditctl /var/log/faillog
4.1.7 Ensure login and logout events are collected - auditctl /var/log/lastlog
4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylog
4.1.8 Ensure session initiation information is collected - /var/log/btmp
4.1.8 Ensure session initiation information is collected - /var/log/wtmp
4.1.8 Ensure session initiation information is collected - /var/run/utmp
4.1.8 Ensure session initiation information is collected - auditctl /var/log/btmp
4.1.8 Ensure session initiation information is collected - auditctl /var/log/wtmp
4.1.8 Ensure session initiation information is collected - auditctl /var/run/utmp
4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 chmod
4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 chown
4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 xattr
4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 chmod
4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 chown
4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 xattr
4.1.9 Ensure discretionary access control permission modification events are collected - b32 chmod
4.1.9 Ensure discretionary access control permission modification events are collected - b32 chown
4.1.9 Ensure discretionary access control permission modification events are collected - b32 xattr
4.1.9 Ensure discretionary access control permission modification events are collected - b64 chmod
4.1.9 Ensure discretionary access control permission modification events are collected - b64 chown
4.1.9 Ensure discretionary access control permission modification events are collected - b64 xattr
Miscellaneous
Metadata updated.
References updated.
Added
4.1.12 Ensure successful file system mounts are collected - auditctl b32 mount
4.1.12 Ensure successful file system mounts are collected - b32 mount
4.1.16 Ensure kernel module loading and unloading is collected - auditctl b32 init_module, delete_module
4.1.16 Ensure kernel module loading and unloading is collected - auditctl b64 init_module, delete_module
4.1.16 Ensure kernel module loading and unloading is collected - b32 init_module, delete_module
4.1.16 Ensure kernel module loading and unloading is collected - b64 init_module, delete_module
Removed
4.1.12 Ensure successful file system mounts are collected - 32b mount
4.1.12 Ensure successful file system mounts are collected - auditctl 32b mount
4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module, delete_module
4.1.16 Ensure kernel module loading and unloading is collected - init_module, delete_module