CCI|CCI-000135

Title

Generate audit records containing the organization-defined additional information that is to be included in the audit records.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers.d	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.10 Ensure use of privileged commands is collected	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.15 Ensure all uses of the passwd command are audited.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.16 Ensure auditing of the unix_chkpwd command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.17 Ensure audit of the gpasswd command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.18 Ensure audit all uses of chage	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.19 Ensure audit all uses of the chsh command.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.20 Ensure audit the umount command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.21 Ensure audit of postdrop command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.22 Ensure audit of postqueue command.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.23 Ensure audit ssh-keysign command.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.24 Ensure audit of crontab command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.36 Ensure audit of the userhelper command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.37 Ensure audit of the mount command and syscall	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.37 Ensure audit of the mount command and syscall - 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.37 Ensure audit of the mount command and syscall - 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.38 Ensure audit of the su command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.40 Ensure audit all uses of the newgrp command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands.	Unix	DISA STIG AIX 7.x v3r1
ALMA-09-004970 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005080 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005190 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005300 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005410 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005960 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-006070 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-047100 - The audit package must be installed on AlmaLinux OS 9.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-047540 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-047980 - AlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048090 - AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048200 - AlmaLinux OS 9 must generate audit records for any use of the "chacl" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048310 - AlmaLinux OS 9 must generate audit records for any use of the "chage" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048420 - AlmaLinux OS 9 must generate audit records for any use of the "chcon" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048530 - AlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048640 - AlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048750 - AlmaLinux OS 9 must generate audit records for any use of the "chsh" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048860 - AlmaLinux OS 9 must generate audit records for any use of the "crontab" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048970 - AlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049190 - AlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049300 - AlmaLinux OS 9 must audit all uses of the kmod command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049410 - AlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049520 - AlmaLinux OS 9 must generate audit records for any use of the "passwd" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049630 - AlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049740 - AlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049850 - AlmaLinux OS 9 must generate audit records for any use of the "su" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049960 - AlmaLinux OS 9 must generate audit records for any use of the "sudo" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050070 - AlmaLinux OS 9 must generate audit records for any use of the "semanage" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050180 - AlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050290 - AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.	Unix	DISA CloudLinux AlmaLinux OS 9 STIG v1r2

Detections

Analytics

CCI|CCI-000135

Title

Reference Item Details

Audit Items