Detections
Analytics

CCI|CCI-000169

Title

Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a. on organization-defined information system components.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.125 - Audit policy using subcategories is enabled.WindowsDISA Windows Vista STIG v6r41
AIX7-00-002016 - AIX must provide audit record generation functionality for DoD-defined auditable events.UnixDISA STIG AIX 7.x v3r1
ALMA-09-004970 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005080 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005190 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005300 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005410 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-005960 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-006070 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-045670 - AlmaLinux OS 9 audit system must audit local events.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-047100 - The audit package must be installed on AlmaLinux OS 9.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-047540 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-047650 - AlmaLinux OS 9 must generate audit records for any use of the "mount" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-047760 - AlmaLinux OS 9 must generate audit records for any use of the "umount" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-047870 - Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-047980 - AlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048090 - AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048200 - AlmaLinux OS 9 must generate audit records for any use of the "chacl" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048310 - AlmaLinux OS 9 must generate audit records for any use of the "chage" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048420 - AlmaLinux OS 9 must generate audit records for any use of the "chcon" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048530 - AlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048640 - AlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048750 - AlmaLinux OS 9 must generate audit records for any use of the "chsh" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048860 - AlmaLinux OS 9 must generate audit records for any use of the "crontab" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-048970 - AlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049190 - AlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049300 - AlmaLinux OS 9 must audit all uses of the kmod command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049410 - AlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049520 - AlmaLinux OS 9 must generate audit records for any use of the "passwd" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049630 - AlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049740 - AlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049850 - AlmaLinux OS 9 must generate audit records for any use of the "su" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-049960 - AlmaLinux OS 9 must generate audit records for any use of the "sudo" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050070 - AlmaLinux OS 9 must generate audit records for any use of the "semanage" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050180 - AlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050290 - AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050400 - AlmaLinux OS 9 must generate audit records for any use of the "setsebool" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050510 - AlmaLinux OS 9 must generate audit records for any use of the "ssh-agent" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050620 - AlmaLinux OS 9 must generate audit records for any use of the "ssh-keysign" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050730 - AlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050840 - AlmaLinux OS 9 must generate audit records for any use of the "pam_timestamp_check" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-050950 - AlmaLinux OS 9 must generate audit records for any use of the "unix_chkpwd" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-051060 - AlmaLinux OS 9 must generate audit records for any use of the "unix_update" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-051170 - AlmaLinux OS 9 must generate audit records for any use of the "userhelper" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-051280 - AlmaLinux OS 9 must generate audit records for any use of the "usermod" command.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-051390 - AlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
ALMA-09-054910 - The auditd service must be enabled on AlmaLinux OS 9.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r2
AOSX-13-000240 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.15 v1r10