Jan 6, 2025 Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Jun 17, 2024 |
Jun 14, 2024 Functional Update- 1.1.1.1 Ensure mounting of squashfs filesystems is disabled
- 1.1.10 Ensure separate partition exists for /var
- 1.1.11 Ensure separate partition exists for /var/tmp
- 1.1.15 Ensure separate partition exists for /var/log
- 1.1.16 Ensure separate partition exists for /var/log/audit
- 1.1.17 Ensure separate partition exists for /home
- 1.1.23 Disable Automounting
- 1.7.1.4 Ensure all AppArmor Profiles are enforcing
- 4.1.1.1 Ensure auditd is installed
- 4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
- 4.1.11 Ensure use of privileged commands is collected
- 4.1.17 Ensure the audit configuration is immutable
- 4.1.2.1 Ensure audit log storage size is configured
- 4.1.2.2 Ensure audit logs are not automatically deleted
- 4.1.2.4 Ensure audit_backlog_limit is sufficient
- 5.2.20 Ensure SSH AllowTcpForwarding is disabled
- 6.1.1 Audit system file permissions
Informational Update- 1.1.1.1 Ensure mounting of squashfs filesystems is disabled
- 1.1.10 Ensure separate partition exists for /var
- 1.1.11 Ensure separate partition exists for /var/tmp
- 1.1.15 Ensure separate partition exists for /var/log
- 1.1.16 Ensure separate partition exists for /var/log/audit
- 1.1.17 Ensure separate partition exists for /home
- 1.1.23 Disable Automounting
- 1.7.1.4 Ensure all AppArmor Profiles are enforcing
- 4.1.1.1 Ensure auditd is installed
- 4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled
- 4.1.11 Ensure use of privileged commands is collected
- 4.1.17 Ensure the audit configuration is immutable
- 4.1.2.1 Ensure audit log storage size is configured
- 4.1.2.2 Ensure audit logs are not automatically deleted
- 4.1.2.4 Ensure audit_backlog_limit is sufficient
- 5.2.20 Ensure SSH AllowTcpForwarding is disabled
- 6.1.1 Audit system file permissions
Miscellaneous- Metadata updated.
- References updated.
- See also link updated.
- Variables updated.
Added- 1.1.1.3 Ensure mounting of FAT filesystems is limited
- 2.2.3 Ensure Avahi Server is not installed
- 3.1.1 Disable IPv6
- 3.1.2 Ensure wireless interfaces are disabled
- 3.4.1 Ensure DCCP is disabled
- 3.4.2 Ensure SCTP is disabled
- 4.1.1.2 Ensure auditd service is enabled and running
- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected
- 4.1.12 Ensure successful file system mounts are collected
- 4.1.13 Ensure file deletion events by users are collected
- 4.1.14 Ensure changes to system administration scope (sudoers) is collected
- 4.1.15 Ensure system administrator actions (sudolog) are collected
- 4.1.16 Ensure kernel module loading and unloading is collected
- 4.1.2.3 Ensure system is disabled when audit logs are full
- 4.1.3 Ensure events that modify date and time information are collected
- 4.1.4 Ensure events that modify user/group information are collected
- 4.1.5 Ensure events that modify the system's network environment are collected
- 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected
- 4.1.7 Ensure login and logout events are collected
- 4.1.8 Ensure session initiation information is collected
- 4.1.9 Ensure discretionary access control permission modification events are collected
|
Mar 18, 2024 Functional Update- 4.1.11 Ensure use of privileged commands is collected
Miscellaneous- Metadata updated.
- Variables updated.
|
Dec 20, 2023 |
Sep 19, 2023 Functional Update- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EACCES
- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EPERM
- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EACCES
- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EPERM
- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b32 EACCES
- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERM
- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES
- 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - b64 EPERM
- 4.1.12 Ensure successful file system mounts are collected - auditctl b64 mount
- 4.1.12 Ensure successful file system mounts are collected - b64 mount
- 4.1.13 Ensure file deletion events by users are collected - auditctl b32 delete
- 4.1.13 Ensure file deletion events by users are collected - auditctl b64 delete
- 4.1.13 Ensure file deletion events by users are collected - b32 delete
- 4.1.13 Ensure file deletion events by users are collected - b64 delete
- 4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers
- 4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.d
- 4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers
- 4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.d
- 4.1.16 Ensure kernel module loading and unloading is collected - auditctl insmod
- 4.1.16 Ensure kernel module loading and unloading is collected - auditctl modprobe
- 4.1.16 Ensure kernel module loading and unloading is collected - auditctl rmmod
- 4.1.16 Ensure kernel module loading and unloading is collected - insmod
- 4.1.16 Ensure kernel module loading and unloading is collected - modprobe
- 4.1.16 Ensure kernel module loading and unloading is collected - rmmod
- 4.1.2.1 Ensure audit log storage size is configured
- 4.1.2.2 Ensure audit logs are not automatically deleted
- 4.1.3 Ensure events that modify date and time information are collected - auditctl b32 /etc/localtime
- 4.1.3 Ensure events that modify date and time information are collected - auditctl b32 adjtimex
- 4.1.3 Ensure events that modify date and time information are collected - auditctl b32 clock_settime
- 4.1.3 Ensure events that modify date and time information are collected - auditctl b64 adjtimex
- 4.1.3 Ensure events that modify date and time information are collected - auditctl b64 clock_settime
- 4.1.3 Ensure events that modify date and time information are collected - b32 /etc/localtime
- 4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex
- 4.1.3 Ensure events that modify date and time information are collected - b32 clock_settime
- 4.1.3 Ensure events that modify date and time information are collected - b64 adjtimex
- 4.1.3 Ensure events that modify date and time information are collected - b64 clock_settime
- 4.1.4 Ensure events that modify user/group information are collected - /etc/group
- 4.1.4 Ensure events that modify user/group information are collected - /etc/passwd
- 4.1.4 Ensure events that modify user/group information are collected - /etc/security/opasswd
- 4.1.4 Ensure events that modify user/group information are collected - /etc/shadow
- 4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/group
- 4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/passwd
- 4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/security/opasswd
- 4.1.4 Ensure events that modify user/group information are collected - auditctl /etc/shadow
- 4.1.5 Ensure events that modify the system's network environment are collected - /etc/hosts
- 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue
- 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue.net
- 4.1.5 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network
- 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts
- 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue
- 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net
- 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network
- 4.1.5 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname
- 4.1.5 Ensure events that modify the system's network environment are collected - auditctl b64 sethostname
- 4.1.5 Ensure events that modify the system's network environment are collected - b32 sethostname
- 4.1.5 Ensure events that modify the system's network environment are collected - b64 sethostname
- 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux
- 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux
- 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux
- 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux
- 4.1.7 Ensure login and logout events are collected - /var/log/faillog
- 4.1.7 Ensure login and logout events are collected - /var/log/lastlog
- 4.1.7 Ensure login and logout events are collected - /var/log/tallylog
- 4.1.7 Ensure login and logout events are collected - auditctl /var/log/faillog
- 4.1.7 Ensure login and logout events are collected - auditctl /var/log/lastlog
- 4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylog
- 4.1.8 Ensure session initiation information is collected - /var/log/btmp
- 4.1.8 Ensure session initiation information is collected - /var/log/wtmp
- 4.1.8 Ensure session initiation information is collected - /var/run/utmp
- 4.1.8 Ensure session initiation information is collected - auditctl /var/log/btmp
- 4.1.8 Ensure session initiation information is collected - auditctl /var/log/wtmp
- 4.1.8 Ensure session initiation information is collected - auditctl /var/run/utmp
- 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 chmod
- 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 chown
- 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 xattr
- 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 chmod
- 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 chown
- 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 xattr
- 4.1.9 Ensure discretionary access control permission modification events are collected - b32 chmod
- 4.1.9 Ensure discretionary access control permission modification events are collected - b32 chown
- 4.1.9 Ensure discretionary access control permission modification events are collected - b32 xattr
- 4.1.9 Ensure discretionary access control permission modification events are collected - b64 chmod
- 4.1.9 Ensure discretionary access control permission modification events are collected - b64 chown
- 4.1.9 Ensure discretionary access control permission modification events are collected - b64 xattr
Miscellaneous- Metadata updated.
- References updated.
Added- 4.1.12 Ensure successful file system mounts are collected - auditctl b32 mount
- 4.1.12 Ensure successful file system mounts are collected - b32 mount
- 4.1.16 Ensure kernel module loading and unloading is collected - auditctl b32 init_module, delete_module
- 4.1.16 Ensure kernel module loading and unloading is collected - auditctl b64 init_module, delete_module
- 4.1.16 Ensure kernel module loading and unloading is collected - b32 init_module, delete_module
- 4.1.16 Ensure kernel module loading and unloading is collected - b64 init_module, delete_module
Removed- 4.1.12 Ensure successful file system mounts are collected - 32b mount
- 4.1.12 Ensure successful file system mounts are collected - auditctl 32b mount
- 4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module, delete_module
- 4.1.16 Ensure kernel module loading and unloading is collected - init_module, delete_module
|
Jul 5, 2023 Functional Update- 4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct
- 4.1.2.3 Ensure system is disabled when audit logs are full - admin_space_left_action
|
Apr 12, 2023 Miscellaneous- Metadata updated.
- Platform check updated.
- Variables updated.
|
Mar 7, 2023 Miscellaneous- Metadata updated.
- References updated.
|
Jan 4, 2023 Miscellaneous- Metadata updated.
- Variables updated.
|
