| 4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chmod (64-bit)' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chmod' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chown' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl setxattr (64-bit)' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'chmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'chmod' (64-bit) | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'chown' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'chown' (64-bit) | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b64 | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b64 setxattr | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b64 setxattr | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b32 chmod fchmod | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b64 setxattr | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat x64 | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat x64 | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown fchown fchownat lchown | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown fchown fchownat lchown | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES 32-bit | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM | CIS Debian Family Workstation L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM 64-bit | CIS CentOS 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - EPERM | CIS Debian Family Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - rules.d EACCES 64-bit | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - rules.d EPERM 64-bit | CIS CentOS 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES x64 | CIS Debian 9 Server L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM | CIS Debian 9 Server L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCES x64 | CIS Debian 9 Server L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.9 Ensure discretionary access control permission modification events are collected | CIS Amazon Linux 2023 v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-048090 - AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Ensure discretionary access control permission modification events are collected - auditctl b32 chmod fchmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - auditctl b32 chown fchown | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - auditctl b32 setxattr | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - auditctl b64 setxattr | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - b64 chmod fchmod | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure discretionary access control permission modification events are collected - b64 setxattr | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-701000 - RHEL 10 must clear the page allocator to prevent use-after-free attacks. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-020600 - Successful/unsuccessful uses of the truncate command must generate an audit record - EACCES b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020610 - Successful/unsuccessful uses of the ftruncate command must generate an audit record - EACCES b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020630 - Successful/unsuccessful uses of the openat command must generate an audit record - EACCES b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020630 - Successful/unsuccessful uses of the openat command must generate an audit record - EPERM b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020640 - Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record - EACCES b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020640 - Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record - EACCES b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020640 - Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record - EPERM b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - SMTP Notification | Oracle WebLogic Server 12c Windows v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
