SRG-OS-000064-GPOS-00033 Controls

STIG IDVersionTitleProduct
UBTU-18-010201V2R15The Ubuntu operating system must generate audit records for the use and modification of the tallylog file.
UBTU-18-010202V2R15The Ubuntu operating system must generate audit records for the use and modification of faillog file.
UBTU-18-010203V2R15The Ubuntu operating system must generate audit records for the use and modification of the lastlog file.
UBTU-18-010315V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.
UBTU-18-010316V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.
UBTU-18-010317V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.
UBTU-18-010318V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.
UBTU-18-010319V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.
UBTU-18-010320V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
UBTU-18-010321V2R15The Ubuntu operating system must generate audit records for any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
UBTU-18-010327V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
UBTU-18-010331V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
UBTU-18-010334V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
UBTU-18-010340V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.
UBTU-18-010341V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.
UBTU-18-010342V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.
UBTU-18-010343V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.
UBTU-18-010344V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.
UBTU-18-010345V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
UBTU-18-010346V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.
UBTU-18-010347V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.
UBTU-18-010348V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the passwd command.
UBTU-18-010349V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.
UBTU-18-010350V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.
UBTU-18-010351V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.
UBTU-18-010352V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the usermod command.
UBTU-18-010353V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the crontab command.
UBTU-18-010354V2R15The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
UBTU-20-010136V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.
UBTU-20-010137V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.
UBTU-20-010138V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.
UBTU-20-010139V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.
UBTU-20-010140V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.
UBTU-20-010141V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
UBTU-20-010142V1R9The Ubuntu operating system must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
UBTU-20-010148V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
UBTU-20-010152V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
UBTU-20-010155V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
UBTU-20-010161V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.
UBTU-20-010162V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.
UBTU-20-010163V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.
UBTU-20-010164V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.
UBTU-20-010165V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.
UBTU-20-010166V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
UBTU-20-010167V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.
UBTU-20-010168V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.
UBTU-20-010169V1R9The Ubuntu operating system must generate audit records for the use and modification of the tallylog file.
UBTU-20-010170V1R9The Ubuntu operating system must generate audit records for the use and modification of faillog file.
UBTU-20-010171V1R9The Ubuntu operating system must generate audit records for the use and modification of the lastlog file.
UBTU-20-010172V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the passwd command.
UBTU-20-010173V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.
UBTU-20-010174V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.
UBTU-20-010175V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.
UBTU-20-010176V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the usermod command.
UBTU-20-010177V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the crontab command.
UBTU-20-010178V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
UBTU-20-010179V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the init_module and finit_module syscalls.
UBTU-20-010181V1R9The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the delete_module syscall.
UBTU-24-900070V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the su command.
UBTU-24-900080V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chfn command.
UBTU-24-900090V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the mount command.
UBTU-24-900100V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the umount command.
UBTU-24-900110V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-agent command.
UBTU-24-900120V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
UBTU-24-900130V1R1Ubuntu 24.04 LTS must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
UBTU-24-900140V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
UBTU-24-900150V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
UBTU-24-900160V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
UBTU-24-900170V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the sudo command.
UBTU-24-900180V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the sudoedit command.
UBTU-24-900190V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chsh command.
UBTU-24-900200V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the newgrp command.
UBTU-24-900210V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chcon command.
UBTU-24-900220V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
UBTU-24-900230V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the setfacl command.
UBTU-24-900240V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chacl command.
UBTU-24-900250V1R1Ubuntu 24.04 LTS must generate audit records for the use and modification of faillog file.
UBTU-24-900260V1R1Ubuntu 24.04 LTS must generate audit records for the use and modification of the lastlog file.
UBTU-24-900270V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the passwd command.
UBTU-24-900280V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the unix_update command.
UBTU-24-900290V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the gpasswd command.
UBTU-24-900300V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chage command.
UBTU-24-900310V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the usermod command.
UBTU-24-900320V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the crontab command.
UBTU-24-900330V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
UBTU-24-900340V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the init_module and finit_module syscalls.
UBTU-24-900350V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the delete_module syscall.
APPL-15-000190V1R1The macOS system must configure sudo to log events.
WN11-AU-000050V2R1The system must be configured to audit Detailed Tracking - Process Creation successes.
UBTU-22-654010V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
UBTU-22-654015V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chacl command.
UBTU-22-654020V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chage command.
UBTU-22-654025V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chcon command.
UBTU-22-654030V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chfn command.
UBTU-22-654035V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chsh command.
UBTU-22-654040V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the crontab command.
UBTU-22-654050V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the gpasswd command.
UBTU-22-654065V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the mount command.
UBTU-22-654070V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the newgrp command.
UBTU-22-654075V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
UBTU-22-654080V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the passwd command.
UBTU-22-654085V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the setfacl command.
UBTU-22-654090V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-agent command.
UBTU-22-654095V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
UBTU-22-654100V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the su command.
UBTU-22-654105V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the sudo command.
UBTU-22-654110V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the sudoedit command.
UBTU-22-654115V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the umount command.
UBTU-22-654120V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the unix_update command.
UBTU-22-654125V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the usermod command.
UBTU-22-654155V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
UBTU-22-654160V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
UBTU-22-654165V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
UBTU-22-654170V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the delete_module system call.
UBTU-22-654175V2R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the init_module and finit_module system calls.
UBTU-22-654180V2R1Ubuntu 22.04 LTS must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
UBTU-22-654210V2R1Ubuntu 22.04 LTS must generate audit records for the use and modification of faillog file.
UBTU-22-654215V2R1Ubuntu 22.04 LTS must generate audit records for the use and modification of the lastlog file.
RHEL-07-030370V3R8The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.
RHEL-07-030510V3R8The Red Hat Enterprise Linux operating system must audit all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.
SLES-15-030610V1R4The SUSE operating system must generate audit records for all uses of the truncate command.
SLES-12-020500V2R5The SUSE operating system must generate audit records for all uses of the truncate command.
OL07-00-030370V2R14The Oracle Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.
OL07-00-030510V2R14The Oracle Linux operating system must audit all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.