CCI|CCI-000126

Title

The organization determines that the organization-defined subset of the auditable events defined in AU-2 are to be audited within the information system.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.370 - The system must audit all uses of the chown syscall - 32 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.370 - The system must audit all uses of the chown syscall - 64 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.380 - The system must audit all uses of the fchown syscall - 32 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.380 - The system must audit all uses of the fchown syscall - 64 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.390 - The system must audit all uses of the lchown syscall - 32 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.390 - The system must audit all uses of the lchown syscall - 64 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.400 - The system must audit all uses of the fchownat syscall - 32 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.400 - The system must audit all uses of the fchownat syscall - 64 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
4.1.1.2 Ensure auditd service is enabled and running	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - chown 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - chown 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchown 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchown 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 4 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - fchownat 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - lchown 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.12 Ensure discretionary access control permission modification events are collected - lchown 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - faillock	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.13 Ensure login and logout events are collected - lastlog	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
GEN000000-HPUX0040 - The HP-UX AUDOMON_ARGS attribute must be explicitly initialized - '-p 20'	Unix	DISA STIG HP-UX 11.31 v1r19
GEN000000-HPUX0040 - The HP-UX AUDOMON_ARGS attribute must be explicitly initialized - '-t 1'	Unix	DISA STIG HP-UX 11.31 v1r19
GEN000000-HPUX0040 - The HP-UX AUDOMON_ARGS attribute must be explicitly initialized - '-w 90'	Unix	DISA STIG HP-UX 11.31 v1r19
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/btmp'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - '/var/log/wtmp'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'last -5 -R'	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'lastb -5 -R'	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged'	Unix	DISA STIG AIX 5.3 v1r2
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged'	Unix	DISA STIG AIX 6.1 v1r14
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logins are being logged'	Unix	DISA STIG AIX 6.1 v1r13
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'successful logons are being logged'	Unix	DISA STIG HP-UX 11.31 v1r19
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'	Unix	DISA STIG AIX 6.1 v1r13
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'	Unix	DISA STIG AIX 5.3 v1r2
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logins are being logged'	Unix	DISA STIG AIX 6.1 v1r14
GEN000440 - Successful and unsuccessful logins and logouts must be logged - 'unsuccessful logons are being logged'	Unix	DISA STIG HP-UX 11.31 v1r19
GEN001060 - The system must log successful and unsuccessful access to the root account	Unix	DISA STIG HP-UX 11.31 v1r19
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_ACCT must not exist'	Unix	DISA STIG for Oracle Linux 5 v1r14
GEN001060 - The system must log successful and unsuccessful access to the root account - '-Fmsgtype=USER_ACCT must not exist'	Unix	DISA STIG for Oracle Linux 5 v2r1

Detections

Analytics

CCI|CCI-000126

Title

Reference Item Details

Audit Items