4.1 Configure System Accounting (auditd)
4.1.1.1 Ensure audit log storage size is configured (Not Scored)4.1.1.2 Ensure system is disabled when audit logs are full (Scored)4.1.1.3 Ensure audit logs are not automatically deleted (Scored)4.1.2 Ensure auditd service is enabled (Scored)4.1.3 Ensure auditing for processes that start prior to auditd is enabled (Scored)4.1.4 Ensure events that modify date and time information are collected (Scored)4.1.5 Ensure events that modify user/group information are collected (Scored)4.1.6 Ensure events that modify the system's network environment are collected (Scored)4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected (Scored)4.1.8 Ensure login and logout events are collected (Scored)4.1.9 Ensure session initiation information is collected (Scored)4.1.10 Ensure discretionary access control permission modification events are collected (Scored)4.1.11 Ensure unsuccessful unauthorized file access attempts are collected (Scored)
4.1.12 Ensure use of privileged commands is collected (Scored)
4.1.13 Ensure successful file system mounts are collected (Scored)4.1.14 Ensure file deletion events by users are collected (Scored)4.1.15 Ensure changes to system administration scope (sudoers) is collected (Scored)4.1.16 Ensure system administrator actions (sudolog) are collected (Scored)4.1.17 Ensure kernel module loading and unloading is collected (Scored)4.1.18 Ensure the audit configuration is immutable (Scored)
4.2 Configure Logging
4.2.1.1 Ensure rsyslog Service is enabled (Scored)
4.2.1.2 Ensure logging is configured (Not Scored)
4.2.1.3 Ensure rsyslog default file permissions configured (Scored)4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host (Scored)4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts (Not Scored)4.2.2.1 Ensure syslog-ng service is enabled (Scored)
4.2.2.2 Ensure logging is configured (Not Scored)
4.2.2.3 Ensure syslog-ng default file permissions configured (Scored)
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host (Not Scored)
4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts (Not Scored)4.2.3 Ensure rsyslog or syslog-ng is installed (Scored)4.2.4 Ensure permissions on all logfiles are configured (Scored)
4.1 Configure System Accounting (auditd) 4.1.1.1 Ensure audit log storage size is configured (Not Scored) 4.1.1.2 Ensure system is disabled when audit logs are full (Scored) 4.1.1.3 Ensure audit logs are not automatically deleted (Scored) 4.1.2 Ensure auditd service is enabled (Scored) 4.1.3 Ensure auditing for processes that start prior to auditd is enabled (Scored) 4.1.4 Ensure events that modify date and time information are collected (Scored) 4.1.5 Ensure events that modify user/group information are collected (Scored) 4.1.6 Ensure events that modify the system's network environment are collected (Scored) 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected (Scored) 4.1.8 Ensure login and logout events are collected (Scored) 4.1.9 Ensure session initiation information is collected (Scored) 4.1.10 Ensure discretionary access control permission modification events are collected (Scored) 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected (Scored) 4.1.12 Ensure use of privileged commands is collected (Scored) 4.1.13 Ensure successful file system mounts are collected (Scored) 4.1.14 Ensure file deletion events by users are collected (Scored) 4.1.15 Ensure changes to system administration scope (sudoers) is collected (Scored) 4.1.16 Ensure system administrator actions (sudolog) are collected (Scored) 4.1.17 Ensure kernel module loading and unloading is collected (Scored) 4.1.18 Ensure the audit configuration is immutable (Scored)
4.2 Configure Logging 4.2.1.1 Ensure rsyslog Service is enabled (Scored) 4.2.1.2 Ensure logging is configured (Not Scored) 4.2.1.3 Ensure rsyslog default file permissions configured (Scored) 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host (Scored) 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts (Not Scored) 4.2.2.1 Ensure syslog-ng service is enabled (Scored) 4.2.2.2 Ensure logging is configured (Not Scored) 4.2.2.3 Ensure syslog-ng default file permissions configured (Scored) 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host (Not Scored) 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts (Not Scored) 4.2.3 Ensure rsyslog or syslog-ng is installed (Scored) 4.2.4 Ensure permissions on all logfiles are configured (Scored)
4.3 Ensure logrotate is configured (Not Scored)