STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← AU-2 — Event Logging

CCI-000126

Definition

Specify the organization-defined event types (subset of the event types defined in AU-2a) along with the frequency of (or situation requiring logging for each identified event type.

Parent Control

AU-2Event LoggingAudit and Accountability

Linked STIG Checks (37)

V-221778CAT IIThe Oracle Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.Oracle Linux 7 Security Technical Implementation GuideV-204503CAT IIThe Red Hat Enterprise Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users.Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-204517CAT IIThe Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-204540CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all unsuccessful account access events.Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-204541CAT IIThe Red Hat Enterprise Linux operating system must generate audit records for all successful account access events.Red Hat Enterprise Linux 7 Security Technical Implementation GuideV-11980CAT IIThe system must log successful and unsuccessful access to the root account.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-12004CAT IIThe system must log informational authentication data.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22383CAT IIThe audit system must be configured to audit the loading and unloading of dynamic kernel modules.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22418CAT IIIThe system must log martian packets.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29236CAT IIThe audit system must be configured to audit failed attempts to access files and programs.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29237CAT IIThe audit system must be configured to audit failed attempts to access files and programs.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29238CAT IIThe audit system must be configured to audit failed attempts to access files and programs.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29239CAT IIThe audit system must be configured to audit failed attempts to access files and programs.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29240CAT IIThe audit system must be configured to audit file deletions.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29250CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29251CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29252CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29253CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29255CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29257CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29259CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29272CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29274CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29275CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29279CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29281CAT IIThe audit system must be configured to audit the loading and unloading of dynamic kernel modules - delete_module.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29284CAT IIThe audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/insmod.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29286CAT IIThe audit system must be configured to audit the loading and unloading of dynamic kernel modules -/sbin/modprobe.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-29288CAT IIThe audit system must be configured to audit the loading and unloading of dynamic kernel modules - /sbin/rmmodSUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-765CAT IISuccessful and unsuccessful logins and logouts must be logged.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-814CAT IIThe audit system must be configured to audit failed attempts to access files and programs.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-815CAT IIThe audit system must be configured to audit file deletions.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-818CAT IIThe audit system must be configured to audit login, logout, and session initiation.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-819CAT IIThe audit system must be configured to audit all discretionary access control permission modifications.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-836CAT IIThe system syslog service must log informational and more severe SMTP service messages.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-941CAT IIThe systems access control program must log each system access attempt.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-982CAT IICron logging must be implemented.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide