Detections
Analytics

800-53|AU-2d.

Title

AUDIT EVENTS

Description

Determines that the following events are to be audited within the information system: [Assignment: organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.1.1.2 Ensure auditd service is enabled and runningUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - chown 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - chown 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchown 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchown 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 4 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - lchown 32 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - lchown 64 bitUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - faillockUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - lastlogUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.8 Ensure an agent for AWS Cloudwatch Logs is installed within Auto-Scaling Group for Web-Tieramazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
5.9 Ensure an agent for AWS Cloudwatch Logs is installed within Auto-Scaling Group for App-Tieramazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged'UnixDISA STIG AIX 5.3 v1r2
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged'UnixDISA STIG AIX 6.1 v1r14
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'UnixDISA STIG AIX 5.3 v1r2
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'UnixDISA STIG AIX 6.1 v1r14
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_ACCT must not exist'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_ACCT must not exist'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_AUTH must not exist'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_AUTH must not exist'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_END must not exist'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_END must not exist'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_LOGIN must not exist'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_LOGIN must not exist'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog 'authpriv.*'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog 'authpriv.*'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - rsyslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog 'authpriv.*'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog 'authpriv.*'UnixDISA STIG for Oracle Linux 5 v2r1
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog 'authpriv.*'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account - syslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN001060 - The system must log successful and unsuccessful access to the root account.UnixDISA STIG AIX 6.1 v1r14
GEN001060 - The system must log successful and unsuccessful access to the root account.UnixDISA STIG AIX 5.3 v1r2
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/config FILE_Open exists'UnixDISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/config FILE_Open exists'UnixDISA STIG AIX 5.3 v1r2
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/events FILE_Open exists'UnixDISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/events FILE_Open exists'UnixDISA STIG AIX 5.3 v1r2
GEN002720 - System must be configured to audit failed attempts to access files/programs - 'User audit class assignments should be reviewed'UnixDISA STIG AIX 6.1 v1r14
GEN002720 - System must be configured to audit failed attempts to access files/programs - 'User audit class assignments should be reviewed'UnixDISA STIG AIX 5.3 v1r2
GEN002720 - The audit system must be configured to audit failed attempts to access files and programs - '-S creat -F exit=-EACCES'UnixDISA STIG for Oracle Linux 5 v2r1