| 1.3 Configure SSH - Check if MaxAuthTriesLog is set to 0 and not commented for server. | CIS Solaris 9 v1.3 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.6.2 Enable FTP Logon Attempt Restrictions - Deny IP Address | CIS IIS 8.0 v1.4.0 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.9.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler exists inin default) | CIS Apache Tomcat5.5/6.0 L1 v1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.7 Set diagnostic logging to capture errors and warnings | CIS v1.1.0 IBM DB2 v10 Linux OS Level 2 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.4 Ensure suspicious packets are logged - sysctl.conf ipv4 all log_martians | CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl b32 clock_settime | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl b64 adjtimex | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl b64 clock_settime | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - b32 adjtimex | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - b64 adjtimex | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/issue | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - b64 sethostname | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/security/opasswd | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/hosts | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylog | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure login and logout events are collected - auditctl /var/log/tallylog | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure session initiation information is collected - /var/log/btmp | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure session initiation information is collected - /var/log/btmp | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b32 chmod | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 xattr | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl b64 xattr | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - b32 chmod | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - b64 xattr | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b32 chmod fchmod | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b64 setxattr | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EPERM | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EACCES | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - auditctl b32 delete | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - auditctl b64 delete | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - b32 delete | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.d | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl init_module, delete_module | CIS Oracle Linux 7 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - init_module, delete_module | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - modprobe | CIS Oracle Linux 7 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl | CIS Ubuntu Linux 16.04 LTS Workstation L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - b64 | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - rmmod | CIS SUSE Linux Enterprise Server 11 L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Capture syslog AUTH Messages - Check if auth.info is set to var/log/authlog | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Capture syslog AUTH Messages - Check if authlog in /etc/logadm.conf is appropiately set | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Enable cron Logging - Check if CRONLOG is set to yes in /etc/default/cron. | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'naflags:lo,ad,ex' is set in /etc/security/audit_control. | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'root:lo,ad:no' is set in /etc/security/audit_user. | CIS Solaris 10 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
