STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-9 — Protection of Audit Information

CCI-000164

Definition

Protect audit information from unauthorized deletion.

Parent Control

AU-9Protection of Audit InformationAudit and Accountability

Linked STIG Checks (200)

V-279036CAT IIThe ColdFusion log information must be protected from any type of unauthorized read access by having file ownership set properly.Adobe ColdFusion Security Technical Implementation Guide V-279055CAT IColdFusion must be using an enterprise solution for authentication.Adobe ColdFusion Security Technical Implementation Guide V-274108CAT IIAmazon Linux 2023 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation Guide V-274109CAT IIAmazon Linux 2023 audit log directory must be owned by root to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation Guide V-274110CAT IIAmazon Linux 2023 audit logs file must have mode "0600" or less permissive to prevent unauthorized access to the audit log.Amazon Linux 2023 Security Technical Implementation Guide V-274187CAT IIAmazon Linux 2023 audit system must protect logon user identifiers (UIDs) from unauthorized change.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-268119CAT IINixOS audit system must protect logon UIDs from unauthorized change.Anduril NixOS Security Technical Implementation Guide V-214236CAT IIThe log information from the Apache web server must be protected from unauthorized modification or deletion.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214315CAT IIThe log information from the Apache web server must be protected from unauthorized deletion and modification.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-222947CAT IIJar files in the $CATALINA_HOME/bin/ folder must have their permissions set to 640.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252471CAT IIThe macOS system must be configured with audit log folders set to mode 700 or less permissive.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257177CAT IIThe macOS system must be configured with audit log folders set to mode 700 or less permissive.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268432CAT IIThe macOS system must configure audit log files to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268433CAT IIThe macOS system must configure the audit log folder to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268456CAT IIThe macOS system must configure audit log files to be owned by root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268457CAT IIThe macOS system must configure audit log folders to be owned by root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268458CAT IIThe macOS system must configure the audit log files group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268459CAT IIThe macOS system must configure the audit log folders group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268460CAT IIThe macOS system must configure audit log files to mode 440 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268461CAT IIThe macOS system must configure audit log folders to mode 700 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268462CAT IIThe macOS system must be configured to audit all deletions of object attributes.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268463CAT IIThe macOS system must be configured to audit all changes of object attributes.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268464CAT IIThe macOS system must be configured to audit all failed read actions on the system.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268465CAT IIThe macOS system must be configured to audit all failed write actions on the system.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268473CAT IIThe macOS system must configure audit_control group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268474CAT IIThe macOS system must configure audit_control owner to root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268475CAT IIThe macOS system must configure audit_control owner to mode 440 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268555CAT IThe macOS system must ensure System Integrity Protection is enabled.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-269095CAT IIThe macOS system must configure audit_control to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277040CAT IIThe macOS system must configure audit log files to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277041CAT IIThe macOS system must configure the audit log folder to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277063CAT IIThe macOS system must configure audit log files to be owned by root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277064CAT IIThe macOS system must configure audit log folders to be owned by root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277065CAT IIThe macOS system must configure the audit log files group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277066CAT IIThe macOS system must configure the audit log folders group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277067CAT IIThe macOS system must configure audit log files to mode 440 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277068CAT IIThe macOS system must configure audit log folders to mode 700 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277069CAT IIThe macOS system must be configured to audit all deletions of object attributes.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277070CAT IIThe macOS system must be configured to audit all changes of object attributes.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277071CAT IIThe macOS system must be configured to audit all failed read actions on the system.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277072CAT IIThe macOS system must be configured to audit all failed write actions on the system.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277080CAT IIThe macOS system must configure audit_control group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277081CAT IIThe macOS system must configure audit_control owner to root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277082CAT IIThe macOS system must configure audit_control owner to mode 440 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277083CAT IIThe macOS system must configure audit_control to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277165CAT IThe macOS system must ensure System Integrity Protection (SIP) is enabled.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204938CAT IIThe ALG must protect audit information from unauthorized deletion.Application Layer Gateway Security Requirements Guide V-222502CAT IIThe application must protect audit information from unauthorized deletion.Application Security and Development Security Technical Implementation Guide V-204734CAT IIThe application server must protect log information from unauthorized deletion.Application Server Security Requirements Guide V-237324CAT IIThe ArcGIS Server must protect audit information from any type of unauthorized read access, modification or deletion.ArcGIS for Server 10.3 Security Technical Implementation Guide V-255966CAT IThe Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-79007CAT IIThe BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized deletion.BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide V-254708CAT IIThe BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized deletion.BlackBerry Enterprise Mobility Server 3.x Security Technical Implementation Guide V-237357CAT IIThe CA API Gateway must protect audit information from unauthorized deletion.CA API Gateway ALG Security Technical Implementation Guide V-219231CAT IIThe Ubuntu operating system must be configured so that the audit log directory is not write-accessible by unauthorized users.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219232CAT IIThe Ubuntu operating system must allow only authorized accounts to own the audit log directory.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219233CAT IIThe Ubuntu operating system must ensure only authorized groups can own the audit log directory and its underlying files.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238248CAT IIThe Ubuntu operating system must be configured so that the audit log directory is not write-accessible by unauthorized users.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260598CAT IIUbuntu 22.04 LTS must be configured to permit only authorized users ownership of the audit log files.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260599CAT IIUbuntu 22.04 LTS must permit only authorized groups ownership of the audit log files.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260600CAT IIUbuntu 22.04 LTS must be configured so that the audit log directory is not write-accessible by unauthorized users.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270828CAT IIUbuntu 24.04 LTS must be configured to permit only authorized users ownership of the audit log files.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270829CAT IIUbuntu 24.04 LTS must permit only authorized groups ownership of the audit log files.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270830CAT IIUbuntu 24.04 LTS must be configured so that the audit log directory is not write-accessible by unauthorized users.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221916CAT IIThe Central Log Server must protect audit information from unauthorized deletion.Central Log Server Security Requirements Guide V-215676CAT IIThe Cisco router must be configured to protect audit information from unauthorized deletion.Cisco IOS Router NDM Security Technical Implementation Guide V-220584CAT IIThe Cisco switch must be configured to protect audit information from unauthorized deletion.Cisco IOS Switch NDM Security Technical Implementation Guide V-215821CAT IIThe Cisco router must be configured to protect audit information from unauthorized deletion.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220532CAT IIThe Cisco switch must be configured to protect audit information from unauthorized deletion.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-269536CAT IIAlmaLinux OS 9 audit log directory must be owned by root to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269537CAT IIAlmaLinux OS 9 audit log directory must have 0700 permissions to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269538CAT IIAlmaLinux OS 9 audit logs must be owned by the root group to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269539CAT IIAlmaLinux OS 9 audit logs must be owned by root to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269540CAT IIAlmaLinux OS 9 audit logs must have 0600 permissions to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233058CAT IIThe container platform must protect audit information from unauthorized deletion.Container Platform Security Requirements Guide V-233531CAT IIThe audit information produced by PostgreSQL must be protected from unauthorized deletion.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261877CAT IIThe audit information produced by PostgreSQL must be protected from unauthorized deletion.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206540CAT IIThe audit information produced by the DBMS must be protected from unauthorized deletion.Database Security Requirements Guide V-224150CAT IIThe audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213581CAT IIThe audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-260005CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized deletion.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-259230CAT IIThe audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-217393CAT IIThe BIG-IP appliance must be configured to protect audit information from unauthorized deletion.F5 BIG-IP Device Management Security Technical Implementation Guide V-215751CAT IIThe BIG-IP Core implementation must be configured to protect audit information from unauthorized deletion.F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide V-278388CAT IINGINX must protect audit information from unauthorized access.F5 NGINX Security Technical Implementation Guide V-206688CAT IIThe firewall must protect the traffic log from unauthorized deletion of local log files and log records.Firewall Security Requirements Guide V-234185CAT IIThe FortiGate device must protect audit information from unauthorized deletion.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-234143CAT IThe FortiGate firewall must protect the traffic log from unauthorized deletion of local log files and log records.Fortinet FortiGate Firewall Security Technical Implementation Guide V-203618CAT IIThe operating system must protect audit information from unauthorized deletion.General Purpose Operating System Security Requirements Guide V-217449CAT IIThe HP FlexFabric Switch must protect audit information from unauthorized deletion.HP FlexFabric Switch NDM Security Technical Implementation Guide V-268255CAT IIThe HYCU virtual appliance must protect audit information from unauthorized deletion.HYCU Protege Security Technical Implementation Guide V-215243CAT IIAudit logs on the AIX system must be owned by root.IBM AIX 7.x Security Technical Implementation Guide V-215244CAT IIAudit logs on the AIX system must be group-owned by system.IBM AIX 7.x Security Technical Implementation Guide V-215245CAT IIAudit logs on the AIX system must be set to 660 or less permissive.IBM AIX 7.x Security Technical Implementation Guide V-252559CAT IIThe IBM Aspera Console must protect audit information from unauthorized read access.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252592CAT IIIBM Aspera Faspex must protect audit information from unauthorized modification.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252609CAT IIIBM Aspera Shares must protect audit information from unauthorized deletion.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-213684CAT IIThe audit information produced by DB2 must be protected from unauthorized deletion.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-250328CAT IIThe WebSphere Liberty Server must protect log information from unauthorized access or changes.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255850CAT IIThe WebSphere Application Server must protect log information from unauthorized deletion.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223554CAT IIIBM z/OS SMF collection files (i.e., SYS1.MANx) access must be limited to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS ACF2 Security Technical Implementation Guide V-223701CAT IIIBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS RACF Security Technical Implementation Guide V-223881CAT IIIBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS TSS Security Technical Implementation Guide V-237907CAT IICA VM:Secure product AUDIT file must be restricted to authorized personnel.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-258600CAT IThe ICS must be configured to prevent nonprivileged users from executing privileged functions.Ivanti Connect Secure NDM Security Technical Implementation Guide V-213515CAT IIFile permissions must be configured to protect log information from unauthorized deletion.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-253897CAT IIThe Juniper EX switch must be configured to protect audit information from unauthorized deletion.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217318CAT IIThe Juniper router must be configured to protect audit information from unauthorized deletion.Juniper Router NDM Security Technical Implementation Guide V-213822CAT IIThe audit information produced by SQL Server must be protected from unauthorized deletion.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213944CAT IIThe audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205479CAT IIThe Mainframe Product must protect audit information from unauthorized deletion.Mainframe Product Security Requirements Guide V-253681CAT IIThe audit information produced by MariaDB must be protected from unauthorized deletion.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220351CAT IIThe audit information produced by MarkLogic Server must be protected from unauthorized deletion.MarkLogic Server v9 Security Technical Implementation Guide V-255332CAT IIThe audit information produced by Azure SQL Database must be protected from unauthorized deletion.Microsoft Azure SQL Database Security Technical Implementation Guide V-276298CAT IIThe audit information produced by Azure SQL Managed Instance must be protected from unauthorized access.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-225227CAT IICAS and policy configuration files must be backed up.Microsoft DotNet Framework 4.0 Security Technical Implementation Guide V-221214CAT IIExchange audit data must be protected against unauthorized access for deletion.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-228368CAT IIExchange must protect audit data against unauthorized deletion.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259587CAT IIExchange audit data must be protected against unauthorized access for deletion.Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide V-259662CAT IIExchange must protect audit data against unauthorized deletion.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-283673CAT IIThe log information from the IIS 10.0 website must be protected from unauthorized modification or deletion.Microsoft IIS 10.0 Site Security Technical Implementation Guide V-271282CAT IIThe audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-220782CAT IIWindows 10 permissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows 10 Security Technical Implementation Guide V-220783CAT IIWindows 10 permissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows 10 Security Technical Implementation Guide V-220784CAT IIWindows 10 permissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows 10 Security Technical Implementation Guide V-220978CAT IIThe Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows 10 Security Technical Implementation Guide V-224877CAT IIPermissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224878CAT IIPermissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224879CAT IIPermissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225086CAT IIThe Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205640CAT IIWindows Server 2019 permissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205641CAT IIWindows Server 2019 permissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205642CAT IIWindows Server 2019 permissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205643CAT IIWindows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254296CAT IIWindows Server 2022 permissions for the Application event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254297CAT IIWindows Server 2022 permissions for the Security event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254298CAT IIWindows Server 2022 permissions for the System event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254507CAT IIWindows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278043CAT IIWindows Server 2025 permissions for the Application event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278044CAT IIWindows Server 2025 permissions for the Security event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278045CAT IIWindows Server 2025 permissions for the System event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278257CAT IIThe Windows Server 2025 "Manage auditing and security log" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025 Security Technical Implementation Guide V-221161CAT IIThe audit information produced by MongoDB must be protected from unauthorized read access.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252135CAT IIThe audit information produced by MongoDB must be protected from unauthorized access.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265908CAT IIThe audit information produced by MongoDB must be protected from unauthorized access.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279336CAT IIThe audit information produced by MongoDB must be protected from unauthorized access, modification, and deletion.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-202041CAT IIThe network device must protect audit information from unauthorized deletion.Network Device Management Security Requirements Guide V-254107CAT IINutanix AOS must protect log information from any type of unauthorized access.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-254183CAT IINutanix AOS must protect audit information from unauthorized access.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279427CAT IINutanix AOS must be configured to protect the application server log files from unauthorized access.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279575CAT IINutanix OS must configure audit log permissions for 0600 or less.Nutanix Acropolis GPOS Security Technical Implementation Guide V-219763CAT IIThe DBMS must protect audit information from unauthorized deletion.Oracle Database 11.2g Security Technical Implementation Guide V-220279CAT IIThe system must protect audit information from unauthorized deletion.Oracle Database 12c Security Technical Implementation Guide V-270510CAT IIThe audit information produced by the Oracle Database must be protected from unauthorized access, modification, or deletion.Oracle Database 19c Security Technical Implementation Guide V-221336CAT IIThe log information from OHS must be protected from unauthorized deletion.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221899CAT IIThe Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion.Oracle Linux 7 Security Technical Implementation Guide V-248732CAT IIOL 8 audit logs must have a mode of "0600" or less permissive to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248733CAT IIOL 8 audit logs must be owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248734CAT IIOL 8 audit logs must be group-owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248735CAT IIThe OL 8 audit log directory must be owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248736CAT IIThe OL 8 audit log directory must be group-owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248737CAT IIThe OL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248738CAT IIThe OL 8 audit system must protect auditing rules from unauthorized change.Oracle Linux 8 Security Technical Implementation Guide V-248739CAT IIThe OL 8 audit system must protect logon UIDs from unauthorized change.Oracle Linux 8 Security Technical Implementation Guide V-271583CAT IIOL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Oracle Linux 9 Security Technical Implementation Guide V-271584CAT IIOL 9 audit log directory must be owned by root to prevent unauthorized read access.Oracle Linux 9 Security Technical Implementation Guide V-271585CAT IIOL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.Oracle Linux 9 Security Technical Implementation Guide V-271885CAT IIOL 9 audit system must protect logon UIDs from unauthorized change.Oracle Linux 9 Security Technical Implementation Guide V-271886CAT IIOL 9 audit system must protect auditing rules from unauthorized change.Oracle Linux 9 Security Technical Implementation Guide V-235101CAT IIThe audit information produced by the MySQL Database Server 8.0 must be protected from unauthorized deletion.Oracle MySQL 8.0 Security Technical Implementation Guide V-214068CAT IIThe audit information produced by PostgreSQL must be protected from unauthorized deletion.PostgreSQL 9.x Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-281050CAT IIRHEL 10 must enforce group ownership of audit logs by "root" or by a restricted logging group to prevent unauthorized read access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281051CAT IIRHEL 10 must enforce "root" ownership of the audit log directory to prevent unauthorized read access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281052CAT IIRHEL 10 must enforce "root" ownership of audit logs to prevent unauthorized access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281053CAT IIRHEL 10 must enforce group ownership by "root" or a restricted logging group for audit log files to prevent unauthorized access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281054CAT IIRHEL 10 must set mode "0600" or less permissive for the audit logs file to prevent unauthorized access to the audit log.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281055CAT IIRHEL 10 must enforce the audit log directory to have a mode of "0750" or less permissive to prevent unauthorized read access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281365CAT IIRHEL 10 must prevent unauthorized changes to the audit system.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-228564CAT IIThe Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-258165CAT IIRHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258166CAT IIRHEL 9 audit log directory must be owned by root to prevent unauthorized read access.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258167CAT IIRHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258228CAT IIRHEL 9 audit system must protect logon UIDs from unauthorized change.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258229CAT IIRHEL 9 audit system must protect auditing rules from unauthorized change.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257533CAT IIOpenShift must protect audit information from unauthorized modification.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-251204CAT IIThe audit information produced by Redis Enterprise DBMS must be protected from unauthorized deletion.Redis Enterprise 6.x Security Technical Implementation Guide V-275684CAT IIUbuntu OS must be configured to permit only authorized users ownership of the audit log files.Riverbed NetIM OS Security Technical Implementation Guide V-275685CAT IIUbuntu OS must permit only authorized groups ownership of the audit log files.Riverbed NetIM OS Security Technical Implementation Guide V-275686CAT IIUbuntu OS must be configured so that the audit log directory is not write-accessible by unauthorized users.Riverbed NetIM OS Security Technical Implementation Guide V-256079CAT IThe Riverbed NetProfiler must be configured to authenticate each administrator prior to authorizing privileges based on roles.Riverbed NetProfiler Security Technical Implementation Guide V-261418CAT IISLEM 5 must protect audit rules from unauthorized modification.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217202CAT IIThe SUSE operating system must protect audit rules from unauthorized modification.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-221935CAT IISplunk Enterprise installation directories must be secured.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251672CAT IISplunk Enterprise installation directories must be secured.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-279251CAT IThe Edge SWG must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Symantec Edge SWG NDM Security Technical Implementation Guide V-241126CAT IITrend Deep Security must protect audit information from unauthorized deletion.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-252977CAT IITOSS audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide