| 1.1.36 Ensure that the AdvancedAuditing argument is not set to false - AdvancedAuditing | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.6 Ensure auditing is configured for Docker files and directories - /var/lib/docker | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.12 Ensure auditing is configured for Docker files and directories - /usr/bin/docker-containerd | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - '/etc/localtime' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'adjtimex - 64bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'adjtimex' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'auditctl adjtimex (64-bit)' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'auditctl clock_settime' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime b64 | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl localtime | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - clock_settime b32 | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - localtime | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - '/etc/group' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - 'auditctl /etc/passwd' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - 'auditctl shadow' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl /etc/sysconfig/networks' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl hosts' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl networks' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl sethostname/setdomainname (64-bit)' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 'auditctl sethostname/setdomainname' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - '/etc/apparmor.d/' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - '/usr/share/selinux/' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - 'auditctl /etc/apparmor.d/' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - 'auditctl /etc/apparmor.d/' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - 'auditctl /usr/share/selinux/' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'chown' (64-bit) | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr' (64-bit) | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b64 chmod/fchmod/fchmodat | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b64 chown/fchown/fchownat/lchown | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'auditctl EPERM' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'EPERM' (64-bit) | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCES | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure successful file system mounts are collected - auditctl mounts | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure successful file system mounts are collected - b64 mounts | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - '/etc/sudoers.d' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - 'auditctl sudoers.d' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/insmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/modprobe' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl insmod' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl modprobe' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl modprobe' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - modprobe | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Debug Level Daemon Logging - Check if permissions for /var/log/connlog are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category update | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category xfer-in | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | AUDIT AND ACCOUNTABILITY |
