| 1.1.2 Ensure 'Enable Log on High DP Load' is enabled | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 1.10.1 Ensure 'logging' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.11 Audit Docker files and directories - docker-registry.service | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Enable Stack Protection - set noexec_user_stack_log = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - auditctl delete | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - auditctl delete (64-bit) | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_ACCEPT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKACCEPT : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_ACLSET : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_ACLSET : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_LCHOWN : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Debug Level Daemon Logging - Check if daemon.debug is set to /var/log/connlog | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_CHROOT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_PFEXEC : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETEUID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETGID : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETREGID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETREUID : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active non-attributable flags = lo | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile (active) | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile attributes: p_minfree=1; | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - userattr audit_flags root | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - var/audit/*.not_terminated.* | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Enable System Accounting - Check if contents of /var/spool/cron/crontabs/sys (/usr/lib/sa/sa1)are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2.4 Log Suspicious Packets - net.ipv4.conf.all.log_martians | CIS Debian Linux 7 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.4 Record Events That Modify Date and Time Information - 32 bit adjtimex | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.4 Record Events That Modify Date and Time Information- '32bit adjtimex' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.4 Record Events That Modify Date and Time Information- 'time-change' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.5 Record Events That Modify User/Group Information - /etc/passwd | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.5 Record Events That Modify User/Group Information- '/etc/security/opasswd' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.6 Record Events That Modify the System's Network Environment - '/etc/hosts' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.6 Record Events That Modify the System's Network Environment - 32 bit system-locale | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.6 Record Events That Modify the System's Network Environment- '/etc/issue.net' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.6 Record Events That Modify the System's Network Environment- '32bit sethostname' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.8 Collect Login and Logout Events - /var/log/lastlog | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.9 Collect Session Initiation Information- '/var/log/btmp' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.9 Collect Session Initiation Information- '/var/log/wtmp' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.10 Collect Discretionary Access Control Permission Modification Events - 64 bit chown | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files - 64 bit EACCES | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files- '64bit EACCES' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.13 Collect Successful File System Mounts - '64bit mount' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.14 Collect File Deletion Events by User - 32 bit unlink | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.14 Collect File Deletion Events by User- '32bit unlink/unlinkat/rename/renameat' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.16 Collect System Administrator Actions (sudolog) | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.17 Collect Kernel Module Loading and Unloading - /sbin/insmod | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing for New Objects (QCRTOBJAUD) - '*CHANGE' | IBM System i Security Reference for V7R3 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing Level (QAUDLVL) - '*SECURITY' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing Level (QAUDLVL) - '*SECURITY' | IBM System i Security Reference for V7R2 | AS/400 | AUDIT AND ACCOUNTABILITY |
