SRG-OS-000064-GPOS-00033 Controls

STIG IDVersionTitleProduct
SLES-15-030610V1R4The SUSE operating system must generate audit records for all uses of the truncate command.
UBTU-18-010201V2R12The Ubuntu operating system must generate audit records for the use and modification of the tallylog file.
UBTU-18-010202V2R12The Ubuntu operating system must generate audit records for the use and modification of faillog file.
UBTU-18-010203V2R12The Ubuntu operating system must generate audit records for the use and modification of the lastlog file.
UBTU-18-010315V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.
UBTU-18-010316V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.
UBTU-18-010317V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.
UBTU-18-010318V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.
UBTU-18-010319V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.
UBTU-18-010320V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
UBTU-18-010321V2R12The Ubuntu operating system must generate audit records for any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
UBTU-18-010327V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
UBTU-18-010331V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
UBTU-18-010334V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
UBTU-18-010340V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.
UBTU-18-010341V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.
UBTU-18-010342V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.
UBTU-18-010343V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.
UBTU-18-010344V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.
UBTU-18-010345V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
UBTU-18-010346V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.
UBTU-18-010347V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.
UBTU-18-010348V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the passwd command.
UBTU-18-010349V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.
UBTU-18-010350V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.
UBTU-18-010351V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.
UBTU-18-010352V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the usermod command.
UBTU-18-010353V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the crontab command.
UBTU-18-010354V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
UBTU-18-010356V2R12The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the finit_module syscall.
UBTU-20-010136V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.
UBTU-20-010137V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.
UBTU-20-010138V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.
UBTU-20-010139V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.
UBTU-20-010140V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.
UBTU-20-010141V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
UBTU-20-010142V1R6The Ubuntu operating system must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
UBTU-20-010148V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
UBTU-20-010152V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
UBTU-20-010155V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
UBTU-20-010161V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.
UBTU-20-010162V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.
UBTU-20-010163V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.
UBTU-20-010164V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.
UBTU-20-010165V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.
UBTU-20-010166V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
UBTU-20-010167V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.
UBTU-20-010168V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.
UBTU-20-010169V1R6The Ubuntu operating system must generate audit records for the use and modification of the tallylog file.
UBTU-20-010170V1R6The Ubuntu operating system must generate audit records for the use and modification of faillog file.
UBTU-20-010171V1R6The Ubuntu operating system must generate audit records for the use and modification of the lastlog file.
UBTU-20-010172V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the passwd command.
UBTU-20-010173V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.
UBTU-20-010174V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.
UBTU-20-010175V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.
UBTU-20-010176V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the usermod command.
UBTU-20-010177V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the crontab command.
UBTU-20-010178V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
UBTU-20-010179V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the init_module and finit_module syscalls.
UBTU-20-010181V1R6The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the delete_module syscall.
APPL-13-001020V1R5The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.
OL07-00-030370V3R1The Oracle Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.
OL07-00-030510V3R1The Oracle Linux operating system must audit all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.
RHEL-07-030370V3R6The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.
RHEL-07-030510V3R6The Red Hat Enterprise Linux operating system must audit all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.
SLES-12-020500V2R5The SUSE operating system must generate audit records for all uses of the truncate command.
APPL-15-000190V1R1The macOS system must configure sudo to log events.
UBTU-24-900070V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the su command.
UBTU-24-900080V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chfn command.
UBTU-24-900090V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the mount command.
UBTU-24-900100V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the umount command.
UBTU-24-900110V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-agent command.
UBTU-24-900120V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
UBTU-24-900130V1R1Ubuntu 24.04 LTS must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
UBTU-24-900140V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
UBTU-24-900150V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
UBTU-24-900160V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
UBTU-24-900170V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the sudo command.
UBTU-24-900180V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the sudoedit command.
UBTU-24-900190V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chsh command.
UBTU-24-900200V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the newgrp command.
UBTU-24-900210V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chcon command.
UBTU-24-900220V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
UBTU-24-900230V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the setfacl command.
UBTU-24-900240V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chacl command.
UBTU-24-900250V1R1Ubuntu 24.04 LTS must generate audit records for the use and modification of faillog file.
UBTU-24-900260V1R1Ubuntu 24.04 LTS must generate audit records for the use and modification of the lastlog file.
UBTU-24-900270V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the passwd command.
UBTU-24-900280V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the unix_update command.
UBTU-24-900290V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the gpasswd command.
UBTU-24-900300V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chage command.
UBTU-24-900310V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the usermod command.
UBTU-24-900320V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the crontab command.
UBTU-24-900330V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
UBTU-24-900340V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the init_module and finit_module syscalls.
UBTU-24-900350V1R1Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the delete_module syscall.
UBTU-22-654010V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the apparmor_parser command.
UBTU-22-654015V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chacl command.
UBTU-22-654020V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chage command.
UBTU-22-654025V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chcon command.
UBTU-22-654030V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chfn command.
UBTU-22-654035V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chsh command.
UBTU-22-654040V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the crontab command.
UBTU-22-654050V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the gpasswd command.
UBTU-22-654065V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the mount command.
UBTU-22-654070V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the newgrp command.
UBTU-22-654075V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.
UBTU-22-654080V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the passwd command.
UBTU-22-654085V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the setfacl command.
UBTU-22-654090V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-agent command.
UBTU-22-654095V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-keysign command.
UBTU-22-654100V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the su command.
UBTU-22-654105V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the sudo command.
UBTU-22-654110V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the sudoedit command.
UBTU-22-654115V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the umount command.
UBTU-22-654120V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the unix_update command.
UBTU-22-654125V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the usermod command.
UBTU-22-654155V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.
UBTU-22-654160V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.
UBTU-22-654165V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
UBTU-22-654170V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the delete_module system call.
UBTU-22-654175V1R1Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the init_module and finit_module system calls.
UBTU-22-654180V1R1Ubuntu 22.04 LTS must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
UBTU-22-654210V1R1Ubuntu 22.04 LTS must generate audit records for the use and modification of faillog file.
UBTU-22-654215V1R1Ubuntu 22.04 LTS must generate audit records for the use and modification of the lastlog file.
WN11-AU-000050V1R6The system must be configured to audit Detailed Tracking - Process Creation successes.