CSCv6|3.6

Title

Implement and test an automated configuration monitoring system that verifies all remotely testable secure configuration elements, and alerts when unauthorized changes occur. This includes detecting new listening ports, new administrative users, changes to group and local policy objects (where applicable), and new services running on a system. Whenever possible use tools compliant with the Security Content Automation Protocol (SCAP) in order to streamline reporting and integration.

Description

Implement and test an automated configuration monitoring system that verifies all remotely testable secure configuration elements, and alerts when unauthorized changes occur. This includes detecting new listening ports, new administrative users, changes to group and local policy objects (where applicable), and new services running on a system. Whenever possible use tools compliant with the Security Content Automation Protocol (SCAP) in order to streamline reporting and integration.

Reference Item Details

Category: Secure Configurations for Hardware and Software

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chmod (64-bit)'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chmod (64-bit)'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chmod'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chmod'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chown (64-bit)'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chown (64-bit)'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chown'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chown'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl setxattr (64-bit)'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl setxattr (64-bit)'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl setxattr'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl setxattr'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'chmod'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'chmod'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'chmod' (64-bit)UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'chmod' (64-bit)UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'chown'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'chown'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'chown' (64-bit)UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'chown' (64-bit)UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr' (64-bit)UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr' (64-bit)UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b64UnixCIS Amazon Linux v2.1.0 L2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b64 chmod/fchmod/fchmodatUnixCIS Amazon Linux v2.1.0 L2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b64 chown/fchown/fchownat/lchownUnixCIS Amazon Linux v2.1.0 L2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodatUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodatUnixCIS Debian 8 Server L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat x64UnixCIS Debian 8 Workstation L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat x64UnixCIS Debian 8 Server L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodatUnixCIS Amazon Linux v2.1.0 L2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchownUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchownUnixCIS Debian 8 Server L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown x64UnixCIS Debian 8 Server L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown x64UnixCIS Debian 8 Workstation L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchownUnixCIS Amazon Linux v2.1.0 L2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl lsetxattr setxattr fsetxattr removexattrUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl lsetxattr setxattr fsetxattr removexattrUnixCIS Debian 8 Server L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr x64UnixCIS Debian 8 Workstation L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr x64UnixCIS Debian 8 Server L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr/removexattrUnixCIS Amazon Linux v2.1.0 L2
4.1.10 Ensure discretionary access control permission modification events are collected - b64 chmod/fchmod/fchmodatUnixCIS Amazon Linux v2.1.0 L2
4.1.10 Ensure discretionary access control permission modification events are collected - b64 chown/fchown/fchownat/lchownUnixCIS Amazon Linux v2.1.0 L2
4.1.10 Ensure discretionary access control permission modification events are collected - b64 setxattr/lsetxattr/fsetxattr/removexattrUnixCIS Amazon Linux v2.1.0 L2
4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodatUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodatUnixCIS Debian 8 Server L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat x64UnixCIS Debian 8 Server L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat x64UnixCIS Debian 8 Workstation L2 v2.0.2
4.1.10 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodatUnixCIS Amazon Linux v2.1.0 L2