Detections
Analytics

CSCv6|5.4

Title

Configure systems to issue a log entry and alert when an account is added to or removed from a domain administrators' group, or when a new local administrator account is added on a system.

Description

Configure systems to issue a log entry and alert when an account is added to or removed from a domain administrators' group, or when a new local administrator account is added on a system.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE'OracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
4.1.4 Ensure events that modify user/group information are collected - /etc/groupUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.4 Ensure events that modify user/group information are collected - /etc/groupUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.4 Ensure events that modify user/group information are collected - /etc/groupUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.4 Ensure events that modify user/group information are collected - /etc/groupUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoersUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoersUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoersUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoersUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.dUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.dUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.dUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl sudoers.dUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoersUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoersUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoersUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoersUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.dUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.dUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.dUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
4.1.14 Ensure changes to system administration scope (sudoers) is collected - sudoers.dUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
4.1.15 Ensure changes to system administration scope (sudoers) is collected - '/etc/sudoers.d'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.15 Ensure changes to system administration scope (sudoers) is collected - '/etc/sudoers.d'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.15 Ensure changes to system administration scope (sudoers) is collected - '/etc/sudoers'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.15 Ensure changes to system administration scope (sudoers) is collected - '/etc/sudoers'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.15 Ensure changes to system administration scope (sudoers) is collected - 'auditctl sudoers.d'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.15 Ensure changes to system administration scope (sudoers) is collected - 'auditctl sudoers.d'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.15 Ensure changes to system administration scope (sudoers) is collected - 'auditctl sudoers'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
4.1.15 Ensure changes to system administration scope (sudoers) is collected - 'auditctl sudoers'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoersUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoersUnixCIS Amazon Linux v2.1.0 L2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoersUnixCIS Debian 8 Server L2 v2.0.2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.dUnixCIS Amazon Linux v2.1.0 L2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.d/UnixCIS Debian 8 Server L2 v2.0.2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.d/UnixCIS Debian 8 Workstation L2 v2.0.2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoersUnixCIS Amazon Linux v2.1.0 L2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoersUnixCIS Debian 8 Server L2 v2.0.2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoersUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.dUnixCIS Amazon Linux v2.1.0 L2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.d/UnixCIS Debian 8 Server L2 v2.0.2
4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.d/UnixCIS Debian 8 Workstation L2 v2.0.2
4.1.16 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoersUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.16 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoersUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.16 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.dUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.16 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.dUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.16 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoersUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.16 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoersUnixCIS Distribution Independent Linux Server L2 v2.0.0
4.1.16 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.dUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
4.1.16 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.dUnixCIS Distribution Independent Linux Server L2 v2.0.0