| ALMA-09-047540 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-048090 - AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-048530 - AlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-048860 - AlmaLinux OS 9 must generate audit records for any use of the "crontab" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-049300 - AlmaLinux OS 9 must audit all uses of the kmod command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-049960 - AlmaLinux OS 9 must generate audit records for any use of the "sudo" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-050290 - AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-050730 - AlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-050950 - AlmaLinux OS 9 must generate audit records for any use of the "unix_chkpwd" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-051060 - AlmaLinux OS 9 must generate audit records for any use of the "unix_update" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-051170 - AlmaLinux OS 9 must generate audit records for any use of the "userhelper" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| BIND-9X-001021 - In the event of an error when validating the binding of other DNS servers identity to the BIND 9.x information, when anomalies in the operation of the signed zone transfers are discovered, for the success and failure of start and stop of the name server service or daemon, and for the success and failure of all name server events, a BIND 9.x server implementation must generate a log entry. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| OL08-00-030260 - OL 8 must generate audit records for any uses of the "chcon" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030280 - OL 8 must generate audit records for any use of the "ssh-agent" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030300 - OL 8 must generate audit records for any use of the "mount" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030302 - OL 8 must generate audit records for any use of the "mount" syscall. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030310 - OL 8 must generate audit records for any use of the "unix_update" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030340 - OL 8 must generate audit records for any use of the "pam_timestamp_check" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030390 - OL 8 must generate audit records for any use of the delete_module syscall. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030410 - OL 8 must generate audit records for any use of the "chsh" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030420 - OL 8 must generate audit records for any use of the "truncate", "ftruncate", "creat", "open", "openat", and "open_by_handle_at" system calls. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030480 - OL 8 must generate audit records for any use of the "chown", "fchown", "fchownat", and "lchown" system calls. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030490 - OL 8 must generate audit records for any use of the "chmod", "fchmod", and "fchmodat" system calls. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030550 - OL 8 must generate audit records for any use of the "sudo" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030560 - OL 8 must generate audit records for any use of the "usermod" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030580 - OL 8 must generate audit records for any use of the "kmod" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030602 - OL 8 must allocate an "audit_backlog_limit" of sufficient size to capture processes that start prior to the audit daemon. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL09-00-000610 - OL 9 must audit all uses of the ssh-keysign command. | DISA Oracle Linux 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL09-00-000645 - OL 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls. | DISA Oracle Linux 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL09-00-000665 - OL 9 must audit all uses of the chacl command. | DISA Oracle Linux 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL09-00-000685 - OL 9 must audit all uses of the delete_module system call. | DISA Oracle Linux 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL09-00-000695 - OL 9 must audit all uses of the kmod command. | DISA Oracle Linux 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654055 - RHEL 9 must audit all uses of the setfiles command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654060 - RHEL 9 must audit all uses of the setsebool command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654110 - RHEL 9 must audit all uses of the newgrp command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654115 - RHEL 9 must audit all uses of the pam_timestamp_check command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654120 - RHEL 9 must audit all uses of the passwd command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654125 - RHEL 9 must audit all uses of the postdrop command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654150 - RHEL 9 must audit all uses of the sudo command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654155 - RHEL 9 must audit all uses of the sudoedit command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654165 - RHEL 9 must audit all uses of the unix_update command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020250 - The SUSE operating system must generate audit records for all uses of the su command. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020290 - The SUSE operating system must generate audit records for all uses of the mount command. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020310 - The SUSE operating system must generate audit records for all uses of the ssh-agent command. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020570 - The SUSE operating system must generate audit records for all uses of the newgrp command. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020630 - Successful/unsuccessful attempts to modify categories of information (e.g., classification levels) must generate audit records. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020670 - The SUSE operating system must generate audit records for all uses of the passmass command. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020690 - The SUSE operating system must generate audit records for all uses of the chage command. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020700 - The SUSE operating system must generate audit records for all uses of the usermod command. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020730 - The SUSE operating system must generate audit records for all uses of the delete_module command. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
