STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-12 — Audit Record Generation

CCI-000172

Definition

Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3.

Parent Control

AU-12Audit Record GenerationAudit and Accountability

Linked STIG Checks (200)

V-279055CAT IColdFusion must be using an enterprise solution for authentication.Adobe ColdFusion Security Technical Implementation Guide V-76483CAT IIIThe Akamai Luna Portal must generate audit records when successful/unsuccessful attempts to access privileges occur.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274017CAT IIAmazon Linux 2023 must have the audit package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274018CAT IIAmazon Linux 2023 must produce audit records containing information to establish what type of events occurred.Amazon Linux 2023 Security Technical Implementation Guide V-274081CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Amazon Linux 2023 Security Technical Implementation Guide V-274082CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Amazon Linux 2023 Security Technical Implementation Guide V-274083CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Amazon Linux 2023 Security Technical Implementation Guide V-274084CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Amazon Linux 2023 Security Technical Implementation Guide V-274085CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Amazon Linux 2023 Security Technical Implementation Guide V-274087CAT IIAmazon Linux 2023 must audit all uses of the chmod, fchmod, and fchmodat system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274088CAT IIAmazon Linux 2023 must audit all uses of the chown, fchown, fchownat, and lchown system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274089CAT IIAmazon Linux 2023 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274090CAT IIAmazon Linux 2023 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274091CAT IIAmazon Linux 2023 must audit all uses of the init_module and finit_module system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274092CAT IIAmazon Linux 2023 must audit all uses of the create_module system call.Amazon Linux 2023 Security Technical Implementation Guide V-274093CAT IIAmazon Linux 2023 must audit all uses of the kmod command.Amazon Linux 2023 Security Technical Implementation Guide V-274094CAT IIAmazon Linux 2023 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274095CAT IIAmazon Linux 2023 must audit all uses of the chcon command.Amazon Linux 2023 Security Technical Implementation Guide V-274096CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock.Amazon Linux 2023 Security Technical Implementation Guide V-274097CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.Amazon Linux 2023 Security Technical Implementation Guide V-274098CAT IIAmazon Linux 2023 must audit all uses of the init command.Amazon Linux 2023 Security Technical Implementation Guide V-274099CAT IIAmazon Linux 2023 must audit all uses of the reboot command.Amazon Linux 2023 Security Technical Implementation Guide V-274100CAT IIAmazon Linux 2023 must audit all uses of the shutdown command.Amazon Linux 2023 Security Technical Implementation Guide V-274104CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274105CAT IIAmazon Linux 2023 must audit all successful/unsuccessful uses of the chage command.Amazon Linux 2023 Security Technical Implementation Guide V-274112CAT IIAmazon Linux 2023 must audit all uses of the sudo command.Amazon Linux 2023 Security Technical Implementation Guide V-274113CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274114CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Amazon Linux 2023 Security Technical Implementation Guide V-274167CAT IIAmazon Linux 2023 must enable auditing of processes that start prior to the audit daemon.Amazon Linux 2023 Security Technical Implementation Guide V-274187CAT IIAmazon Linux 2023 audit system must protect logon user identifiers (UIDs) from unauthorized change.Amazon Linux 2023 Security Technical Implementation Guide V-268081CAT IINixOS must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.Anduril NixOS Security Technical Implementation Guide V-268091CAT IINixOS must generate audit records for all usage of privileged commands.Anduril NixOS Security Technical Implementation Guide V-268096CAT IISuccessful/unsuccessful uses of the init_module, finit_module, and delete_module system calls in NixOS must generate an audit record.Anduril NixOS Security Technical Implementation Guide V-268098CAT IINixOS must generate an audit record for successful/unsuccessful uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.Anduril NixOS Security Technical Implementation Guide V-268100CAT IISuccessful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls in NixOS must generate an audit record.Anduril NixOS Security Technical Implementation Guide V-268163CAT IINixOS must generate audit records when successful/unsuccessful attempts to modify security objects occur.Anduril NixOS Security Technical Implementation Guide V-268164CAT IINixOS must generate audit records when successful/unsuccessful attempts to delete privileges occur.Anduril NixOS Security Technical Implementation Guide V-268165CAT IINixOS must generate audit records when successful/unsuccessful attempts to delete security objects occur.Anduril NixOS Security Technical Implementation Guide V-268166CAT IINixOS must generate audit records when concurrent logons to the same account occur from different sources.Anduril NixOS Security Technical Implementation Guide V-268167CAT IINixOS must generate audit records for all account creations, modifications, disabling, and termination events.Anduril NixOS Security Technical Implementation Guide V-222930CAT IIAccessLogValve must be configured for each application context.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222938CAT IIAccessLogValve must be configured per each virtual host.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222997CAT IIAccessLogValve must be configured for Catalina engine.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222998CAT IIChanges to $CATALINA_HOME/bin/ folder must be logged.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222999CAT IIChanges to $CATALINA_BASE/conf/ folder must be logged.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-223000CAT IIChanges to $CATALINA_HOME/lib/ folder must be logged.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252462CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252463CAT IIThe macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252472CAT IIThe macOS system must audit the enforcement actions used to restrict access associated with changes to the system.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252476CAT IIThe macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257168CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257169CAT IIThe macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257178CAT IIThe macOS system must audit the enforcement actions used to restrict access associated with changes to the system.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257182CAT IIThe macOS system must generate audit records for DOD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259466CAT IIThe macOS system must be configured to audit all failed program execution on the system.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259470CAT IIThe macOS system must configure the system to audit all authorization and authentication events.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268451CAT IIThe macOS system must configure sudo to log events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268452CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268453CAT IIThe macOS system must be configured to audit all login and logout events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268454CAT IIThe macOS system must enable security auditing.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268462CAT IIThe macOS system must be configured to audit all deletions of object attributes.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268463CAT IIThe macOS system must be configured to audit all changes of object attributes.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268464CAT IIThe macOS system must be configured to audit all failed read actions on the system.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268465CAT IIThe macOS system must be configured to audit all failed write actions on the system.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268470CAT IIThe macOS system must be configured to audit all authorization and authentication events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-269094CAT IIThe macOS system must be configured to audit all failed program execution on the system.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277059CAT IIThe macOS system must configure sudo to log events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277060CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277061CAT IIThe macOS system must be configured to audit all login and logout events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277062CAT IIThe macOS system must enable security auditing.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277069CAT IIThe macOS system must be configured to audit all deletions of object attributes.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277070CAT IIThe macOS system must be configured to audit all changes of object attributes.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277071CAT IIThe macOS system must be configured to audit all failed read actions on the system.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277072CAT IIThe macOS system must be configured to audit all failed write actions on the system.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277073CAT IIThe macOS system must be configured to audit all failed program execution on the system.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277077CAT IIThe macOS system must be configured to audit all authorization and authentication events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-205029CAT IIThe ALG must generate audit records when successful/unsuccessful attempts to access security objects occur.Application Layer Gateway Security Requirements Guide V-205030CAT IIThe ALG that is part of a CDS must generate audit records when successful/unsuccessful attempts to access security levels occur.Application Layer Gateway Security Requirements Guide V-205031CAT IIThe ALG must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.Application Layer Gateway Security Requirements Guide V-205032CAT IIThe ALG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to modify privileges occur.Application Layer Gateway Security Requirements Guide V-205033CAT IIThe ALG must generate audit records when successful/unsuccessful attempts to modify security objects occur.Application Layer Gateway Security Requirements Guide V-205034CAT IIThe ALG must generate audit records when successful/unsuccessful attempts to modify security levels occur.Application Layer Gateway Security Requirements Guide V-205035CAT IIThe ALG must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.Application Layer Gateway Security Requirements Guide V-205036CAT IIThe ALG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to delete privileges occur.Application Layer Gateway Security Requirements Guide V-205037CAT IIThe ALG must generate audit records when successful/unsuccessful attempts to delete security levels occur.Application Layer Gateway Security Requirements Guide V-205038CAT IIThe ALG must generate audit records when successful/unsuccessful attempts to delete security objects occur.Application Layer Gateway Security Requirements Guide V-205039CAT IIThe ALG must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur.Application Layer Gateway Security Requirements Guide V-205040CAT IIThe ALG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur.Application Layer Gateway Security Requirements Guide V-205041CAT IIThe ALG providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system.Application Layer Gateway Security Requirements Guide V-205051CAT IIThe ALG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to access privileges occur.Application Layer Gateway Security Requirements Guide V-274519CAT IIThe API Gateway must generate audit records when successful/unsuccessful attempts to access privileges occur.Application Programming Interface (API) Security Requirements Guide V-274520CAT IIThe API must generate audit records when successful/unsuccessful attempts to access privileges occur.Application Programming Interface (API) Security Requirements Guide V-222450CAT IIThe application must generate audit records when successful/unsuccessful attempts to grant privileges occur.Application Security and Development Security Technical Implementation Guide V-222451CAT IIThe application must generate audit records when successful/unsuccessful attempts to access security objects occur.Application Security and Development Security Technical Implementation Guide V-222452CAT IIThe application must generate audit records when successful/unsuccessful attempts to access security levels occur.Application Security and Development Security Technical Implementation Guide V-222453CAT IIThe application must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.Application Security and Development Security Technical Implementation Guide V-222454CAT IIThe application must generate audit records when successful/unsuccessful attempts to modify privileges occur.Application Security and Development Security Technical Implementation Guide V-222455CAT IIThe application must generate audit records when successful/unsuccessful attempts to modify security objects occur.Application Security and Development Security Technical Implementation Guide V-222456CAT IIThe application must generate audit records when successful/unsuccessful attempts to modify security levels occur.Application Security and Development Security Technical Implementation Guide V-222457CAT IIThe application must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.Application Security and Development Security Technical Implementation Guide V-222458CAT IIThe application must generate audit records when successful/unsuccessful attempts to delete privileges occur.Application Security and Development Security Technical Implementation Guide V-222459CAT IIThe application must generate audit records when successful/unsuccessful attempts to delete security levels occur.Application Security and Development Security Technical Implementation Guide V-222460CAT IIThe application must generate audit records when successful/unsuccessful attempts to delete application database security objects occur.Application Security and Development Security Technical Implementation Guide V-222461CAT IIThe application must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur.Application Security and Development Security Technical Implementation Guide V-222462CAT IIThe application must generate audit records when successful/unsuccessful logon attempts occur.Application Security and Development Security Technical Implementation Guide V-222463CAT IIThe application must generate audit records for privileged activities or other system-level access.Application Security and Development Security Technical Implementation Guide V-222464CAT IIThe application must generate audit records showing starting and ending time for user access to the system.Application Security and Development Security Technical Implementation Guide V-222465CAT IIThe application must generate audit records when successful/unsuccessful accesses to objects occur.Application Security and Development Security Technical Implementation Guide V-222466CAT IIThe application must generate audit records for all direct access to the information system.Application Security and Development Security Technical Implementation Guide V-222467CAT IIThe application must generate audit records for all account creations, modifications, disabling, and termination events.Application Security and Development Security Technical Implementation Guide V-222672CAT IIIThe application must generate audit records when concurrent logons from different workstations occur.Application Security and Development Security Technical Implementation Guide V-204719CAT IIThe application server must generate log records when successful/unsuccessful attempts to access subject privileges occur.Application Server Security Requirements Guide V-204824CAT IIThe application server must generate log records when successful/unsuccessful attempts to modify privileges occur.Application Server Security Requirements Guide V-204825CAT IIThe application server must generate log records when successful/unsuccessful attempts to delete privileges occur.Application Server Security Requirements Guide V-204826CAT IIThe application server must generate log records when successful/unsuccessful logon attempts occur.Application Server Security Requirements Guide V-204827CAT IIThe application server must generate log records for privileged activities.Application Server Security Requirements Guide V-204828CAT IIThe application must generate log records showing starting and ending times for user access to the application server management interface.Application Server Security Requirements Guide V-204829CAT IIThe application server must generate log records when concurrent logons from different workstations occur to the application server management interface.Application Server Security Requirements Guide V-204830CAT IIThe application server must generate log records for all account creations, modifications, disabling, and termination events.Application Server Security Requirements Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-217362CAT IIIThe Arista Multilayer Switch must generate audit records when successful/unsuccessful attempts to access privileges occur.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-217371CAT IIThe Arista Multilayer Switch must generate audit records for privileged activities or other system-level access.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-217372CAT IIThe Arista Multilayer Switch must generate audit records showing starting and ending time for administrator access to the system.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-217373CAT IIThe Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255951CAT IIThe Arista network device must be configured to audit all administrator activity.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-255962CAT IIThe Arista network device must be configured to capture all DOD auditable events.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-272418CAT IIIn the event of an error when validating the binding of other DNS servers' identity to the BIND 9.x information, when anomalies in the operation of the signed zone transfers are discovered, for the success and failure of start and stop of the name server service or daemon, and for the success and failure of all name server events, a BIND 9.x server implementation must generate a log entry.BIND 9.x Security Technical Implementation Guide V-237412CAT IIThe CA API Gateway providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur.CA API Gateway ALG Security Technical Implementation Guide V-237413CAT IIThe CA API Gateway providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system.CA API Gateway ALG Security Technical Implementation Guide V-255522CAT IIThe CA API Gateway must generate audit records when successful/unsuccessful logon attempts occur.CA API Gateway NDM Security Technical Implementation Guide V-255523CAT IIThe CA API Gateway must generate audit records showing starting and ending time for administrator access to the system.CA API Gateway NDM Security Technical Implementation Guide V-255524CAT IIThe CA API Gateway must generate audit records when concurrent logons from different workstations occur.CA API Gateway NDM Security Technical Implementation Guide V-219213CAT IIThe Ubuntu operating system must generate audit records for the use and modification of the tallylog file.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219214CAT IIThe Ubuntu operating system must generate audit records for the use and modification of faillog file.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219215CAT IIThe Ubuntu operating system must generate audit records for the use and modification of the lastlog file.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219216CAT IIThe Ubuntu operating system must generate audit records for privileged activities or other system-level access.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219217CAT IIThe Ubuntu operating system must generate audit records for the /var/log/wtmp file.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219218CAT IIThe Ubuntu operating system must generate audit records for the /var/run/utmp file.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219219CAT IIThe Ubuntu operating system must generate audit records for the /var/log/btmp file.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219220CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219221CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219222CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219223CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219224CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219225CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219238CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219239CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219240CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219241CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219242CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219243CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219244CAT IIThe Ubuntu operating system must generate audit records for any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219250CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219254CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219257CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219263CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219264CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219265CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219266CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219267CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219268CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219269CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219270CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219271CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the passwd command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219272CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219273CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219274CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219275CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the usermod command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219276CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the crontab command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219277CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219287CAT IIThe Ubuntu operating system must generate audit records upon successful/unsuccessful use of unlink, unlinkat, rename, renameat, and rmdir system calls.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219296CAT IIThe Ubuntu operating system must generate records for successful/unsuccessful uses of init_module or finit_module syscalls.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219297CAT IIThe Ubuntu operating system must generate records for successful/unsuccessful uses of delete_module syscall and when unloading dynamic kernel modules.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219298CAT IIThe Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use modprobe command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219299CAT IIThe Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the kmod command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219300CAT IIThe Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the fdisk command.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238238CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238239CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238240CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238241CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238242CAT IIThe Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238252CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238253CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238254CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238255CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238256CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238257CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238258CAT IIThe Ubuntu operating system must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238264CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238268CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238271CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238277CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238278CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238279CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238280CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238281CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238282CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238283CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238284CAT IIThe Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide